U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Versa Networks VNX301 Exam - Topic 3 Question 6 Discussion

A branch device has completed Stage 3 onboarding. Which set of tunnels or sessions should exist after the device becomes fully operational in the customer SD-WAN network?
A) IKE and IPsec sessions between the branch and Controller, and VXLAN and ESP sessions between branches
B) Only an HTTPS session between the branch and Director
C) Only a BGP session between the branch and Analytics
D) GRE-only tunnels between all branches without IPsec

Versa Networks VNX301 Exam - Topic 3 Question 6 Discussion

Actual exam question for Versa Networks's VNX301 exam
Question #: 6
Topic #: 3
[All VNX301 Questions]

A branch device has completed Stage 3 onboarding. Which set of tunnels or sessions should exist after the device becomes fully operational in the customer SD-WAN network?

Show Suggested Answer Hide Answer
Suggested Answer: A

The correct answer is A. In Versa Secure SD-WAN onboarding, the branch moves through three staging phases before becoming fully operational. Versa documentation states that in Stage 3, Versa Director pushes the stage-three configuration to the branch device over the IKE session and reboots the branch. After this stage, the branch becomes fully operational and is part of the customer SD-WAN network. At this point, IKE and IPsec sessions are created between the branch and Controller, and VXLAN and ESP sessions are created between branch to branch.

This distinction is important because the Controller connection is used for SD-WAN control-plane functions, while branch-to-branch overlay communication uses tunnel encapsulation for data forwarding. The documentation also notes that branch-to-branch ESP is maintained using a lightweight DH key-pair proprietary protocol.

Options B, C, and D are incorrect. HTTPS to Director alone does not represent the complete SD-WAN operational tunnel state. BGP to Analytics is not the required operational tunnel set. GRE-only tunnels without IPsec do not match the Versa Stage 3 SD-WAN tunnel behavior described in the staging documentation.


Contribute your Thoughts:

0/2000 characters
I remember practicing a similar question, and I think it emphasized the importance of IPsec for secure communication, which makes me lean towards A as well.
upvoted 0 times
...
Carolynn
2 months ago
I think the answer might be A, but I’m not entirely sure about the specifics of the sessions involved.
upvoted 0 times
...

Save Cancel