CCDE: Cisco Certified Design Expert (Practical) — Question 116

Company XYZ has designed their network to run GRE over IPsec on their Internet-based VPN to connect two sites. Which IPsec tunneling feature can they enable to optimize the data flow while ensuring that the headers contain no duplicate IP addresses?

Answer options

• A. Tunnel Mode in IPsec Phase I
• B. Transport Mode in IPsec Phase I
• C. Transport Mode in IPsec Phase II
• D. Tunnel Mode in IPsec Phase II

Correct answer: C

Explanation

The correct answer is C, as Transport Mode in IPsec Phase II allows for efficient data transfer while ensuring that the original IP headers are preserved, avoiding duplicate IP addresses. Options A and B are incorrect because they refer to Phase I, which handles key exchange rather than data flow. Option D is incorrect since Tunnel Mode in Phase II does not optimize the data flow in the same manner as Transport Mode.