Which two statements about IKE version 2 fragmentation are true? (Choose two.)
Which two statements about IKE version 2 fragmentation are true? (Choose two.)
Only some IKE version 2 packets are considered fragmentable and the reassembly timeout default value is 30 seconds. Fragmentation of IKEv2 packets is typically done to address issues with payloads that exceed the IP MTU size, ensuring the packets can pass through network devices more reliably.
A and C are correct. See page 300 in the Enterprise Firewall 7.2 Study Guide: A: Only some IKEv2 packets are considered fragmentable: AUTH, CREATE_CHILD_SA, and some INFORMATIONAL. C: Page 299 in Study Guide: If fragmentation occurs at the IP layer, during the IKEv2 connection, it is possible that payload sizes may exceed the IP MTU and packets get fragmented. Now, on page 300, it is indeed stated that fragmentation is performed on the IKE-layer to solve the issues raised with Fragmentation on the IP-layer. This is supported on IKEv2 with IKEv2 fragmentation support: config vpn ipsec-phase1-$interface set ike-version 2 set fragmentation enable | disable set fragmentation-mtu $size Bottom line; somewhat tricky question, at least with regards to it requesting two answers, and i definitely isn't B or D.
A and C are correct
A: Only some IKEv2 packets are considered fragmentable: AUTH, CREATE_CHILD_SA, and some INFORMATIONAL. B: Reassembly timeout is 15 seconds, not 30 seconds. C: Check the question and the Study guide. IKEv2 fragmentation does happen in the IP layer, and IKEv2 fragmentation "SUPPORT" happens at the IKE layer instead of the IP layer. D: The maximum number of IKEv2 fragments is 64, not 128
The answer is BC
The answer is AC
The answer is A (page 300) C (page 299) Enterprise_Firewall_7.2_Study_Guide
only A is correct imho A -> yes, study guide p. 300 B -> reassembly timeout 15 sec, not 30 C -> nope, fragmentation is done at IKE layer, not IP! (To not be blocked by firewalls) D -> nope, the max number is 64 (p. 300 study guide)
regarding C: it could be right if ikev2 fragmentation support is not configured
Answer should be A only, but it requires 2 answers so it's AC ... p300 : A correct : "Only some packets are considered fragmentable." C wrong : "With IKEv2 fragmentation support, the fragmentation occurs at the IKE layer instead of the IP layer." BUT if set fragmentation is set to disable, then answer C could be right .... BD wrong : "The maximum number of IKEv2 fragments are 64, and the reassembly timeout is 15 seconds."
only one anwer is right . A study guide page 300