Cisco
300-415 · Question #121
300-415 Question #121: Real Exam Question with Answer & Explanation
The correct answer is C: vpn 1 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 1 vpn 0. To configure IPsec tunnels in an active and standby configuration within a service VPN, a centralized data policy should specify multiple interfaces for the service.
Security and Quality of Service
Question
Refer to the exhibit. Which configuration configures IPsec tunnels in active and standby?
Options
- Avpn-list 1 count ServicePSec1_275676046 from-vsmart lists vpn-list 1 vpn 0 service netsvc1 interface ipsec1 ipsec2
- Bvpn-list 1 vpn 0 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 0 vpn 0
- Cvpn 1 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 1 vpn 0
- Dvpn 0 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 0 vpn 0
Explanation
To configure IPsec tunnels in an active and standby configuration within a service VPN, a centralized data policy should specify multiple interfaces for the service.
Common mistakes.
- A. This option contains
vpn-listandcountparameters that are not part of the standard command to configure active/standby IPsec tunnels within a service VPN, and its syntax is inconsistent. - B. This option uses
vpn 0, which is the transport VPN, typically for control plane and underlay connectivity, not directly for configuring active/standby application tunnels within a service VPN. - D. This option also uses
vpn 0, indicating the transport VPN, which is incorrect for configuring active/standby IPsec tunnels for a user service VPN.
Concept tested. SD-WAN centralized data policy for IPsec redundancy (active/standby)
Topics
#IPsec Tunnels#SD-WAN Configuration#VPN Redundancy#Active/Standby
Community Discussion
No community discussion yet for this question.