300-415 Question #164: Real Exam Question with Answer & Explanation

The correct answer is D: TLS. WAN Edge routers primarily use IPsec for data plane tunnels, but establish control plane connections with vSmart controllers using DTLS or TLS to build the overlay.

WAN Edge Router Deployment

Question

Which secure tunnel type should be used to connect one WAN Edge router to other WAN Edge routers?

Options

ADTLS
BSSL VPN
CIPSec
DTLS

Explanation

WAN Edge routers primarily use IPsec for data plane tunnels, but establish control plane connections with vSmart controllers using DTLS or TLS to build the overlay.

Common mistakes.

A. DTLS is the default protocol for control plane connections between WAN Edge routers and vSmart controllers, but TLS is also a valid alternative.
B. SSL VPNs are typically used for remote user access to a network, not for forming the core site-to-site overlay network between WAN Edge routers in Cisco SD-WAN.
C. IPsec is used for the data plane tunnels between WAN Edge routers to encrypt user traffic, not for the underlying control plane connections that establish the overlay itself.

Concept tested. SD-WAN secure tunnel types and planes

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/sdwan-overlay-network-components-and-functions.html

Topics

#SD-WAN Tunnels#Control Plane Security#WAN Edge Connectivity#TLS

Community Discussion

No community discussion yet for this question.

Full 300-415 Practice