Go back to
642-552 - SND - Securing Cisco Network Devices Exam
Which of these is true regarding IKE Phase 2?
The SAs used by IPsec are unidirectional, so a separate key exchange is required for each data flow.
Either main or aggressive mode can be used to establish the SAs.
Quick mode is used to establish the unidirectional IKE SA and the bidirectional IPsec SAs.
XAUTH can be optionally used to reauthenticate the IPsec peers.
The Diffie-Hellman protocol is used to exchange the public and private keys between the two IPsec peers.
Want to practice for 642-552 - SND - Securing Cisco Network Devices Exam ?