Comparing and contrasting IKEv1 and IKEv2, which three statements are true? (Choose three.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.ADE.
IKE (Internet Key Exchange) is a protocol used to establish a secure VPN (Virtual Private Network) tunnel. It is responsible for negotiating the security parameters, key exchange, and authentication for IPSec (Internet Protocol Security) communication. There are two versions of IKE, IKEv1, and IKEv2, each with their own features and capabilities.
A. IKEv2 adds EAP as a method of authentication for clients; IKEv1 does not use EAP. This statement is true. In IKEv2, EAP (Extensible Authentication Protocol) is added as a method of authentication for clients, while in IKEv1, EAP is not used. EAP is a widely used authentication method and provides more flexibility than the authentication methods used in IKEv1.
B. IKEv1 and IKEv2 endpoints indicate support for NAT-T via the vendor_ID payload. This statement is true. Both IKEv1 and IKEv2 endpoints indicate support for NAT-T (Network Address Translation Traversal) via the vendor_ID payload. NAT-T is used to allow VPN traffic to pass through NAT devices without being modified.
C. IKEv2 and IKEv1 always ensure protection of the identities of the peers during the negotiation process. This statement is true. Both IKEv1 and IKEv2 always ensure protection of the identities of the peers during the negotiation process. This is achieved through the use of encryption and hashing algorithms.
D. IKEv2 provides user authentication via the IKE_AUTH exchange; IKEv1 uses the XAUTH exchange. This statement is true. In IKEv2, user authentication is provided via the IKE_AUTH exchange, while in IKEv1, user authentication is provided via the XAUTH exchange. XAUTH is an extension to IKEv1 that provides user authentication.
E. IKEv1 and IKEv2 both use INITIAL_CONTACT to synchronize SAs. This statement is false. IKEv2 uses INITIAL_CONTACT to synchronize SAs, while IKEv1 does not.
F. IKEv1 supports config mode via the SET/ACK and REQUEST/RESPONSE methods; IKEv2 supports only REQUEST/RESPONSE. This statement is true. IKEv1 supports config mode via the SET/ACK and REQUEST/RESPONSE methods, while IKEv2 only supports the REQUEST/RESPONSE method. Config mode is used to negotiate additional configuration information between the IKE peers.