SVPN 300-730 Exam QuestionsBrowse all questions from this exam
Go to Exam

SVPN 300-730 Exam - Question 164

A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)

Show Answer
Correct Answer: DE

To resolve the issue of accessing corporate resources over both tunnels after the router was reconfigured to connect to an additional DMVPN hub, it is critical to ensure that each DMVPN cloud is distinguishable. By specifying the tunnel destination in each tunnel, you make sure that the router can correctly route the traffic to the respective hubs. Additionally, assigning a unique tunnel key to each tunnel is essential because it prevents conflicts between the tunnels, ensuring that the router treats each tunnel as a unique entity. This approach allows the router to manage and maintain accurate routing for both DMVPN clouds without affecting spoke-to-spoke traffic in either cloud.

Discussion

10 comments
Sign in to comment
kylesam2017
Dec 26, 2023

"D and E" are the correct answer selections here: To resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud when connecting to an additional DMVPN hub that is part of a different DMVPN phase 3 cloud, the recommended action is: Specify the tunnel destination in each tunnel and assign a unique tunnel key to each tunnel. This approach ensures that each DMVPN tunnel has a unique tunnel destination and a unique tunnel key, preventing conflicts between the two DMVPN clouds. It allows the router to distinguish between the two tunnels and correctly route traffic to the respective hubs. Using the same shared IPsec profile for both tunnels and specifying the tunnel destination in each tunnel might not be sufficient to prevent conflicts in this scenario. Assigning unique tunnel keys is crucial to maintaining the separation of the tunnels. Therefore, the correct option is to specify the tunnel destination in each tunnel and to assign a unique tunnel key to each tunnel.

jedi567890Options: BD
Mar 14, 2024

I'd bet for B & D. A is out of scope of the question B see https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html#toc-hId--66845686 C is wrong, network ids must be different D is obvious and at least at first tunnel is correct as first cloud was up and running E see https://journey2theccie.wordpress.com/2020/04/24/dmvpn-dual-hub-dual-cloud/

jedi567890
Mar 14, 2024

Sorry, B & E are correct =)

ms997
May 26, 2024

D&E is the correct answer, kylesam2017 is correct.

gojo2207Options: CD
Jan 29, 2024

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/ip-multicast/b-ip-multicast/m-6vpe-6pe-mpls-over-dmvpn-phase2.html?dtid=osscdc000283#spoke_node_p_node_mpls_dmvpn

iratus_umbraOptions: DE
Nov 25, 2024

D. Specify the tunnel destination in each tunnel: When multiple DMVPN tunnels terminate on the same physical interface, the router may encounter ambiguity in determining which tunnel to use unless the tunnel destinations are explicitly specified. By configuring the tunnel destination explicitly, the router ensures traffic is directed to the correct DMVPN cloud. E. Assign a unique tunnel key to each tunnel: The tunnel key is used to differentiate between multiple GRE tunnels terminating on the same interface. Assigning a unique tunnel key ensures that the router can correctly identify and separate traffic for each DMVPN cloud. This prevents conflicts and misrouting between the tunnels.

mlv_2023Options: BD
Nov 3, 2023

B and D are the correct answers

gondohwe
Nov 14, 2023

kindly explain

aksh9901Options: BE
Dec 23, 2024

D is wrong as DMVPN Phase 3 typically uses tunnel mode gre multipoint on spokes (and on hubs). In an mGRE configuration, you do not specify tunnel destination—you specify tunnel source and let NHRP handle mapping. Manually configuring tunnel destination is usually done for point‑to‑point GRE tunnels, not DMVPN mGRE. Doing so would break the “multipoint” nature of the interface and spoke‑to‑spoke shortcuts.

KRB_20Options: BE
Jan 9, 2025

BE B: A shared IPsec profile can be used to spin up new tunnels as this merely defines the encryption algorithms, authentication method, and key exchange protocols that will be used to build/negotiate the tunnel. E: Optional command that must be have the same value for all routers in a DMVPN setup. However, if you terminate multiple tunnels on the same physical interface, the key is used to differentiate the tunnels.

AhmadpbiOptions: DE
Mar 22, 2025

The correct answers are: D. Specify the tunnel destination in each tunnel. Each DMVPN tunnel should have a clearly defined destination to avoid confusion in routing and ensure that traffic is sent to the correct hub. E. Assign a unique tunnel key to each tunnel. A unique tunnel key is necessary to differentiate between the two DMVPN instances on the same router. This prevents overlapping NHRP registrations and helps the router properly distinguish between the tunnels.

fukumoto0925Options: BE
Apr 9, 2025

As others have pointed out in this forum correctly and Cisco docs show, for a DMVPN Phase 3 Cloud we will NOT configure the tunnel destination since it will be taken from the NHRP, so it is not cesessary https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-3s/sec-conn-dmvpn-xe-3s-book/sec-conn-dmvpn-share-ipsec-w-tun-protect.html