what state is the IKE security association in on the Ci…

Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco
ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured
according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify
the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for the this exercise.
Topology:

In what state is the IKE security association in on the Cisco ASA?

Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco
ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured
according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify
the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for the this exercise.
Topology:

In what state is the IKE security association in on the Cisco ASA?

A.
There are no security associations in place

B.
MM_ACTIVE

C.
ACTIVE(ACTIVE)

D.
QM_IDLE

Explanation:
This can be seen from the “show crypto isa sa” command:



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Lenia

Lenia

Jan/6th/2018 New Updated Cisco 300-209 Real Exam Questions:

QUESTION 172
Which option describes the purpose of the command show derived-config interface virtual-access 1?

A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.

Answer: A

QUESTION 173
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)

A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0

Answer: AB

QUESTION 174
Which functionality is provided by L2TPv3 over FlexVPN?

A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN

Answer: A

QUESTION 175
When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?

A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.

Answer: D

Answer: C

QUESTION 177
If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?

A. Determine whether the Cisco ASA can resolve the DNS names.
B. Determine whether the Cisco ASA has DNS forwarders set up.
C. Determine whether an ACL is present to permit DNS forwarding.
D. Replace the DNS name with an IP address.

Answer: A

QUESTION 178
Which command clears all Cisco AnyConnect VPN sessions?

A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. vpn-sessiondb logoff l2l
D. clear crypto isakmp sa

Answer: A