nerdexam
Exams300-730Questions#54
Cisco

300-730 · Question #54

300-730 Question #54: Real Exam Question with Answer & Explanation

The correct answer is A: show crypto ikev2 sa. FlexVPN uses IKEv2 as its control plane, so IKEv2-specific show commands are required to diagnose connectivity failures between spokes and the hub.

Question

Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

Options

  • Ashow crypto ikev2 sa
  • Bshow crypto isakmp sa
  • Cshow crypto vpn
  • Dshow crypto identity

Explanation

FlexVPN uses IKEv2 as its control plane, so IKEv2-specific show commands are required to diagnose connectivity failures between spokes and the hub.

Common mistakes.

  • B. 'show crypto isakmp sa' is used for IKEv1/ISAKMP-based VPNs such as classic DMVPN, not for FlexVPN which exclusively uses IKEv2.
  • C. 'show crypto vpn' is not a valid Cisco IOS command and will not return any meaningful output for troubleshooting.
  • D. 'show crypto identity' displays IKEv2 identity profiles and is not used to verify SA state or diagnose spoke-to-hub connectivity failures.

Concept tested. FlexVPN IKEv2 SA troubleshooting commands

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ikevpn/configuration/xe-16/sec-ike-for-ipsec-vpns-xe-16-book/sec-cfg-ikev2-flex.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice