An engineer must edit the settings of a site-to-site IPsec VPN connection between an on-premises...

Cisco 300-440 Question Answer

An engineer must edit the settings of a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router and Amazon Web Services (AWS). IPsec must be configured to support multiple peers and failover after 120 seconds of idle time on the first entry of the crypto map named Cisco. Drag and drop the commands from the left onto the order on the right.

Explanation:

Step 1 = crypto map cisco 1 ipsec-isakmp Step 2 = set peer 192.168.10.1 default Step 3 = set peer 192.168.20.1 Step 4 = set security-association idle-time 120 default

The process of editing the settings of a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router and Amazon Web Services (AWS), and configuring IPsec to support multiple peers and failover after 120 seconds of idle time on the first entry of the crypto map named Cisco involves several steps123456.

crypto map cisco 1 ipsec-isakmp: This command is used to create a new entry in the crypto map named “cisco”. The “1” is the sequence number of the entry, and “ipsec-isakmp” specifies that the IPSec security associations (SAs) should be established using the Internet Key Exchange (IKE) protocol13.

set peer 192.168.10.1 default: This command is used to specify the IP address of the default peer for the crypto map entry. In this case, the default peer is at IP address 192.168.10.115.

set peer 192.168.20.1: This command is used to add an additional peer to the crypto map entry. In this case, the additional peer is at IP address 192.168.20.1. This allows the IPsec VPN to support multiple peers56.

set security-association idle-time 120 default: This command is used to set the idle time for the security association. If no traffic is detected over the VPN for the specified idle time (in this case, 120 seconds), the security association is deleted, and the VPN connection fails over to the next peer46.

References :=

Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router - Cisco

Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services - Cisco Community

Configuring Site to Site IPSec VPN Tunnel Between Cisco Routers

Configure Failover for IPSec Site-to-Site Tunnels with Backup ISP Links on FTD Managed by FMC - Cisco

Does Setting Multiple Peers in a Crypto Map Also Support Parallel IPSec Connections - Cisco Community

Multiple WAN Connections — IPsec in Multi-WAN Environments | pfSense Documentation

Multiple Set Peer for VPN Failover - Server Fault

300-440 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 60% Discount on All Products, Use Coupon: "8w52ceb345"

An engineer must configure an IPsec tunnel to the cloud VPN gateway.

Refer to the exhibit.

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

An engineer must edit the settings of a site-to-site IPsec VPN connection between an on-premises...

The Answer Is:

Explanation:

Quick Links