Q: 6
[Network Security]
Refer to the exhibit.
A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and
hosts are unable to communicate between two sites of VPN. The network administrator runs the
debug crypto isakmp sa command to track VPN status. What is the problem according to this
command output?
A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and
hosts are unable to communicate between two sites of VPN. The network administrator runs the
debug crypto isakmp sa command to track VPN status. What is the problem according to this
command output?Options
Discussion
Option C I don't think it's D, that's a common trap on site-to-site VPNs but the debug would show nothing if traffic wasn't interesting. Here it's showing failed ISAKMP exchange, which points to an auth key mismatch.
C imo. Debug output for ISAKMP failing after retransmits usually points to an authentication key mismatch. If the keys aren't the same on both routers, phase 1 can't finish. Seen it in labs and mentioned in the official guide as a main cause.
Yeah, pretty sure it's C here. If the ISAKMP debug shows phase 1 retries and failures, that's usually an authentication key mismatch between peers. I’ve hit this in practice. Anyone see B trigger the same exact output?
Not sure B fits here, repeated phase 1 failures with ISAKMP debug usually mean C.
Be respectful. No spam.
