Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-730 Topic 9 Question 97 Discussion

Actual exam question for Cisco's 300-730 exam
Question #: 97
Topic #: 9
[All 300-730 Questions]

A network administrator is troubleshooting a FlexVPN tunnel. The hub router is unable to ping the spoke router's tunnel interface IP address of 192.168.1.2, even though the tunnel is showing up. The output of the debug ip packet CLI command on the hub router shows the following entry.

IP: tableid=0123456789 s=192.168.1.1 (local), d=192.168.1.2 (loopback2), routed via FIB.

What must be configured to fix this issue?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Brittani at Sep 18, 2024, 07:46 AM

Limited Time Offer

25%

Off

Get Premium 300-730 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Thora
2 months ago
This is a classic case of 'the router is pinging itself' syndrome. You just need to give it a good old-fashioned slap upside the head. Option D is the way to go!
upvoted 0 times
...
Malcom
2 months ago
Hold up, did you see that debug output? Clearly, the traffic is being routed via the FIB, so the issue must be with the crypto configuration. Option A is the answer!
upvoted 0 times
Lyda
1 months ago
Let's update the crypto keyring configuration with the correct pre-shared key to fix the issue.
upvoted 0 times
...
Xuan
1 months ago
We need to make sure the pre-shared key matches on both routers for the tunnel to work properly.
upvoted 0 times
...
Edna
1 months ago
I agree, the debug output shows the traffic is being routed via the FIB. Option A is the correct answer.
upvoted 0 times
...
...
Adaline
2 months ago
Hmm, this is a tricky one. I'm leaning towards Option C - the IKEv2 authorization policy on the spoke router to advertise the interface route.
upvoted 0 times
Gerardo
1 months ago
Let's try configuring the IKEv2 authorization policy on the spoke router and see if that resolves the problem.
upvoted 0 times
...
Mattie
1 months ago
I agree, that could be the issue. Maybe the hub router is not receiving the route properly.
upvoted 0 times
...
Jame
1 months ago
I think Option C makes sense. The spoke router needs to advertise the interface route.
upvoted 0 times
...
...
Sherill
2 months ago
I believe option B) An outbound ACL on the dynamic VTI of the hub router is also important to allow ICMP traffic.
upvoted 0 times
...
Effie
2 months ago
I think Option B is the way to go. An outbound ACL on the dynamic VTI to allow ICMP traffic should fix the problem.
upvoted 0 times
Haydee
1 months ago
Let's go ahead and configure the outbound ACL on the dynamic VTI and see if that resolves the issue.
upvoted 0 times
...
Noah
2 months ago
I think Option B takes priority in this situation. We should try that first.
upvoted 0 times
...
Gilma
2 months ago
But what about Option A? Wouldn't a matching IKEv2 pre-shared key also be necessary?
upvoted 0 times
...
Mitzie
2 months ago
I agree, Option B seems like the most logical choice.
upvoted 0 times
...
...
Raymon
3 months ago
I agree with Gerald, having a matching pre-shared key is essential for secure communication.
upvoted 0 times
...
Pearlene
3 months ago
The issue is definitely with the routing configuration. Option D seems like the correct solution to set the next hop for the 192.168.1.2 route to the dynamic VTI.
upvoted 0 times
Verdell
2 months ago
Exactly, that should ensure the traffic is properly routed to the spoke router's tunnel interface IP address.
upvoted 0 times
...
Rosina
2 months ago
So, configuring a route map on the hub router to set the next hop for 192.168.1.2 to the dynamic VTI should resolve the issue.
upvoted 0 times
...
Fatima
2 months ago
That makes sense, the debug output shows the packet being routed via FIB to 192.168.1.2.
upvoted 0 times
...
France
2 months ago
Option D seems like the correct solution to set the next hop for the 192.168.1.2 route to the dynamic VTI.
upvoted 0 times
...
...
Gerald
3 months ago
I think the answer is A) A matching IKEv2 pre-shared key on the hub and spoke routers.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77