Which two actions resolve the issue?

Posted by: Pdfprep Category: 300-410 Tags: , ,

Refer to the exhibit.

After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing.

Which two actions resolve the issue? (Choose two.)
A . Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
B . Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3.
C . Change the mode from mode transport to mode tunnel on R2.
D . Configure the mode from mode tunnel to mode transport on R3.
E . Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.

Answer: AD

Explanation:

The first six commands are used to configure IPSec Phase 1 (ISAKMP Policy).

Here is the details of each command used above:

+ crypto isakmp policy 10 C This command creates ISAKMP policy number 10. You can create multiple policies, for example 7, 8, 9 with different configuration. Routers participating in Phase 1 negotiation tries to match a ISAKMP policy matching against the list of policies one by one. If any policy is matched, the IPSec negotiation moves to Phase 2.

+ hash md5C MD5 algorithm will be used.

+ authentication pre-share C Authentication method is pre-shared key.

+ group 2 C Diffie-Hellman group to be used is group 2.

+ encryption 3des C 3DES encryption algorithm will be used for Phase 1.

+ crypto isakmp key cisco address 10.1.1.1 C The Phase 1 password is cisco and remote peer IP address is 10.1.1.1

The next two command lines are used to configure IPSec Phase 2 (Transform Set):

+ crypto ipsec transform-set <transform-set-name> C Creates transform-set called <transform-

set-name>

+ esp-des C ESP IPSec protocol with the 56-bit Data Encryption Standard (DES) encryption algorithm will be used

+ esp-md5-hmac C ESP with the MD5 (HMAC variant) authentication algorithm will be used.

+ mode transport: only encrypts the payload and ESP trailer

or

+ mode tunnel: encrypts the IP header of the ENTIRE packet

Leave a Reply

Your email address will not be published.