nerdexam
Exams300-730Questions#67
Cisco

300-730 · Question #67

300-730 Question #67: Real Exam Question with Answer & Explanation

The correct answer is C: HSRP. IPsec stateless failover requires HSRP to maintain a shared virtual IP address so that when the active peer fails, the standby peer takes ownership of that IP and clients can reconnect without reconfiguration.

Question

Which redundancy protocol must be implemented for IPsec stateless failover to work?

Options

  • ASSO
  • BGLBP
  • CHSRP
  • DVRRP

Explanation

IPsec stateless failover requires HSRP to maintain a shared virtual IP address so that when the active peer fails, the standby peer takes ownership of that IP and clients can reconnect without reconfiguration.

Common mistakes.

  • A. SSO (Stateful Switchover) is the underlying mechanism used for stateful failover where IKE and IPsec session state is replicated to the standby, not the redundancy protocol required for stateless failover.
  • B. GLBP distributes traffic across multiple active gateways using different virtual MAC addresses per member, which breaks the single-active model that IPsec stateless failover depends on for deterministic peer takeover.
  • D. VRRP is an open-standard protocol that functions similarly to HSRP, but Cisco's IPsec stateless failover feature is specifically integrated with HSRP on Cisco IOS and ASA platforms rather than VRRP.

Concept tested. IPsec stateless failover HSRP dependency

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/xe-16/sec-vpn-availability-xe-16-book/sec-ipsec-ha-hsrp.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice