Cisco
300-415 · Question #171
300-415 Question #171: Real Exam Question with Answer & Explanation
The correct answer is D: vpn 0 interface ge0/0 ip address 172.16.0.1/24 nat vpn 1 ip route 0.0.0.0/0 vpn 0. For Direct Internet Access (DIA) at a branch, the WAN Edge's internet-facing interface and NAT must be configured in VPN 0, and service VPNs requiring internet access must have a default route pointing traffic to VPN 0.
WAN Edge Router Deployment
Question
An enterprise needs DIA on some of its branches with a common location ID: A042:B49C:D02E::72. Which WAN Edge configuration requirement?
Options
- Avpn 1 interface ge0/1 ip address 172.16.0.1/24 vpn 512 ip route 0.0.0.0/0 vpn 0 vpn 1 nat
- Bvpn 1 ip route 0.0.0.0/0 vpn 0 vpn 1 interface ge0/0 ip address 172.16.0.1/24 nat
- Cvpn 0 ip route 0.0.0.0/0 vpn 0 vpn 1 interface ge0/1 ip address 172.16.0.1/24 nat
- Dvpn 0 interface ge0/0 ip address 172.16.0.1/24 nat vpn 1 ip route 0.0.0.0/0 vpn 0
Explanation
For Direct Internet Access (DIA) at a branch, the WAN Edge's internet-facing interface and NAT must be configured in VPN 0, and service VPNs requiring internet access must have a default route pointing traffic to VPN 0.
Common mistakes.
- A. This configuration places the internet-facing interface within VPN 1, which is a service VPN, rather than VPN 0 where transport interfaces for DIA are typically configured.
- B. This configuration also places the internet-facing interface within VPN 1 instead of VPN 0, which is incorrect for direct internet access.
- C. This configuration places the default route to VPN 0 within VPN 0 itself, which is redundant and incorrectly implies VPN 0 routes to itself. The internet-facing interface and NAT are also in VPN 1.
Concept tested. Direct Internet Access (DIA) configuration
Topics
#SD-WAN DIA#VPN 0#Service VPN#NAT
Community Discussion
No community discussion yet for this question.