nerdexam
Exams300-730Questions#132
Cisco

300-730 · Question #132

300-730 Question #132: Real Exam Question with Answer & Explanation

The correct answer is C: IKEv2-based VPN. The 'ipsec-proposal' configuration construct is used exclusively with IKEv2 on Cisco ASA to define IPsec transform parameters for remote access VPN.

Remote Access VPN

Question

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

Options

  • Aclientless SSLVPN
  • BSSLVPN Full Tunnel
  • CIKEv2-based VPN
  • DIKEv1-based VPN

Explanation

The 'ipsec-proposal' configuration construct is used exclusively with IKEv2 on Cisco ASA to define IPsec transform parameters for remote access VPN.

Common mistakes.

  • A. Clientless SSL VPN operates over TLS at the application layer and does not establish an IPsec tunnel, so ipsec-proposal configuration is not applicable.
  • B. SSL VPN Full Tunnel uses TLS to encapsulate all traffic without IPsec, and its configuration uses SSL policies rather than ipsec-proposal objects.
  • D. IKEv1 VPN uses 'crypto ipsec transform-set' to define IPsec parameters, not the ipsec-proposal syntax, which was introduced as part of the IKEv2 configuration model.

Concept tested. IKEv2 ipsec-proposal configuration on Cisco ASA

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/configuration/vpn/asa-94-vpn-config/vpn-ikev2.html

Topics

#IKEv2#IPsec-proposal#remote access VPN#ASA

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice