When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites?
- after the tunnel is created, but before traffic is sent
- only during Phase 2
- only during Phase 1
- during both Phase 1 and 2
Explanation: As seen in the 8.4.1.1 Figure, an IPsec VPN connection creates two SAs: (1) at the completion of the IKE Phase 1 once the peers negotiate the IKE SA policy, and (2) at the end of IKE Phase 2 after the transform sets are negotiated.
Exam with this question: CCNA Security Chapter 8 Exam Answers
Exam with this question: CCNA Security Certification Practice Exam Answers
Please login or Register to submit your answer