Which statement regarding routing support for IPsec VPNs on Cisco Firepower NGFW is correct?BGP is supported for crypto map-based IPsec VPN.OSPF is supported for VTI-based IPsec VPN.EIGRP is supported for VTI-based IPsec VPN.RRI is supported for crypto map-based IPsec VPN.
Question
Which statement regarding routing support for IPsec VPNs on Cisco Firepower NGFW is correct?BGP is supported for crypto map-based IPsec VPN.OSPF is supported for VTI-based IPsec VPN.EIGRP is supported for VTI-based IPsec VPN.RRI is supported for crypto map-based IPsec VPN.
Solution
The correct statement regarding routing support for IPsec VPNs on Cisco Firepower NGFW is: OSPF is supported for VTI-based IPsec VPN.
Here's why:
-
BGP is not supported for crypto map-based IPsec VPN on Cisco Firepower NGFW. Crypto map-based IPsec VPNs do not support routing protocols.
-
OSPF is supported for VTI-based IPsec VPN on Cisco Firepower NGFW. Virtual Tunnel Interface (VTI) is a way to represent a VPN as a route-able interface. So, it can participate in routing protocols like OSPF.
-
EIGRP is not supported for VTI-based IPsec VPN on Cisco Firepower NGFW. EIGRP is a Cisco-proprietary routing protocol, and it's not supported for VTI-based IPsec VPN on Cisco Firepower NGFW.
-
Reverse Route Injection (RRI) is not supported for crypto map-based IPsec VPN on Cisco Firepower NGFW. RRI is a feature that allows VPN gateways to automatically inject routes for the remote network into the routing table. But it's not supported for crypto map-based IPsec VPN on Cisco Firepower NGFW.
Similar Questions
Which statement regarding routing support for IPsec VPNs on Cisco ASA appliance is correct?BGP is supported for crypto map-based IPsec VPN.OSPF is supported for VTI-based IPsec VPN.BGP is supported for VTI-based IPsec VPN.EIGRP is supported for VTI-based IPsec VPN.
Which option about IPsec VPNs on the Cisco FMC is correct?supports asymmetric authentication with IKEv2uses a concept of a VPN topology to configure all required IPsec components on managed devicesuses a concept of tunnel groups for VPN configurationuses the Cisco ASA appliance engine
You configured a site-to-site VPN on your Cisco Firepower NGFW, but the CLI output does not show any IKE SA being established. What would you do as the first troubleshooting step?Verify if IPsec proposal matches on both peers.Check if interesting traffic is reaching the crypto engine using Packet Capture.Check if interesting traffic is reaching the crypto engine using Packet Tracer.Check if interesting traffic is reaching the crypto engine by examining connection events.
Which characteristic applies to the Cisco AnyConnect VPN when processed by the Cisco Firepower NGFW?It provides direct and full access to VPN resources.The local user database can be used for authenticating users.Only TLS and DTLS technologies can be used.Cisco Firepower NGFW allows third-party VPN software to be used by the remote users.
Which Cisco VPN solution requires use of IKEv2?
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.