nerdexam
Exams200-301Questions#1694
CiscoCisco

200-301 · Question #1694

200-301 Question #1694: Real Exam Question with Answer & Explanation

The correct answer is C: It inserts a new IPsec header with new IP address.. It inserts a new IPsec header with a new IP address. In tunnel mode, a new outer IP header is added, and the original IP packet is encapsulated. The outer header contains the IP addresses of the VPN endpoints (usually the IP addresses of the security gateways). It encrypts the co

Submitted by daniela_cl· Mar 5, 2026

Question

What are the two main capabilities of tunnel mode in IPsec site-to-site VPNs? (Choose two.)

Options

  • AIt secures only the data field in the packet.
  • BIt transmits with the original packet header visible.
  • CIt inserts a new IPsec header with new IP address.
  • DIt authenticates the data field in original packet.
  • EIt encrypts the complete IP packet with the data field.

Explanation

It inserts a new IPsec header with a new IP address. In tunnel mode, a new outer IP header is added, and the original IP packet is encapsulated. The outer header contains the IP addresses of the VPN endpoints (usually the IP addresses of the security gateways). It encrypts the complete IP packet with the data field. Tunnel mode encrypts the entire IP packet, including the original IP header and payload, ensuring that both the data and the original packet’s information are secure during transmission.

Topics

#IPsec VPNs#VPN tunnel mode

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-301 PracticeBrowse All 200-301 Questions