Home » Cisco » 300-209 » Which one of the following is correct?
Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?
A. An access-list must be configured on the outside interface to permit inbound VPN traffic
B. A route to 192.168.22.0/24 will not be automatically installed in the routing table
C. The ASA will use a window of 128 packets (64×2) to perform the anti-replay check _
D. The tunnel can also be established on TCP port 10000
Correct Answer: C
Explanation/Reference:
Explanation:
Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.
Default window size is 64. If you see 128 than B is the correct answer. I recalling seeing 128 last time I renew my cert. This setting is on the Crypto Maps screen at the bottom.
Cisco do make slight changes to the questions to catch folks that are just memorizing questions and answers.
Good Luck!
I would say B.
Because it is crypto VPN which is driven by crypto ACL, so traffic will go outside interface where should be default route and will hit crypto ACL and send traffic to the VPN tunnel.