Refer to the exhibit.
 
An engineer has configured a spoke to connect to a FlexVPN hub. The tunnel is up, but pings fail when the engineer attempts to reach host 192.168.200.10 behind the spoke, and traffic is sourced from host 192.168.100.3, which is behind the FlexVPN server. Based on packet captures, the engineer discovers that host 192.168.200.10 receives the icmp echo and sends an icmp reply that makes it to the inside interface of the spoke. Based on the output in the exhibit captured on the spoke by the engineer, which action resolves this issue?

A. Add the aaa authorization group cert list default default command to the spoke ikev2 profile.

B. Add the route set remote ipv4 192.168.200.0 255.255.255.0 command to the hub authorization policy.

C. Add the aaa authorization group cert list default default command to the hub ikev2 profile.

D. Add the route set remote ipv4 192.168.100.0 255.255.255.0 command to the spoke authorization policy.








 

Suggested Answer: D



This question is in 300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN) Exam
For getting Cisco Certified Network Professional Security (CCNP Security) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.