300-320 Question #270: Real Exam Question with Answer & Explanation

The correct answer is C: DMVPN. DMVPN (Dynamic Multipoint VPN) enables scalable hub-and-spoke VPN designs by allowing spokes to dynamically build direct spoke-to-spoke tunnels on demand using NHRP.

Question

Which VPN technology supports dynamic creation of spoke-to-spoke VPN tunnels to provide a scalable design?

Options

AIPsec
BGRE over IPsec
CDMVPN
DGRE

Explanation

DMVPN (Dynamic Multipoint VPN) enables scalable hub-and-spoke VPN designs by allowing spokes to dynamically build direct spoke-to-spoke tunnels on demand using NHRP.

Common mistakes.

A. Standard IPsec requires statically defined crypto map peer configurations for each tunnel endpoint, providing no mechanism for dynamic spoke-to-spoke tunnel creation.
B. GRE over IPsec creates static point-to-point tunnels between explicitly configured endpoints and does not support dynamic spoke-to-spoke tunnel establishment.
D. Plain GRE provides tunneling without encryption and requires static point-to-point configurations with no dynamic spoke-to-spoke capability.

Concept tested. DMVPN dynamic spoke-to-spoke tunnel creation using NHRP

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-book.html

Community Discussion

No community discussion yet for this question.

Full 300-320 Practice