Question 161 of 530 from exam 400-251: CCIE Security written exam

Question 161 of 530 from exam 400-251: CCIE Security written exam

Prev Question Next Question


Which current RFC made RFCs 2409, 2407, and 2408 obsolete?



Click on the arrows to vote for the correct answer

A. B. C. D. E.


The correct answer is C. RFC 5996.

RFCs 2409, 2407, and 2408 were related to the Internet Key Exchange (IKE) protocol used in IPsec VPNs. IKE is responsible for negotiating the security association between two endpoints and establishing a secure tunnel for encrypted communication.

RFC 2409 was the initial standard for IKEv1, which was widely used in the industry for a long time. However, it had some weaknesses and limitations that were addressed in subsequent RFCs.

RFC 2407 introduced a mechanism for negotiating IPsec security associations based on a set of security protocols, known as the Security Association Negotiation (SAN) protocol. RFC 2408 specified the format for IKE messages and the overall IKE protocol architecture.

RFC 4306 was published in 2005 and introduced IKEv2, which addressed many of the limitations of IKEv1 and added new features, such as support for NAT traversal and improved authentication methods.

RFC 2401 was the initial IPsec standard, which defined the protocol framework and the requirements for security services, such as confidentiality, integrity, and authentication. It was later updated by RFC 4301, which introduced new cryptographic algorithms and security mechanisms.

RFC 1825 is unrelated to IPsec or IKE and is instead focused on the security of cryptographic hash functions.

Finally, RFC 5996 was published in 2010 and made RFCs 2409, 2407, and 2408 obsolete by defining a new standard for IKEv2. It also updated the IPsec protocol framework defined in RFC 2401/4301 and introduced new features and improvements.

Therefore, the correct answer is C. RFC 5996.

Prev Question Next Question