CORRECT TEXT

CORRECT TEXT


CORRECT TEXT


Answer: See the explanation.

Explanation:
Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default

identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 1
ip address 10.1.1.1
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end

Show Hint

Leave a Reply 5

Your email address will not be published. Required fields are marked *

Ahmad

Ahmad

crypto ikev2 proposal myproposal
encry aes
intigrity sha
group 5

crypto ikev2 policy mypolicy
proposal myproposal

crypto ikev2 keyring keyring1
peer SiteB
address 209.165.201.1 255.255.255.224
pre-shared local $iteA
pre-shared remote $iteB

crypto ikev2 profile myprofile
identity local fqdn SiteA.cisco.com
match identity remote fqdn SiteB.cisco.com
authentication local pre-shared
authentication remote pre-shared
keyring keyring1

crypto ipsec transform set default
mode transport

crypto ipsec profile ipsec-profile
set transform-set default
set ikev2-profile myprofile

interface tunnel 0
ip address 10.1.1.1 255.255.255.0
tunnel source ethernet 0/0/0
tunnel destination 209.165.201.1
tunnel protection ipsec profile ipsec-profile

Reply

MindTheGap

MindTheGap

You created a ikev2 policy “mypolicy” but you used it nowhere ..

Reply

cisco-man

cisco-man

I just took and passed my SIMOS exam, i want to inform you that these dumps are valid but still there are many more new questions that did not show up here. The most important is about lab, there are new labs. I had to configure a Remote Access Clientless SSL VPN on ASA (to be configured with ASDM), i had to add some bookmarks on a user. My point is to be well prepared for the exam. You must really know what to do, not just to memories the answers and the configs.
Inform as much as you can. Share the knowledge my friends and study as hard as you can 🙂

P.S. (always check the post’s dates in order to have valid and updated information)

Best Wishes!

Reply

rulz

rulz

Hi friends,
Good news, i passed the SIMOS exam today Dec 18th, and to reconfirm you that this questions are valid, but new more questions (not so hard) have been added, some ask for the same idea but in a reformulated way, most of them are about ikeV1, ikeV2, nge, dmvpn, getvpn, and many new diverse configuration fragments for ikev1, dmvpn, ikev2 to analyze & answer, so try to understand the technology and analyze the questions, not memorize questions.
Regarding labs, this ios flex config lab, besides a tshoot lab for ikev2 between ios & asa, an ikev2 lab between ASAs with asdm, a clientless ssl lab, and an add-bookmark for clientless users with asdm-v7, currently there are NO labs about dmvpn & getvpn, so try to focus on ssl & ikev2 labs. Hope you best luck with your exams!.

Reply

Papero23

Papero23

Are these questions still valid? Furthermore, for this question any configuration about either crypto ikev2 proposal or crypto ikev2 policy is needed. Routers will use smart defaults

Reply