What is the problem and haw do you make the VPN use the VII tunnels?

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal
network as defined on the Topology tab setting “All IP Addresses behind Gateway based on
Topology Information”
You want to test the route based VPN, so you created VTls among the Gateways and created
static route entries for the VTTs However, when you test the VPN. You find out the VPN still go
through the regular domain IPSec tunnels instead of the routed VT1 tunnels.
What is the problem and haw do you make the VPN use the VII tunnels?

You have three Gateways in a mesh community. Each gateway’s VPN Domain is their internal
network as defined on the Topology tab setting “All IP Addresses behind Gateway based on
Topology Information”
You want to test the route based VPN, so you created VTls among the Gateways and created
static route entries for the VTTs However, when you test the VPN. You find out the VPN still go
through the regular domain IPSec tunnels instead of the routed VT1 tunnels.
What is the problem and haw do you make the VPN use the VII tunnels?

A.
Route-based VTI takes precedence over the Domain VPN. Troubleshoot the static route entries
to insure that they are correctly pointing to the VTI gateway IP

B.
Domain VPN takes precedence over the route-based VTI to make the VPN go through VTI. use
an empty group object as each Gateway’s VPN Domain

C.
Domain VPN takes precedence over the route-based VTI. To make the VPN go through VTI.
remove the Gateways out of the mesh community and replace with a star community

D.
Route-based VTI takes precedence over the Domain VPN. To make the VPN go through VTI.
Use dynamic-routing protocol like OSPF or BGP to route the VTI address to the peer instead of
static routes

Explanation:



Leave a Reply 0

Your email address will not be published. Required fields are marked *