| 1. | Why is manual-ipsec not recommended by Cisco? |
| 2. | What is the difference between an access VPN and an intranet VPN? |
| 3. | Which hash algorithm is configured by default for phase 1? |
| 4. | What are the two methods of identifying SA peers? |
| 5. | What happens if you have different ISAKMP policies configured on your potential SA peers, and none of them match? |
| 6. | Where do you define your authentication method? |
| 7. | What is the default lifetime if not defined in isakmp policy? |
| 8. | Do your transform sets have to match exactly on each peer? |
| 9. | What is the difference between the isakmp lifetime and the crypto map lifetime? |
| 10. | What command do you use to delete any active SAs? |
| 11. | What is the command for defining a preshared key? |
| 12. | What is the first thing you should check if you are unable to establish a VPN? |
| 13. | What is the command to apply an access list to a crypto map? |
| 14. | What is the difference between ESP and AH? |