350-701 · Question #292
350-701 Question #292: Real Exam Question with Answer & Explanation
The correct answer is C: FlexVPN because it uses multiple SAs and DMVPN does not.. The IKEv2 Multi-SA feature allows an IKEv2 Dynamic Virtual Tunnel Interface (DVTI) session on the IKEv2 responder to support multiple IPsec Security Associations (SA). The maximum number of IPsec SAs per DVTI session is either obtained from AAA authorization or configured on the
Question
A network engineer needs to select a VPN type that provides the most stringent security, multiple security associations for the connections, and efficient VPN establishment with the least bandwidth consumption. Why should the engineer select either FlexVPN or DMVPN for this environment?
Options
- ADMVPN because it supports lKEv2 and FlexVPN does not.
- BFlexVPN because it supports IKEv2 and DMVPN does not.
- CFlexVPN because it uses multiple SAs and DMVPN does not.
- DDMVPN because it uses multiple SAs and FlexVPN does not.
Explanation
The IKEv2 Multi-SA feature allows an IKEv2 Dynamic Virtual Tunnel Interface (DVTI) session on the IKEv2 responder to support multiple IPsec Security Associations (SA). The maximum number of IPsec SAs per DVTI session is either obtained from AAA authorization or configured on the IPsec profile. The value from AAA has a higher priority. Any change to the max-flow-limit argument in the IPsec profile is not applied to the current session but is applied to subsequent sessions. The IKEv2 Multi-SA feature makes the configuration of the IKEv2 profile in the IPsec profile optional. This optional configuration allows IPsec DVTI sessions using the same virtual template to have different IKEv2 profiles, thus saving the number of virtual template The IKEv2 Multi-SA feature allows multiple IPsec SAs that have non-any-any proxies. However, when the IPsec SA proxies are any-any, a single IPsec SA is allowed.
Topics
Community Discussion
No community discussion yet for this question.