nerdexam
Exams300-415Questions#195
Cisco

300-415 · Question #195

300-415 Question #195: Real Exam Question with Answer & Explanation

The correct answer is B: WAN Edge 1 vpn 0 interface ge0/0 ip address 10.0.0.1/24 ipv6 dhcp-client tunnel-interface color public-internet restrict encapsulation ipsec WAN Edge 2 vpn 0 interface ge0/0 ip address 10.0.0.2/24 ipv6 dhcp-client tunnel-interface color public-internet restrict encapsulation ipsec. To ensure IPsec VPN tunnels establish between WAN Edge devices over an Internet connection and are restricted to the same color, both devices must be configured with a specific color and the 'restrict' keyword.

WAN Edge Router Deployment

Question

An engineer must configure two branch WAN Edge devices where an Internet connection is available and the controllers are in the headquarters. The requirement is to have IPsec VPN tunnels established between the same colors. Which configuration meets the requirement on both WAN Edge devices?

Options

  • AWAN Edge 1 vpn 0 interface ge0/0 ip address 10.0.0.1/24 ipv6 dhcp-client tunnel-interface color default encapsulation ipsec WAN Edge 2 vpn 0 interface ge0/0 ip address 10.0.0.2/24 ipv6 dhcp-client tunnel-interface color default encapsulation ipsec
  • BWAN Edge 1 vpn 0 interface ge0/0 ip address 10.0.0.1/24 ipv6 dhcp-client tunnel-interface color public-internet restrict encapsulation ipsec WAN Edge 2 vpn 0 interface ge0/0 ip address 10.0.0.2/24 ipv6 dhcp-client tunnel-interface color public-internet restrict encapsulation ipsec
  • CWAN Edge 1 vpn 0 interface ge0/0 ip address 10.0.0.1/24 ipv6 dhcp-client tunnel-interface color gold restrict encapsulation ipsec WAN Edge 2 vpn 0 interface ge0/0 ip address 10.0.0.2/24 ipv6 dhcp-client tunnel-interface color gold restrict encapsulation ipsec
  • DWAN Edge 1 vpn 0 interface ge0/0 ip address 10.0.0.1/24 ipv6 dhcp-client tunnel-interface color biz-internet restrict encapsulation ipsec WAN Edge 2 vpn 0 interface ge0/0 ip address 10.0.0.2/24 ipv6 dhcp-client tunnel-interface color default encapsulation ipsec

Explanation

To ensure IPsec VPN tunnels establish between WAN Edge devices over an Internet connection and are restricted to the same color, both devices must be configured with a specific color and the 'restrict' keyword.

Common mistakes.

  • A. Using 'color default' without the 'restrict' keyword means tunnels will attempt to form to TLOCs of any color, which does not meet the explicit requirement of tunnels being 'established between the same colors' for a controlled internet setup.
  • C. While 'color gold restrict' would enforce same-color restriction, 'public-internet' is a more appropriate and commonly used default color for a standard internet connection, making 'gold' less typical without further context.
  • D. This option presents mismatched colors ('biz-internet restrict' on WAN Edge 1 and 'default' on WAN Edge 2) and also omits the 'restrict' keyword on WAN Edge 2, which would prevent the tunnels from forming according to the 'same colors' requirement.

Concept tested. Cisco SD-WAN TLOC color and restrict keyword

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/m-sdwan-config.html#C_ID_B1143D69_00

Topics

#SD-WAN TLOC#WAN Edge Configuration#Tunnel Interface Colors#IPsec VPN

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice