Implementing Cisco Secure Mobility Solutions (SIMOS, legacy) — Question 46

When implementing GET VPN, which of these is a characteristic of GDOI IKE?

Answer options

• A. GDOI IKE sessions are established between all peers in the network
• B. GDOI IKE uses UDP port 500
• C. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy
• D. Each pair of peers has a private set of IPsec security associations that is only shared between the two peers

Correct answer: C

Explanation

The correct answer is C because once a group member authenticates to the key server and retrieves the group policy, the security associations are no longer needed to persist among the members. Option A is incorrect as GDOI IKE does not require sessions among all peers, B is wrong since GDOI IKE does not use UDP port 500 for its operations, and D is incorrect because GDOI IKE does not involve private IPsec security associations shared only between two peers.