Cisco
300-730 · Question #194
300-730 Question #194: Real Exam Question with Answer & Explanation
The correct answer is D: Crypto map must be applied to correct interface.. The error 'invalid local address 192.168.10.1' means the crypto map is applied to an interface that does not own that IP address, so the map must be moved to the correct interface.
Troubleshooting VPNs
Question
Refer to the exhibit. A network security administrator receives this error message after configuring a site-to-site IPsec VPN between two sites What is the solution to this problem?
IPSEC(validate_proposal): invalid local address 192.168.10.1
ISAKMP (0:3): atts not acceptable. Next payload is 0
ISAKMP (0:3): SA not acceptable!
Options
- AThe transport set must match between sites.
- BIPsec policy must match between sites.
- CISAKMP policy must match between sites.
- DCrypto map must be applied to correct interface.
Explanation
The error 'invalid local address 192.168.10.1' means the crypto map is applied to an interface that does not own that IP address, so the map must be moved to the correct interface.
Common mistakes.
- A. A transform set mismatch generates errors referencing unsupported encryption or hash algorithms, not an invalid local address binding.
- B. IPsec policy mismatches between peers produce negotiation failures citing specific unacceptable proposal attributes, not a missing local address error.
- C. ISAKMP policy mismatches result in errors about differing authentication or encryption method proposals, not the 'invalid local address' condition shown in the exhibit.
Concept tested. Crypto map interface binding for site-to-site IPsec VPN
Topics
#IPsec validation#crypto map#invalid local address#site-to-site VPN
Community Discussion
No community discussion yet for this question.