ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 153 discussion

Actual exam question from Cisco's 300-730
Question #: 153
Topic #: 1
[All 300-730 Questions]

A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry.

IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB.

What must be configured to fix this issue?

  • A. A matching IKEv2 pre-shared key on the hub and spoke routers in the crypto keyring configuration.
  • B. An outbound ACL on the dynamic VTI of the hub router that allows ICMP traffic to 192.168.1.2.
  • C. An IKEv2 authorization policy must be configured on the spoke router to advertise the interface route.
  • D. A route map must be configured on hub router to set the next hop for 192.168.1.2 to the dynamic VTI.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by red_sparrow_Gr at Feb. 9, 2023, 7:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DGriff
1 month, 3 weeks ago
Selected Answer: D
A Hub and spoke may not need to use an authorization policy, especially using VTI.
upvoted 1 times
...
aksh9901
3 months, 1 week ago
Selected Answer: C
the hub router’s debug output indicates that it is trying to send the packet toward the spoke’s tunnel IP (192.168.1.2) but is doing so “via FIB” (i.e., the routing table) rather than across the FlexVPN tunnel. In other words, the hub either does not know that 192.168.1.2 is reachable via the FlexVPN tunnel or has no correct route/next-hop entry pointing to the tunnel interface.Once the spoke is correctly advertising 192.168.1.2 to the hub via the authorization policy, the hub’s routing table will reflect that the next hop for 192.168.1.2 is via the dynamic VTI, and pings from the hub to the spoke tunnel IP will work as intended.
upvoted 1 times
...
jedi567890
6 months, 3 weeks ago
Selected Answer: C
"route set interface" must be set under spoke's authorization policy in order to advertise its tunnel ip to the hub.
upvoted 1 times
...
pfrank
8 months ago
Selected Answer: D
If you can't ping the spoke and debug shows FIB then this would seem to be a routing issue.
upvoted 2 times
...
kylesam2017
9 months, 1 week ago
"D" is the correct answer here.
upvoted 2 times
...
gondohwe
10 months, 3 weeks ago
hub cant reach spoke interface even if it shows to be up because spoke isnt definately advertising its network via IKEv2 authorization policy....i choose C
upvoted 2 times
...
red_sparrow_Gr
1 year, 7 months ago
I am not sure if C is the correct one or D.
upvoted 1 times
mpls_link
1 year, 5 months ago
C is the most correct answer!
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago