300-415 Question #376: Real Exam Question with Answer & Explanation

Question

Options

• Apolicy data-policy DPI vpn-list vpn10 sequence 10 match app-list YouTube ! action drop count YouTube ! default-action accept ! lists vpn-list vpn10
• Bpolicy data-policy DPI vpn-list vpn10 sequence 10 match app-list YouTube ! action drop count YouTube ! default-action accept ! lists vpn-list vpn10
• Cpolicy data-policy DPI vpn-list vpn10 sequence 10 match app-list YouTube ! action count Youtube nat vpn 0 ! default-action accept ! lists vpn-list vpn10
• Dpolicy data-policy DPI vpn-list vpn10 sequence 10 match app-list YouTube ! action count Youtube nat vpn 0 ! default-action accept ! lists vpn-list vpn10

Explanation

To enable direct internet access (DIA) for specific application traffic like YouTube at a branch site in Cisco SD-WAN, a data policy must be configured to match the application and apply a nat vpn 0 action, which directs traffic to the internet VPN (VPN 0).

Common mistakes.

• A. This policy is configured to action drop YouTube traffic, which would block it, not allow direct internet access.
• B. Similar to A, this policy is configured to action drop YouTube traffic, which prevents direct internet access.
• D. This configuration is identical to C and would also be correct, as it specifies action nat vpn 0 for YouTube traffic, enabling direct internet access.

Concept tested. SD-WAN Direct Internet Access (DIA) policy

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/m-dia.html

No community discussion yet for this question.