Which control policy assigned to branches in the out direction establishes a strict hub-and-spoke topology for VPN2?
Which control policy assigned to branches in the out direction establishes a strict hub-and-spoke topology for VPN2?
The goal is to establish a strict hub-and-spoke topology for VPN2, ensuring that communication is allowed only between the hub and spokes, and disallowing direct communication between spokes. The correct control policy should match routes specifically within VPN2 and allow those routes only if they involve the hub sites. Any other routes should be rejected to ensure no direct spoke-to-spoke communication. Option A achieves this by allowing routes involving the hub sites and rejecting other routes within VPN2, thus enforcing the desired topology.
A = allow VPN 2 to hub, block all other VPN 2 traffic B = allow VPN 2 to hub, block all other traffic (including all other VPNs going anywhere) Only A is correct.
I feel like this whole thing is a guessing game...
It is my friend, as you can see there are basic questions and the answers are wrong and nobody correct them....
Why C and D are not right?
The answer is A. Compare to the example here: https://www.networkacademy.io/ccie-enterprise/sdwan/lab1-restricting-spoke-to-spoke-tunnels
Strict HnS topology for VPN2 - means no Spoke-to-Spoke communication even through Hub. We talk about VPN2 only, so "A" sounds like the right answer.
B seems to be corect