PrepAway - Latest Free Exam Questions & Answers

Which command verifies phase 1 of an IPsec VPN on a Cis…

Which command verifies phase 1 of an IPsec VPN on a Cisco router?

PrepAway - Latest Free Exam Questions & Answers

A.
show crypto map

B.
show crypto ipsec sa

C.
show crypto isakmp sa

D.
show crypto engine connection active

Explanation:
Brad
Answer- C
Confidence level: 100%
Remember: Commands using the term “isakmp” refer to IKE phase 1. Commands using “ipsec” refer to phase
2.
BD
A show crypto isakmp sa command shows the ISAKMP SA to be in MM_NO_STATE. This also means that
main mode has failed.
dst src state conn-id slot
10.1.1.2 10.1.1.1 MM_NO_STATE 1 0
Verify that the phase 1 policy is on both peers, and ensure that all the attributes match.
Source: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#isakmp_sa


Leave a Reply