300-730 · Question #32
Refer to the exhibit. What is configured as a result of this command set?
The correct answer is C. FlexVPN server for an IPv6 dVTI session. The command set configures a FlexVPN server to support IPv6 dynamic Virtual Tunnel Interface (dVTI) sessions for remote-access or site-to-site connectivity.
Question
Options
- AFlexVPN client profile for IPv6
- BFlexVPN server to authorize groups by using an IPv6 external AAA
- CFlexVPN server for an IPv6 dVTI session
- DFlexVPN server to authenticate IPv6 peers by using EAP
How the community answered
(18 responses)- A11% (2)
- B6% (1)
- C67% (12)
- D17% (3)
Why each option
The command set configures a FlexVPN server to support IPv6 dynamic Virtual Tunnel Interface (dVTI) sessions for remote-access or site-to-site connectivity.
A FlexVPN client profile would reference a peer address and initiate connections outbound; a server configuration listens for inbound IKEv2 connections and clones dVTI interfaces.
Authorizing groups via an external AAA server would require an 'aaa authorization network' statement and group lookup configuration, which is not what a dVTI server template setup defines.
A FlexVPN server dVTI configuration uses IKEv2 with a virtual-template interface assigned an IPv6 address, allowing dynamic per-session tunnel interfaces to be cloned from the template. This pattern - combining an IKEv2 profile, an IPv6 virtual-template, and associated crypto settings - is the defining characteristic of a FlexVPN dVTI server for IPv6 peers.
EAP authentication configuration requires 'authentication remote eap' under the IKEv2 profile and an EAP method; dVTI server configuration uses certificate or pre-shared key authentication by default.
Concept tested: FlexVPN server IPv6 dynamic Virtual Tunnel Interface configuration
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-16/sec-flex-vpn-xe-16-book/sec-cfg-flexvpn.html
Topics
Community Discussion
No community discussion yet for this question.