Prior to establishing full-mesh IPsec tunnels in a typical Cisco SD-WAN deployment, which mechanism do WAN Edge routers use to exchange key information for data plane encryption?
A.
They use vSmart controllers as key exchange servers.
B.
They use IKEv2 when exchanging keys with each other.
The vSmart controller, which is the centralized brain of the Cisco SD-WAN solution, establishes and maintains DTLS or TLS connections to all Cisco SD-WAN devices in the overlay network: to the routers, the vBond orchestrators, to Cisco vManage, and to other vSmart controllers.
A is correct. The link below touches on vSmart and then goes on to say that IKEv2 is not scalable for SD-WAN.
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.html#:~:text=In%20the%20traditional%20key%20exchange,and%20a%20P%2D384%20curve.
This section is not available anymore. Please use the main Exam Page.300-420 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
neiker45
10 months agoLungful
1 year, 2 months agobccabrera
1 year, 5 months ago