Learn how Cisco ACI uses IPsec to encrypt communication between sites over TEP addresses in a Multi-Site deployment. Ensure secure intersite connectivity for your ACI fabric.
Table of Contents
Question
Which Cisco ACI feature allows the encryption of communication over TEP addresses connecting sites via the intersite network in a Cisco Multi-Site deployment?
A. TrustSec
B. IPsec
C. MACsec
D. CloudSec
Answer
B. IPsec
Explanation
In a Cisco ACI Multi-Site deployment, the Intersite Policy Manager (ISPM) allows you to configure IPsec tunnels to encrypt communication between sites over the intersite network. Each site is represented by a TEP (Tunnel Endpoint) address.
IPsec authenticates and encrypts each IP packet of a communication session between the TEPs connecting the ACI sites. It provides data integrity, anti-replay protection, and confidentiality for the traffic flowing between the sites across the intersite network, preventing unauthorized interception.
The other options are incorrect:
A) TrustSec is used for role-based access control within a site, not for intersite encryption.
C) MACsec provides hop-by-hop encryption between directly connected devices, but doesn’t work over a routed intersite network.
D) CloudSec is not an actual Cisco encryption technology.
So in summary, configuring IPsec tunnels between TEPs is what enables secure encrypted communication for traffic flowing between ACI sites over the intersite network in a Cisco ACI Multi-Site architecture. This is an important aspect of ensuring the security and integrity of inter-site connectivity in an extended ACI fabric.
Cisco 300-620 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco 300-620 exam and earn Cisco 300-620 certification.