A network administrator has been tasked with implementing an IKEv2 tunnel from a remote site to a headquarter site. For security reasons, all traffic from the remote site must be sent across the tunnel, including traffic destined to the internet. Both sites are using a Cisco ASA firewall and are capable of running IKEv2.
Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?
| A. |
An access-list must be configured on the outside interface to permit inbound VPN traffic | |
| B. |
A route to 192.168.22.0/24 will not be automatically installed in the routing table | |
| C. |
The ASA will use a window of 128 packets (64x2) to perform the anti-replay check | |
| D. |
The tunnel can also be established on TCP port 10000 |
Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size.
The IPsec Anti-Replay Window:
Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.