| A1:
| Answer: The session keys are manually coded and never change. |
| A2:
| Answer: Access VPNs require VPN client software on the remote machine and intranet VPNs do not. |
| A3:
| Answer: SHA-1 |
| A4:
| Answer: By IP address or host name |
| A5:
| Answer: They will not be able to negotiate the connection. |
| A6:
| Answer: isakmp policy |
| A7:
| Answer: 86,400 seconds |
| A8:
| Answer: No, the peers will continue to go through the transforms until they find a match. If there is no match, they will be unable to negotiate the connection. |
| A9:
| Answer: isakmp lifetime initiates a renegotiation of IKE based on time only; the crypto map lifetime initiates a renegotiation of the IPSec SA based on time or the amount of traffic the passes through the connection (in kilobytes). |
| A10:
| Answer: clear crypto isakmp sa |
| A11:
| Answer: isakmp key string address peer-address netmask peer netmask |
| A12:
| Answer: You should verify connectivity prior to attempting to establish the VPN. If you have connectivity but cannot establish the VPN, you should verify that the configuration of the peers matches. |
| A13:
| Answer: crypto map map-name seq-num match address acl-name |
| A14:
| Answer: AH does only header authentication; ESP can perform authentication of the header and the data as well as encryption. |