An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?

A. Modify the routing at Site B so that traffic is sent to Site A.

B. Configure the correct DH group on both devices.

C. Allow protocol ESP or AH on the firewall in front of the Site B router.

D. Enable PFS on the headend device.








 

Suggested Answer: C



This question is in 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN) Exam
For getting Cisco Certified Network Professional Security (CCNP Security) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.