Which of the following is incorrect about IKE V1 and IKE V2?
Options:
A.
IKE V2 establishes a pair of IPSec SAs. Normally, an IKE SA and a pair of IPSec SAs can be completed by exchanging 4 messages twice.
B.
IKE V2 does not have the concept of master mode and barb mode
C.
To establish a pair of IPSec SAs, only 6 messages need to be exchanged in the IKE V1 master mode.
D.
When the IPSec SA established by D IKE V2 is greater than one pair, each pair of SAs needs only one additional exchange, that is, two messages can be completed.
Note: To establish a pair of IPSec, IKE V1 needs to go through two phases: "main mode + fast mode" or "barbaric mode + fast mode". The former needs to exchange at least 9 messages, and the latter requires at least 6 messages. In IKE V2, an IKE SA and a pair of IPSecs can be completed by using a total of four messages in two exchanges. If the required IPSec SA is greater than 1 pair, the first pair of SAs only needs to add 1 additional exchange, that is, 2 messages can be completed. This is much easier than IKE V1. IKE V2 defines three types of exchanges: initial exchange, creation of SA exchange, and notification exchange.
Question 2
Because the policy in the traffic limiting policy does not restrict the deny rule, you do not need to use the deny rule.