The IPsec-proposal configuration option is typically associated with IKEv1-based VPNs. In IKEv1 (Internet Key Exchange version 1) VPNs, the IPsec proposal defines the combination of encryption, integrity, and authentication algorithms that will be used to protect the data traffic.
In the context of IKEv2 (Internet Key Exchange version 2), the concept of proposals still exists, but it is often more flexible and simplified compared to IKEv1. IKEv2 introduces the concept of a "transform set" that includes multiple proposals, allowing for a more dynamic negotiation of cryptographic algorithms during the IKEv2 exchange.
So, if you are dealing with a VPN technology that specifically requires the use of the IPsec-proposal configuration option, it is more likely associated with IKEv1-based VPNs.
you are correct when seen from proposals. But have a look at how Cisco place it.
Step 1
Configure an IKEv1 transform set that specifies the IPsec IKEv1 encryption and hash algorithms to be used to ensure data integrity.
crypto ipsec ikev1 transform-set transform-set-name encryption-method [authentication]
Use one of the following values for encryption:
======Ikev2=========================
Configure an IKEv2 proposal set that specifies the IPsec IKEv2 protocol, encryption, and integrity algorithms to be used.
esp specifies the Encapsulating Security Payload (ESP) IPsec protocol (currently the only supported protocol for IPsec).
crypto ipsec ikev2 ipsec-proposal proposal_name
so its IKEv2 ( ipsec-proposal proposal_name).
Configure an IKEv2 proposal set that specifies the IPsec IKEv2 protocol, encryption, and integrity algorithms to be used.
esp specifies the Encapsulating Security Payload (ESP) IPsec protocol (currently the only supported protocol for IPsec).
crypto ipsec ikev2 ipsec-proposal
C is correct. The IPsec-proposal configuration option is used to specify the encryption, integrity, and authentication algorithms that will be used in the IPsec protocol. In the case of IKEv2-based VPN, this option is used to configure the IPsec security associations (SA) that will be established between the VPN client and the VPN gateway during IKEv2 negotiation. IKEv2 uses IPsec as its underlying encryption and authentication protocol, so the IPsec-proposal configuration is essential to establishing a secure VPN tunnel using IKEv2
This section is not available anymore. Please use the main Exam Page.300-730 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kylesam2017
10 months, 2 weeks agoshadow2020
9 months, 4 weeks agogondohwe
11 months, 4 weeks agoToni_Su91
1 year, 4 months agoNet4dd
1 year, 8 months agoTiptonlad
1 year, 9 months agomazinhoo
1 year, 9 months ago