An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this failure occur?
A. The ISAKMP policy priority values are invalid.
B. ESP traffic is being dropped.
C. The Phase 1 policy does not match on both devices.
D. Tunnel protection is not applied to the DMVPN tunnel.
The right answer is C
I think : C ) is the right answer .. any other opinion plz.
I think so, too. Here is an extract from Cisco documentation:
Verify for incompatible ISAKMP policy
If the configured ISAKMP policies do not match the proposed policy by the remote peer, the router tries the default policy of 65535. If that does not match either, it fails the ISAKMP negotiation.
The show crypto isakmp sa command shows the ISAKMP SA to be in MM_NO_STATE, meaning the main-mode failed.