On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?
In a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, the hub needs the capability to efficiently manage multiple connections from spokes. This requires the use of a virtual template interface. The 'interface virtual-template' command is utilized for creating and managing these interfaces, enabling the hub to terminate multiple FlexVPN tunnels. This is important for managing a large number of spokes efficiently and dynamically, which is the core requirement in such a topology.
A: has no sense B: spoke to spoke is not allowed and this command is used for spoke to spoke c: makes no sense D: most right answer as this command is needed on the hub for hub and spoke communication.
I think D is right. Because Spoke-to-Spoke traffic is not allowed and wanted, therefore redirect is not needed. But FlexVPN uses Virtual Templates to create Virtual Access interfaces for each connected Spoke.
D. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-mt/sec-flex-vpn-15-mt-book/sec-flex-spoke.html?bookSearch=true
B - need too
"On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub"
the question stated that spoke-to-spoke traffic is not needed
vote for b
Can you explain it please?
Tricky question hub: interface Virtual-Template1 type tunnel ip unnumbered Loopback0 ip nhrp network-id 1 ip nhrp redirect tunnel protection ipsec profile default ! spoke: ! interface Virtual-Template1 type tunnel ip unnumbered Tunnel0 ip nhrp network-id 1 ip nhrp shortcut virtual-template 1 ip nhrp redirect tunnel protection ipsec profile default ! Unsure why the spoke has the redirect as well.
here we go again....exam topic showing B which is totally a wrong answer...D is the one for this qstn...why dont the admin update this unless its meant to create confusion...make wonder if this a valid database of exam qstns