What is a potential cause for this issue?

An engineer has successfully established a phase 1 tunnel, but notices that no packets are decrypted on the head end side of the tunnel.
What is a potential cause for this issue?
A. different phase 2 encryption
B. misconfigured DH group
C. disabled PFS
D. firewall blocking Phase 2 ESP or AH

cisco-exams

One thought on “What is a potential cause for this issue?

  1. Phase 2 negotiation NEEDS to be completed to send encrypted traffic. If phase 2 would not complete you’d be seeing send errors on egress in IPsec SA counters.

    It’s D the correct answer.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.