IPsec process is complete so that rules out all crypto vpn related commands. You need to look at NHRP next. Which commands are left that produce nhrp outputs? D and E
Therefore, options C and D are the correct answers: show crypto ipsec sa and show ip nhrp traffic. Option A, show crypto isakmp sa, displays the status of the ISAKMP security associations, which are used to establish the IPsec SA. Option B, show ip traffic, displays traffic statistics for various protocols, but does not provide specific information about IPsec or NHRP traffic. Option E, show dmvpn detail, provides detailed information about the DM VPN configuration, including the status of the IPsec and NHRP components, but is not as specific as the other two commands in identifying the cause of the NHRP registration issue.
Answer correct is DE
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-per-tunnel-qos.html
basically you need the show crypto isakmp sa to see the decaps and decrypt packets :
#pkts encaps: 154, #pkts encrypt: 154, #pkts digest: 154
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
This one right here, straight from the horse's mouth. Here's the link straight to the relevant section:
https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html#verifynhrpreg
your link shows that correct answer is C and D
Router#show crypto IPSEC sa
local ident (addr/mask/prot/port): (172.16.1.1/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (172.17.0.1/255.255.255.255/47/0)
#pkts encaps: 154, #pkts encrypt: 154, #pkts digest: 154
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
inbound esp sas:
spi: 0xF830FC95(4163959957)
outbound esp sas:
spi: 0xD65A7865(3596253285)
!--- !--- Output is truncated !---
It shows that return traffic does not come back from the other end of the tunnel.
Check NHS entry in the spoke router:
Router#show ip nhrp nhs detail
Legend: E=Expecting replies, R=Responding
Tunnel0: 172.17.0.1 E req-sent 0 req-failed 30 repl-recv 0
Pending Registration Requests:
Registration Request: Reqid 4371, Ret 64 NHS 172.17.0.1
Correct Answer: D,E
Explanation:
Ipsec tunnel is up so we don’t need to troubleshoot that (so we don’t need option A and C here)
Option B (show ip traffic) is totally unrelated here.
This leave us with D and E which are indeed both helping us to troubleshoot DMVPN NHRP
registration process.
This section is not available anymore. Please use the main Exam Page.300-730 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
YourFriendlyNeighborhoodSpider
Highly Voted 2 years, 9 months agobrian7857ffs45
Highly Voted 1 year, 9 months agopfrank
Most Recent 9 months, 1 week agokylesam2017
10 months, 4 weeks agoRosh8787
11 months, 1 week agoJKPippers
1 year agomihaid
1 year, 4 months agomihaid
1 year, 3 months agompls_link
1 year, 7 months agompls_link
1 year, 6 months agoNet4dd
1 year, 9 months agored_sparrow_Gr
1 year, 9 months agojohnd47
1 year, 11 months agonetizen937
1 year, 8 months agostarletka
10 months, 2 weeks agoScaX
2 years agospambox730
1 year, 4 months agoCarlj007
2 years, 11 months agoCarlj007
2 years, 11 months agoabd123
3 years, 2 months ago