nerdexam
Exams400-007Questions#64
Cisco

400-007 · Question #64

400-007 Question #64: Real Exam Question with Answer & Explanation

The correct answer is B: IS-IS. IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.

Question

A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites. The review is specially focused on their retail store operations consisting of 500+ locations connected via mutlipoint IPsec VPN solution. Which routing protocol would be valid but would also be the most restrictive for the expansion of this deployment model?

Options

  • AEIGRP
  • BIS-IS
  • COSPF
  • DBGP

Explanation

IS-IS is the most restrictive routing protocol for a multipoint IPsec VPN deployment because it cannot run natively over tunnel interfaces, limiting scalability to 500+ sites.

Common mistakes.

  • A. EIGRP is fully supported over DMVPN and multipoint IPsec tunnel interfaces and scales well with spoke-to-hub deployments using split-horizon tuning.
  • C. OSPF supports multiple network types including point-to-multipoint, which maps directly to hub-and-spoke IPsec VPN topologies, making it a common and valid choice.
  • D. BGP is the most scalable option for large-scale VPN deployments and is natively used in many MPLS and IPsec overlay designs with no tunnel interface restrictions.

Concept tested. Routing protocol suitability over IPsec tunnel interfaces

Reference. https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13677-is-is-ospf-eigrp.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 400-007 Practice