What does the given output show?

Posted by: Pdfprep Category: 210-260 Tags: , , Post Date: October 31, 2020

Refer to the exhibit.

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command.

What does the given output show?
A . IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.
B . IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.
C . IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2.
D . IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2.

Answer: A

Explanation:

This is the output of the #show crypto isakmp sa command. This command shows the Internet Security Association Management Protocol (ISAKMP) security associations (SAs) built between peers – IPsec Phase1.

MM_NO_STATE means that main mode has failed. QM_IDLE – this is what we want to see. More on this http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409­ipsec-debug- 00.html

Author

Leave a Reply

Your email address will not be published.