Which two statements about the fragmentation of IPsec packets in routers are true? (Choose two.)
Posted: Sat Jul 23, 2022 7:10 pm
Which two statements about the fragmentation of IPsec packets in routers are true? (Choose two.)
A. By default, the IP packets that need encryption are first encrypted with ESP. If the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented and sent out.
B. By default, the router knows the IPsec overhead to add to the packet. The router performs a lookup if the packet will exceed the egress physical interface IP MTU after encryption, then fragments the packet and encrypts the resulting IP fragments separately.
C. increases CPU utilization on the decrypting device.
D. increases CPU utilization on the encrypting device.
A. By default, the IP packets that need encryption are first encrypted with ESP. If the resulting encrypted packet exceeds the IP MTU on the egress physical interface, then the encrypted packet is fragmented and sent out.
B. By default, the router knows the IPsec overhead to add to the packet. The router performs a lookup if the packet will exceed the egress physical interface IP MTU after encryption, then fragments the packet and encrypts the resulting IP fragments separately.
C. increases CPU utilization on the decrypting device.
D. increases CPU utilization on the encrypting device.