Refer to the exhibit.
R15
crypto pki trustpoint ccier15
enrollment url http://172.16.100.17:8080
serial-number
ip-address 172.16.100.15
subject-name CN=r15 O=cisco.com
revocation-check none
source interface Loopback0
rsakeypair ccier15
!
crypto isakmp policy 1516
encr aes
hash md5
group 2
!
crypto ipsec transform-set ts1516 esp-aes esp-sha-hmac
mode tunnel
!
crypto map r15r16 1516 ipsec-isakmp
set peer 10.1.7.16
set transform-set ts1516
match address 110
!
interface Loopback0
ip address 172.16.100.15 255.255.255.255
!
interface Loopback1
ip address 192.168.15.15 255.255.255.0
!
interface GigabiEthernet1
ip address 20.1.6.15 255.255.255.0
netgotiation auto
crypto map r15r16
!
router bgp 6
bgp log-neighbor-changes
network 172.16.100.15 mask 255.255.255.255
neighbor 20.1.6.18 remote-as 678
neighbor 20.1.6.18 password cisco
!
ip route 192.168.16.0 255.255.255.0 20.1.7.16
access-list 110 permit ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255
!
ntp authentication-key 11 md5 ccie
ntp authenticate
ntp trusted-key 12
ntp server 150.1.7.131 key 12
!
ip domain name cisco.com
R15 is building a Site-to-Site IPsec certificate-based VPN tunnel with the peer at 20.1.7.16. The CA is running at port 80 on address 172.16.100.18. R15 has a BGP peer at 20.6.1.18 doing an authenticated session to establish reachability with the VPN remote site.
The VPN tunnel secures traffic between 192.168.15.0/24 and 192.168.16.0/24 networks.
It has been reported that VPN tunnel is not coming up with remote site, what could be the issues? (Choose two)
A . Incorrect ACL defined for the traffic encryption
B . Incorrect static route
C . Incorrect crypto map configuration
D . Incorrect ISAKMP policy configuration
E . The crypto map is not applied on the correct interface
F . Incorrect truspoint configuration
G . Incorrect BGP peer Configuration
H . Incorrect transform set configuration
Answer: FG
Leave a Reply