A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry. IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB. What must be configured to fix this issue?

QuestionsCategory: 300-730A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry. IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB. What must be configured to fix this issue?
Admin Staff asked 3 months ago
A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry.
IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB.
What must be configured to fix this issue?

A. A matching IKEv2 pre-shared key on the hub and spoke routers in the crypto keyring configuration.

B. An outbound ACL on the dynamic VTI of the hub router that allows ICMP traffic to 192.168.1.2.

C. An IKEv2 authorization policy must be configured on the spoke router to advertise the interface route.

D. A route map must be configured on hub router to set the next hop for 192.168.1.2 to the dynamic VTI.








 

Suggested Answer: C



This question is in 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN) Exam
For getting Cisco Certified Network Professional Security (CCNP Security) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.