Which crypto map tag is being used on the Cisco ASA?

Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured
according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify
the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:

Which crypto map tag is being used on the Cisco ASA?

Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured
according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify
the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:

Which crypto map tag is being used on the Cisco ASA?

A.
outside_cryptomap

B.
VPN-to-ASA

C.
L2L_Tunnel

D.
outside_map1

Explanation:
This is seen from the “show crypto ipsec sa” command on the ASA.

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Lenia

Lenia

More new 300-209 Real Exam Questions:

QUESTION 172
Which option describes the purpose of the command show derived-config interface virtual-access 1?

A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.

Answer: A

QUESTION 173
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)

A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0

Answer: AB

QUESTION 174
Which functionality is provided by L2TPv3 over FlexVPN?

A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN

Answer: A

QUESTION 175
When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?

A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.

Answer: D

Answer: C

QUESTION 177
If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?

A. Determine whether the Cisco ASA can resolve the DNS names.
B. Determine whether the Cisco ASA has DNS forwarders set up.
C. Determine whether an ACL is present to permit DNS forwarding.
D. Replace the DNS name with an IP address.

Answer: A

QUESTION 178
Which command clears all Cisco AnyConnect VPN sessions?

A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. vpn-sessiondb logoff l2l
D. clear crypto isakmp sa

Answer: A

Reply