300-730 · Question #58
300-730 Question #58: Real Exam Question with Answer & Explanation
The correct answer is C: UDP 4500 traffic from the peer does not reach the router.. UDP port 4500 is used for IKE NAT Traversal (NAT-T), which encapsulates IKE and ESP traffic when NAT is detected between VPN peers. When the debug output shows IKE Phase 1 or Phase 2 negotiation attempts being sent but receiving no response, it indicates the router is not receivi
Question
Options
- AAn authentication failure occurs on the remote peer.
- BA certificate fragmentation issue occurs between both sides.
- CUDP 4500 traffic from the peer does not reach the router.
- DAn authentication failure occurs on the router.
Explanation
UDP port 4500 is used for IKE NAT Traversal (NAT-T), which encapsulates IKE and ESP traffic when NAT is detected between VPN peers. When the debug output shows IKE Phase 1 or Phase 2 negotiation attempts being sent but receiving no response, it indicates the router is not receiving return UDP 4500 packets from the remote peer. This is a connectivity or firewall/ACL issue - not an authentication or certificate problem - because the negotiation never progresses far enough to fail on credentials. Options A and D (authentication failures) would show explicit HASH or AUTH payload rejection messages. Option B (certificate fragmentation) would appear only in certificate-based PKI setups with specific fragmentation error messages. The absence of any inbound IKE response on UDP 4500 points to a network reachability or filtering problem dropping those packets before they arrive.
Community Discussion
No community discussion yet for this question.