Cisco
300-730 · Question #164
300-730 Question #164: Real Exam Question with Answer & Explanation
The correct answer is D: FlexVPN. FlexVPN meets all three requirements - scalability beyond 350 sites with on-demand spoke-to-spoke tunnels via IKEv2, full IPsec tunnel-mode encryption of both header and payload, and native routing protocol support.
Question
An organization wants to implement a site-to-site VPN solution that must be able to support 350 sites with direct communications between all sites, fully encrypt the packet header and payload, and support propagation of routing information over IPsec. Which solution meets these requirements?
Options
- AIPsec full mesh
- BDMVPN
- CGETVPN
- DFlexVPN
Explanation
FlexVPN meets all three requirements - scalability beyond 350 sites with on-demand spoke-to-spoke tunnels via IKEv2, full IPsec tunnel-mode encryption of both header and payload, and native routing protocol support.
Common mistakes.
- A. IPsec full mesh requires approximately 61,000 individual IPsec SA pairs for 350 sites, making it operationally unmanageable and failing the scalability requirement.
- B. DMVPN relies on mGRE and NHRP for spoke-to-spoke resolution and introduces hub dependency for initial NHRP mappings, limiting direct-communication scalability compared to FlexVPN at this site count.
- C. GETVPN is a tunnel-less, group-keyed VPN that preserves the original IP header in the clear (only the payload is encrypted), failing the requirement to fully encrypt the packet header.
Concept tested. FlexVPN scalability, full encryption, and routing support
Community Discussion
No community discussion yet for this question.