CCDE: Cisco Certified Design Expert (Practical) — Question 107

SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways.
Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?

Answer options

• A. DTLS
• B. TLS
• C. IPsec
• D. GRE

Correct answer: C

Explanation

IPsec is designed to secure Internet Protocol communications by authenticating and encrypting each IP packet in a communication session, making it suitable for use over unreliable networks and behind NAT gateways. DTLS and TLS are primarily focused on securing transport layer communications, while GRE does not provide encryption, making them less suitable for the requirements of SDWAN in this context.