Exam 300-415 topic 1 question 46 discussion

vBond system system-ip 10.10.10.103 host-name vBond site-id 1 clock timezone Europe/London vBond 150.5.1.3 organization-name Cisco.com ! Vpn 0 Interface ge0/0 ip address 150.5.1.3/28 no shut tunnel-interface encapsulation ipsec allow-servide all ip route 0.0.0.0/0 150.5.1.14 ! commit

This question is missing information in the exhibit

B is the correct answer, It is not necessary to define encapsulation in vManage and vSmart, only in vBond

Answer is B

B is the correct answer

100pc B. Cannot be D: ipsec tunnels do not terminate on vSmart/vBond.

Where is the vBond config in the exhibit?

B is correct

It's definetly B

Answer is B vManage and vSmart do not use IPsec encapsulation, only vBond and SD-WAN Routers do.

The given Answer is correct. People are being confused between setting up controlers and Edge routers. Tunnel Interface TYPE (Encapsulation IPSEC /(color in SCR) must be configured on the WAN edge router. On Vbond, Tunne interface is enabled by default. Configuring vBond Transport Interface Settings vBond VPN 0 ge0/0 interface: The VPN 0 interface is preconfigured for WAN transport (DHCP/IPsec). The tunnel interface configuration settings lock down the interface and also prevent incoming NETCONF and SCP/SSH connection. vManage establishes NETCONF and SCP connections with vBond over VPN 0. Recommendation: disable the tunnel-interface configuration while performing controller integration. Alternative: temporarily allow the NETCONF and sshd service

Answer: B is correct! A is WRONG , On page 27 it says you have to specify encapsulation ipsec on the tunnel interface of the vBond (and only for the vBond, neither for the vSmarts nor for the vManage) https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/LTRRST-2734-LG.pdf D is WRONG Vmanage use DTLS/TLS TUNNELS in the real vmanage devico no show ipsec PSEC tunnel is used to send out the data traffic between the vEdges/cEdges and as most of you already knew about the how secure is IPSEC tunnel. The parameters used in IPSEC tunnel is generally are Authentication and encryption Rekeying interval Replay window

Answer: D makes sence I believe Nean posted the missing piece of the exhibit. "Tunnel interfaces on vEdge routers must have an IP address, a color, and an encapsulation type:" The vManage and vSmart configurations are missing the encapsulation type. D. Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/SD-WAN_Release_16.2/02System_and_Interfaces/06Configuring_Network_Interfaces

agree with wolf

B without the vBond 150.5.1.3 LOCAL, the vBond would not act as a vBond "Note: vBond is actually the same image as a vEdge. We convert the personality by initiating the “vBond {ip-address} local” command."

i will stick with b.

Answer: D I believe Nean posted the missing piece of the exhibit. "Tunnel interfaces on vEdge routers must have an IP address, a color, and an encapsulation type:" The vManage and vSmart configurations are missing the encapsulation type. D. Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/SD-WAN_Release_16.2/02System_and_Interfaces/06Configuring_Network_Interfaces