Refer to the exhibit.
After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing.
Which two actions resolve the issue? (Choose two.)
A . Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
B . Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3.
C . Change the mode from mode transport to mode tunnel on R2.
D . Configure the mode from mode tunnel to mode transport on R3.
E . Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.
Answer: AD
Explanation:
The first six commands are used to configure IPSec Phase 1 (ISAKMP Policy).
Here is the details of each command used above:
+ crypto isakmp policy 10 C This command creates ISAKMP policy number 10. You can create multiple policies, for example 7, 8, 9 with different configuration. Routers participating in Phase 1 negotiation tries to match a ISAKMP policy matching against the list of policies one by one. If any policy is matched, the IPSec negotiation moves to Phase 2.
+ hash md5C MD5 algorithm will be used.
+ authentication pre-share C Authentication method is pre-shared key.
+ group 2 C Diffie-Hellman group to be used is group 2.
+ encryption 3des C 3DES encryption algorithm will be used for Phase 1.
+ crypto isakmp key cisco address 10.1.1.1 C The Phase 1 password is cisco and remote peer IP address is 10.1.1.1
The next two command lines are used to configure IPSec Phase 2 (Transform Set):
+ crypto ipsec transform-set <transform-set-name> C Creates transform-set called <transform-
set-name>
+ esp-des C ESP IPSec protocol with the 56-bit Data Encryption Standard (DES) encryption algorithm will be used
+ esp-md5-hmac C ESP with the MD5 (HMAC variant) authentication algorithm will be used.
+ mode transport: only encrypts the payload and ESP trailer
or
+ mode tunnel: encrypts the IP header of the ENTIRE packet
Leave a Reply