What is the problem?

Posted by: Pdfprep Category: 300-101 Tags: , , Post Date: November 23, 2020

Refer to the exhibit.

A network engineer is troubleshooting a DMVPN setup between the hub and the spoke. The engineer executes the command show crypto isakmp sa and observes the output that isdisplayed.

What is the problem?
A . That ISAKMP is not enabled
B . That ISAKMP is using default settings
C . An incompatible IP sec transform set
D . An incompatible ISAKMP policy

Answer: B

Explanation:

EXAMPLE

note that these SAs are in "QM_IDLE" state, meaning that the ISAKMP SA is authenticated and can be used for subsequent Quick Mode (Phase 2) exchanges. The ISAKMP SA can exist in a number of other states.

tahts state default.

* That ISAKMP is not enabled ——-> no output

* default settings ——-> QM_Idle

* incompatible IP sec transform set ——-> Has nothing to do with Phase 1

* incompatible ISAKMP policy —–> Possibly MM_KEY_EXCH

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409­ipsec-debug-00.html

Author

Leave a Reply

Your email address will not be published.