Home » Cisco » 210-260 v.2 » What does the given output show?
Refer to the exhibit.
While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?
A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5.
B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1.
C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5.
D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets.
Correct Answer: A
Explanation/Reference:
Once the secure tunnel from phase 1 has been established, we will start phase 2. In this phase the two firewalls will negotiate about the IPsec security parameters that will be used to protect the traffic within the tunnel. In short, this is what happens in phase 2:
Negotiate IPsec security parameters through the secure tunnel from phase 1.
Establish IPsec security associations.
Periodically renegotiates IPsec security associations for security.
Reference: https://networklessons.com/security/cisco-asa-site-site-ikev1-ipsec-vpn/