| 1:
| What are the two modes that can be used during IKE phase 1 negotiation? |
| A1:
| Answer: Main mode and aggressive mode. |
| 2:
| What mode is used during IKE phase 2 negotiation? |
| A2:
| Answer: Quick mode. |
| 3:
| How many messages are exchanged during main mode negotiation? |
| A3:
| Answer: Six messages are exchanged. |
| 4:
| How many messages are exchanged during quick mode negotiation? |
| A4:
| Answer: Three messages are exchanged. |
| 5:
| Which messages are used for peer authentication during main mode negotiation? |
| A5:
| Answer: Messages five and six. |
| 6:
| If an error occurs during IKE negotiation, what type of payload can be sent to inform the peer of the error? |
| A6:
| Answer: A Notify payload. |
| 7:
| If main mode negotiation fails during the exchange of the first two messages, what is likely to be the issue? |
| A7:
| Answer: An IKE policy proposal has been rejected. |
| 8:
| What are the three ways that one IPSec peer can authenticate another during IKE negotiation? |
| A8:
| Answer: Preshared keys, RSA signatures, and RSA encrypted nonces. |
| 9:
| How many messages are exchanged during IKE aggressive mode? |
| A9:
| Answer: Three messages. |
| 10:
| How is aggressive mode negotiation supported on Cisco IOS routers? |
| A10:
| Answer: Before Cisco IOS Software Release 12.2(8)T, Cisco IOS routers supported aggressive mode negotiation in the role of a responder only. In Cisco IOS 12.2(8)T, the capability to initiate aggressive mode negotiation was added. Note, however, that the default mode when initiating IKE phase negotiation remains main mode. |
