Which IPsec mode is used to encapsulate SD-WAN data plane tunnels?

Study for the CCNP Software-Defined Wide Area Network (SD-WAN) Exam. Master key concepts with flashcards and multiple choice questions, each complete with hints and explanations. Gear up to ace your exam!

Multiple Choice

Which IPsec mode is used to encapsulate SD-WAN data plane tunnels?

Explanation:
Encapsulating SD-WAN data plane tunnels uses tunnel mode because this mode encrypts and authenticates the entire original IP packet and wraps it inside a new IP packet with a fresh header that identifies the tunnel endpoints. The outer header is what routes the traffic across the WAN, while the inner packet remains protected as it travels through untrusted networks. This setup is essential for SD-WAN where edge devices form secure tunnels between themselves over an underlay network. Transport mode would only protect the payload and leave the original IP header exposed, which isn’t suitable for building a tunneled path between SD-WAN peers. Modes like in-line or cipher mode aren’t standard IPsec modes used to encapsulate data-plane tunnels.

Encapsulating SD-WAN data plane tunnels uses tunnel mode because this mode encrypts and authenticates the entire original IP packet and wraps it inside a new IP packet with a fresh header that identifies the tunnel endpoints. The outer header is what routes the traffic across the WAN, while the inner packet remains protected as it travels through untrusted networks. This setup is essential for SD-WAN where edge devices form secure tunnels between themselves over an underlay network. Transport mode would only protect the payload and leave the original IP header exposed, which isn’t suitable for building a tunneled path between SD-WAN peers. Modes like in-line or cipher mode aren’t standard IPsec modes used to encapsulate data-plane tunnels.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy