300-420 Question #30: Real Exam Question with Answer & Explanation

The correct answer is A: Verify the GRE tunnels.. Before troubleshooting the IPsec configuration in a DMVPN setup, the network administrator should first verify the underlying GRE tunnels to ensure basic connectivity and tunnel establishment.

WAN for Enterprise Networks

Question

A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration?

Options

AVerify the GRE tunnels.
BVerify ISAKMP.
CVerify NHRP.
DVerify crypto maps.

Explanation

Before troubleshooting the IPsec configuration in a DMVPN setup, the network administrator should first verify the underlying GRE tunnels to ensure basic connectivity and tunnel establishment.

Common mistakes.

B. ISAKMP (Internet Security Association and Key Management Protocol) is part of the IPsec negotiation process, and troubleshooting ISAKMP comes after ensuring the underlying GRE tunnel is functional.
C. NHRP (Next Hop Resolution Protocol) is crucial for DMVPN tunnel establishment, but the GRE tunnel must be up before NHRP can function correctly over it.
D. Crypto maps are part of the IPsec configuration; troubleshooting crypto maps would be a step in troubleshooting IPsec, which should occur after verifying the GRE tunnel.

Concept tested. DMVPN troubleshooting methodology

Reference. https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-data-encapsulation-protocol/118318-technote-dmvpn-00.html

Topics

#DMVPN#GRE#IPsec#Troubleshooting

Community Discussion

No community discussion yet for this question.

Full 300-420 Practice Browse All 300-420 Questions