A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device?
As mentioned by others, C is correct since Phase 1 is already up, Phase 2 is all 'crypto acl or proxy ID' therefore the 'interesting traffic' is not matching so check your encryption domain.
I believe the answer is C. encryption domain - this is the "interesting traffic" that is meant to be encrypted. If I'm not mistaken, the other options are all performed in phase 1 and phase 1 is up.
Configure the IKEv1 policy
!
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 3600
from https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/215884-configure-a-site-to-site-vpn-tunnel-with.html
peer IP address is ther correct answer. It in not a blief, just proof.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ITVI
6 days, 19 hours agoluismg
6 months, 3 weeks agodevildog
8 months agomasal
7 months, 3 weeks ago