ENARSI Exam QuestionsBrowse all questions from this exam
Go to Exam

ENARSI Exam - Question 100

Exam ENARSI Question 100Exam ENARSI Question 100

Refer to the exhibits.

Which configuration allows spoke-to-spoke communication using loopback as a tunnel source?

Show Answer
Correct Answer: D

For spoke-to-spoke communication using a loopback as a tunnel source in a Dynamic Multipoint Virtual Private Network (DMVPN), it is important that the configuration allows for dynamic discovery of the peers. The command 'crypto isakmp key cisco address 0.0.0.0' on the spokes would enable this dynamic peer discovery, as it allows the spoke devices to establish ISAKMP (Internet Security Association and Key Management Protocol) sessions with any peer, which is essential for dynamic spoke-to-spoke interactions. This configuration is necessary to facilitate the dynamic nature of the connections in a DMVPN setup and to ensure that the loopback addresses used for the tunnel sources can communicate properly.

Discussion

7 comments
Sign in to comment
studybuddy10
studybuddy10
Nov 10, 2021

Given answer is correct - D , the spokes dynamic tunnels with loopback sources are coming from 2.2.2.2 and 3.3.3.3 so only spokes with 0.0.0.0 would satisfy that.

Bruffas
Bruffas
Mar 5, 2022

I would assume that since we see the config on one spoke, that alternative A already is set on the HUB. In that case D is the only answer that makes sense.

HungarianDish_111
HungarianDish_111Option: D
Apr 28, 2023

for spoke-to-spoke we need to add this on the spokes too https://community.cisco.com/t5/vpn/isakmp-with-0-0-0-0-dmvpn/td-p/4312380

chris7890
chris7890
Nov 12, 2022

Is it possible that the command must be executed on the hub and on the spoke router? Configure ISAKMP on all devices: ... crypto isakmp key cisco address 0.0.0.0 https://ccieme.wordpress.com/2021/09/09/cisco-dynamic-multipoint-vpn/

FrankZane
FrankZane
Nov 7, 2021

I think A is correct https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd802b8f3c.html

[Removed]
[Removed]Option: D
Jul 18, 2024

D is correct

tubirubs
tubirubs
Aug 10, 2024

lol. In ENARSI Certification Official Book BY CISCO, not explain to configure IKEv1, ONLY IKEv2. Cisco Tell that IKEv1 is not considerated, because IKEv2 have more features for protection, for example, DPD and cookie challenger and max-sa....