Refer to the exhibit.
While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the
given output show?
A.
IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5.
B.
IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5.
C.
IPSec Phase 1 is down due to a QM_IDLE state.
D.
IPSec Phase 2 is down due to a QM_IDLE state.
Explanation:
BD
This is the output of the #show crypto isakmp sa command. This command shows the Internet Security
Association Management Protocol (ISAKMP) security associations (SAs) built between peers – IPsec Phase1.
The “established” clue comes from the state parameter QM_IDLE – this is what we want to see.
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-
00.html