An administrator has chosen IPsec to encrypt DMVPN tunnels used to connect remote sites. How does the IPsec AH protocol differ from the IPsec ESP protocol?

An administrator has chosen IPsec to encrypt DMVPN tunnels used to connect remote sites. How does the IPsec AH protocol differ from the IPsec ESP protocol?

• The AH protocol supports the DES and 3DES algorithms, but the ESP protocol only supports the AES algorithm.
• The AH protocol does not support encryption, but the ESP protocol does.
• The AH protocol does not support authentication, but the ESP protocol does.
• The AH protocol uses MD5, while the ESP protocol uses the SHA algorithm.

Explanation: IPsec uses two protocols to provide data integrity and confidentiality, the IP authentication header (AH) and the encapsulating security payload (ESP). AH provides integrity and authentication but does not provide encryption. AH ensures that the original data packet has not been modified during transport but is does not encrypt data to ensure it is viewable only by authorized users. ESP provides confidentiality, integrity, and authentication. ESP maintains data confidentiality by encrypting the payload and adding a new set of headers during transport across a public network.

Exam with this question: CCNP ENARSI v8 Certification Practice Exam