Cisco Certified Network Associate (CCNA) Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Cisco Certified Network Associate (CCNA) Practice Exam. Test your knowledge with our interactive quizzes featuring multiple choice questions, hints, and explanations. Equip yourself for success!

Practice this question and more.


Which mode of IPsec encapsulates the entire IP packet?

  1. Transport Mode

  2. Tunnel Mode

  3. Proxy Mode

  4. Split Mode

The correct answer is: Tunnel Mode

Tunnel Mode of IPsec encapsulates the entire IP packet by wrapping it within a new IP header. This means that not just the payload, but the entire original packet, including both the header and the data, is encrypted and secured. This mode is particularly useful for creating virtual private networks (VPNs) where it is essential to secure traffic between different networks across a public infrastructure, such as the Internet. In Tunnel Mode, the original IP packet is encrypted, which provides a layer of security, while the new outer IP header allows routers to route the packet to its destination without exposing the original packet's contents. This is ideal for scenarios where data needs to travel securely across untrusted networks. The other options, like Transport Mode, only encrypt the payload of the IP packet, leaving the original IP header intact. Proxy Mode and Split Mode are not standard terminologies within the context of IPsec. Thus, Tunnel Mode is the correct answer, emphasizing its role in securing entire packets, making it essential for VPN implementations and secure communications over public or untrusted networks.