Exam 300-730 topic 1 question 32 discussion

should be C A show crypto isakmp sa command shows the ISAKMP SA to be inMM_NO_STATE. This also means that main mode has failed. dst src state conn-id slot 10.1.1.2 10.1.1.1 MM_NO_STATE 1 0 Verify that the phase 1 policy is on both peers, and ensure that all the attributes match. https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#toc-hId--70669866

Answer is C. ISAKMP packets would be dropped if it were the case, not ESP packets.

phase 1 failed so non matching. human error is always first asumption

"C" is the correct answer here.

policy not matching e.g authentication key....go for C

B- is also correct , this should be the first assumption if no other details were given C- is also correct , but this should be the 2nd assumption ?

C is correct

Phase 1 failed

C is the one logical MM is for main mode

ISAKMP SA has been created but not built. https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/

correct answer is C

Correct answer is C

Correct answer is C https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html

like Slysloth wrote C should be right

correct answer is C

C is the correct answer, it is due to policy mismatch for phase 1

Could also be a mismatch on both sides as stated in this troubleshooting guide. https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html Though it is mentioned that its DMVPN so that could be why esp is being dropped but that should only be if protection is on.