Refer to the exhibit.
You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel.
What action can you take to correct the problem?
A.
Edit the crypto keys on R1 and R2 to match.
B.
Edit the ISAKMP policy sequence numbers on R1 and R2 to match.
C.
Set a valid value for the crypto key lifetime on each router.
D.
Edit the crypto isakmp key command on each router with the address value of its own interface.
Explanation:
BD
Five basic items need to be agreed upon between the two VPN devices/gateways (in this case, the two routers)
for the IKE Phase 1 tunnel to succeed, as follows:
+ Hash algorithm
+ Encryption algorithm
+ Diffie-Hellman (DH) group
+ Authentication method: sed for verifying the identity of the VPN peer on the other side of the tunnel. Options
include a pre-shared key (PSK) used only for the authentication or RSA signatures (which leverage the public
keys contained in digital certificates).
+ Lifetime
The PSK used on the routers are different: test67890 and test12345
Source: Cisco Official Certification Guide, The Play by Play for IPsec, p.124