Refer to the exhibit. A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles. Which two configuration changes accomplish this? (Choose two).
A.
Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface.
B.
Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4.
C.
Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.
D.
Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.
E.
Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24.
The correct answer is:
C. Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL.
D. Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface.
a somewhat easy cheatsheet for the exam:
you need 1 "remove" and 1 "IPSec profile."
this rules out B right away
there is no transform set ACL, so that kills A
the ACL is technically a GRE ACL on outside interface.
so you are left with D as the "IPSec profile."
then whatever you do, it will be on both routers due to vpn symmetry in configs
So that rules out E, since it doesnt reference both routers.
So you are left with C as he "remove"
C & D have more sense, because the question ask for simplify config. So Removing al Cryptomap config and the ACL tied to it, also applying that to the tunnel using the tunnel protection command.
B does not make sense as is calling for simplifying so using cryptomap on tunnels does not simplify and make ip sec profile useless.
Answer B can only be used to configure GRE Tunnel over an IPsec Tunnel and in this case, we don't need an IPsec profile just the crypto-map.
But in the question, we want to configure IPsec over a GRE Tunnel, so in this case, we need the following for IKE phase1 and IKE phase 2:
1- crypto isakmp policy
2- crypto isakmp key "in case of a pre-shared key defined in policy"
3- crypto isakmp transform-set
4- crypto ipsec profile.
Go to Interface:
-tunnel)# tunnel mode ipsec [ipv4/ipv6]
-tunnel)# tunnel protection ipsec profile [profile-Name]
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
xziomal9
Highly Voted 3 years, 1 month agoiAbdullah
3 years agoEddgar0
2 years, 6 months agoHamzaaa
Highly Voted 3 years, 6 months ago[Removed]
Most Recent 5 months agodonAdriano
6 months agowr4net
1 year, 5 months agoHungarianDish_111
1 year, 7 months agoWooker
2 years, 3 months agoPudu_vlad
2 years, 4 months agoAldebeer
2 years, 6 months agoEddgar0
2 years, 6 months agoaohashi
2 years, 8 months agozzmejce
2 years, 8 months agoNet91
2 years, 10 months agowwwwaaaa
2 years, 10 months agosharon90
2 years, 11 months agocyrus777
2 years, 11 months agoerror_909
3 years, 1 month ago