Question 3
There are four exchanges during IKEv2 negotiation.
Which sequence is correct?
IKE_Proposal, ID_Auth, PiggyBack_CHILD and Informational
lnit_Req, Wait_lnit_Req, ID_Auth_Req and Create_CHILD_SA
INIT_Re, INIT_Auth, ID_Child and SET_Nonce
IKE_SAJNIT, IKE_Auth, Create_CHILD_SA and Informational
Correct answer: D
Explanation:
IKE_SA_INIT:This is the first exchange in IKEv2. It establishes a secure, authenticated channel between peers and negotiates cryptographic algorithms and keys.IKE_Auth:The second exchange authenticates the IKE SA (Security Association) using the previously negotiated keys and algorithms. This exchange also establishes the first IPsec SA.Create_CHILD_SA:This exchange creates additional IPsec SAs after the initial authentication. It can also be used to rekey existing IPsec SAs to maintain security.Informational:This is a generic exchange used for various purposes such as error notification, deletion of SAs, and other control messages.Fortinet Community: IKEv2 packet exchanges and troubleshootingFortinet Documentation: IPsec VPN Concepts
IKE_SA_INIT:
This is the first exchange in IKEv2. It establishes a secure, authenticated channel between peers and negotiates cryptographic algorithms and keys.
IKE_Auth:
The second exchange authenticates the IKE SA (Security Association) using the previously negotiated keys and algorithms. This exchange also establishes the first IPsec SA.
Create_CHILD_SA:
This exchange creates additional IPsec SAs after the initial authentication. It can also be used to rekey existing IPsec SAs to maintain security.
Informational:
This is a generic exchange used for various purposes such as error notification, deletion of SAs, and other control messages.
Fortinet Community: IKEv2 packet exchanges and troubleshooting
Fortinet Documentation: IPsec VPN Concepts