Refer to the exhibit.
You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel.
What action can you take to correct the problem?
A . Edit the crypto keys on R1 and R2 to match.
B . Edit the ISAKMP policy sequence numbers on R1 and R2 to match.
C . Set a valid value for the crypto key lifetime on each router.
D . Edit the crypto isakmp key command on each router with the address value of its own interface.
Answer: A
Explanation:
Five basic items need to be agreed upon between the two VPN devices/gateways (in this case, the two routers) for the IKE Phase 1 tunnel to succeed, as follows:
+ Hash algorithm
+ Encryption algorithm
+ Diffie-Hellman (DH) group
+ Authentication method: sed for verifying the identity of the VPN peer on the other side of the tunnel. Options include a pre-shared key (PSK) used only for the authentication or RSA signatures (which leverage the public keys contained in digital certificates).
+ Lifetime The PSK used on the routers are different: test67890 and test12345
Source: Cisco Official Certification Guide, The Play by Play for IPsec, p.124
Leave a Reply