Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)
A. certificates
B. transport locations
C. authentication headers
D. encapsulation security payload
E. TPM chip
Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)
A. certificates
B. transport locations
C. authentication headers
D. encapsulation security payload
E. TPM chip
C , D
ESP and AH
Integrity—To guarantee that data traffic is transmitted across the network without being tampered with, the data plane implements several mechanisms from the IPsec security protocol suite:
The ESP protocol encapsulates the payload of data packets.
The HMAC-SHA1 algorithm, which is used by the IPsec AH protocol, combines a keyed-hash authentication code with SHA-1 cryptography to ensure data integrity. AH encapsulates the non-mutable fields in the outer IP header and the payload of data packets. You can configure the integrity methods supported on each vEdge router, and this information is exchanged in the router’s TLOC properties. If two vEdge peers advertise different authentication types, they negotiate the type to use, choosing the strongest method.
The anti-replay scheme protects against attacks in which an attacker duplicates encrypted packets.