A network administrator is troubleshooting an issue with Phase 2 of an IPSec VPN tunnel. The administrator determines that the lifetime needs to be changed to match the peer.
Where should this change be made?
A network administrator is troubleshooting an issue with Phase 2 of an IPSec VPN tunnel. The administrator determines that the lifetime needs to be changed to match the peer.
Where should this change be made?
The lifetime setting for Phase 2 of an IPSec VPN tunnel needs to be changed in the IPSec Crypto profile. The IPSec Crypto profile is responsible for defining how data is encrypted and authenticated in the VPN tunnel during Phase 2. It includes parameters such as encryption algorithms, authentication algorithms, Diffie-Hellman groups, and the lifetime of the keys, which specifies how long the keys are valid for securing the actual data traffic through the IPSec tunnel.
B: Details for both phases of IKE: The **IKE crypto profile** is used to set up the encryption and authentication algorithms used for the key exchange process in IKE Phase 1, and lifetime of the keys, which specifies how long the keys are valid. To invoke the profile, you must attach it to the IKE Gateway configuration. The **IPSec crypto profile** is invoked in IKE Phase 2. It specifies how the data is secured within the tunnel when Auto Key IKE is used to automatically generate keys for the IKE SAs.
Yes, should be B
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/vpns/set-up-site-to-site-vpn/define-cryptographic-profiles/define-ipsec-crypto-profiles
It's obviously B. I really don't understand how the creators are doing so many mistakes on the questions... even in simple ones
B chrisy042's link
B chrisy042's link explains
B is correct
contains - ESP/AH , Encryption , Authentication , DH Group ,Lifetime and Lifesize
B for phase 2 ....... - For securing communication across the VPN tunnel, the firewall requires IKE and IPSec cryptographic profiles for completing IKE phase 1 and phase 2 negotiations, respectively.