SIMULATION - Guidelines - This is a lab item in which tasks will be performed on virtual devices. • Refer to the Tasks tab to view the tasks for this lab item. • Refer to the Topology tab to access the device console(s) and perform the tasks. • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window. • All necessary preconfigurations have been applied. • Do not change the enable password or hostname for any device. • Save your configurations to NVRAM before moving to the next item. • Click Next at the bottom of the screen to submit this lab and move to the next question. • When Next is clicked, the lab closes and cannot be reopened. Topology - Tasks - Configure IPSec security policy on tunnel interfaces to ensure data confidentiality and integrity where mGRE tunnels are up and running between HUB and SPOKE routers. 1. Configure the ISAKMP policy parameters with the following attributes: • AES256 • SHA256 • Group2 • lifetime 86400 2. Ensure that GRE IP Header should be encrypted inside the IPSec packet. Verify IPSec security association and ISAKMP encrypted key. Use ISAKMP key "abc123". 3. Configure a flexible ISAKMP Policy on the HUB to add peers that have the dynamic IP addresses where SPOKES must add HUB IP static entry using an encrypted key. Use a single command to configure it. Use IPSec phase-2 transform-set name as T-SET and IPSec Profile name as ’IPSEC-PROFILE’. Suggested Answer: This question is in 300-410 exam For getting CCNP Enterprise Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Cisco. Trademarks, certification & product names are used for reference only and belong to Cisco.
Please login or Register to submit your answer