After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem?
A.
Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map
B.
Change the remote traffic selector on the remote ASA to 192.168.22.0/24
C.
Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers
D.
Change the local traffic selector on the headquarter ASA to 0.0.0.0/0
E.
Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0
Suggested Answer:B🗳️
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24.
the answer is D, the question clearly states that all traffic must traverse the tunnel.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-209 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KamSon
5 years, 5 months ago