350-701 · Question #357
Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
The correct answer is A. The OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2. Configuring the IKEv2 Name Mangler Perform this task to specify the IKEv2 name mangler, which is used to derive a name for authorization requests and obtain AAA preshared keys. The name is derived from specified portions of different forms of remote IKE identities or the EAP iden
Question
Refer to the exhibit. An engineer is implementing a certificate based VPN. What is the result of the existing configuration?
Options
- AThe OU of the IKEv2 peer certificate is used as the identity when matching an IKEv2
- BOnly an IKEv2 peer that has an OU certificate attribute set to MANGLER establishes an IKEv2
- CThe OU of the IKEv2 peer certificate is encrypted when the OU is set to MANGLER
- DThe OU of the IKEv2 peer certificate is set to MANGLER
How the community answered
(26 responses)- A73% (19)
- B15% (4)
- C4% (1)
- D8% (2)
Explanation
Configuring the IKEv2 Name Mangler Perform this task to specify the IKEv2 name mangler, which is used to derive a name for authorization requests and obtain AAA preshared keys. The name is derived from specified portions of different forms of remote IKE identities or the EAP identity. configure terminal crypto ikev2 name-mangler mangler-name dn {common-name | country | domain | locality | organization | organization-unit | state} eap {all | dn {common-name | country | domain | locality | organization | organization-unit | state} | prefix | suffix {delimiter {. | @ | }}} email {all | domain | username} fqdn {all | domain | hostname} dn = Derives the name from any of the noted fields in the remote identity of type DN organization-unit flex-vpn-xe-16-10-book/sec-cfg-flex-serv.html=
Topics
Community Discussion
No community discussion yet for this question.