Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 300-440 Topic 3 Question 6 Discussion

Actual exam question for Cisco's 300-440 exam
Question #: 6
Topic #: 3
[All 300-440 Questions]

Refer to the exhibit.

While troubleshooting an IPsec connection between a Cisco WAN edge router and an Amazon Web Services (AWS) endpoint, a network engineer observes that the security association status is active, but no traffic flows between the devices What is the problem?

Show Suggested Answer Hide Answer
Suggested Answer: B

An identity mismatch occurs when the local and remote identities configured on the IPsec peers do not match. This can prevent the establishment of an IPsec tunnel or cause traffic to be dropped by the IPsec policy. In this case, the network engineer should verify that the local and remote identities configured on the Cisco WAN edge router and the AWS endpoint match the values expected by each peer. The identities can be an IP address, a fully qualified domain name (FQDN), or a distinguished name (DN). The identities are exchanged during the IKE phase 1 negotiation and are used to authenticate the peers. If the identities do not match, the peers will reject the IKE proposal and the IPsec tunnel will not be established or will be torn down.Reference:=

Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services, Topic: Troubleshooting

Designing and Implementing Cloud Connectivity (ENCC) v1.0, Module 3: Implementing Cloud Connectivity, Lesson 2: Implementing Cisco SD-WAN Cloud OnRamp for IaaS, Topic: Troubleshooting Cisco SD-WAN Cloud OnRamp for IaaS

Cisco IOS Security Configuration Guide, Release 15M&T, Chapter: Configuring IPsec Network Security, Topic: Configuring IPsec Identity and Peer Addressing


by Latrice at Mar 08, 2024, 05:00 PM

Limited Time Offer

25%

Off

Get Premium 300-440 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Georgeanna
3 days ago
Hmm, the identity mismatch idea sounds plausible too. Maybe the devices are not properly identifying each other, even though the security association is up. I guess we'll have to carefully consider all the options here.
upvoted 0 times
...
Jesusita
4 days ago
Personally, I'm leaning towards the wrong encryption option. If the encryption settings are not properly configured, that could definitely cause the connection to be active but not passing any traffic.
upvoted 0 times
...
Lasandra
5 days ago
I agree, Shawnta. It's a bit puzzling. My initial thought is that it could be an identity mismatch, but I'm not entirely certain. What do you guys think?
upvoted 0 times
...
Shawnta
6 days ago
Hmm, this question seems tricky. I'm not sure if I fully understand the issue here. The fact that the security association is active but no traffic is flowing seems like a bit of a paradox.
upvoted 0 times
...

Save Cancel