ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 210-260 All Questions

View all questions & answers for the 210-260 exam
Go to Exam

Exam 210-260 topic 1 question 96 discussion

Actual exam question from Cisco's 210-260
Question #: 96
Topic #: 1
[All 210-260 Questions]

Which command verifies phase 1 of an IPsec VPN on a Cisco router?

  • A. show crypto map
  • B. show crypto ipsec sa
  • C. show crypto isakmp sa
  • D. show crypto engine connection active
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
When a problem exist with the connectivity, even phase 1 of VPN does not come up. On the ASA, if connectivity fails, the SA output is similar to this example, which indicates possibly an incorrect crypto peer configuration and/or incorrect ISAKMP proposal configuration:

Router#show crypto isakmp sa -
1 IKE Peer: XX.XX.XX.XX
Type : L2L Role : initiator
Rekey : no State : MM_WAIT_MSG2
Reference:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html
by thanhtq00104 at April 3, 2025, 1:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel