Studying for 501 and this question has got me stumped - tunelling with MAC visible over the net

Hi,
I can't figure out the answer to the question below. Could someone please advise:

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

A.Tunnel mode IPSec
B.Transport mode VPN IPSec
C.L2TP
D.SSL VPN

Answer: D

I'm thinking the answer should B, but I'm not sure. SSL VPN just sounds too vague. Some advice would be appreciated...

Find more posts tagged with

Comments

yoba222

I didn't even know you could do that. All my MAC address scanning tools seem useless whenever I'm VPNed into a network and I just assumed it was not possible. Curious to know the answer.

deadjoe

All four can use certs for auth. A and C use Layer 3 routing. B is host-to-host not site-to-site.

OpenVPN is an example of an SSL VPN that can do Layer 2 bridging site-to-site.

I don't like this question though. It's too difficult for Security+.

eurotechie

Thanks Joe