Refer to the exhibit.
An engineer is troubleshooting this configuration. Why is the VPN tunnel not functioning?"
A. AES 256 can’t be used with IKEv1
B. IKEv1 is not enabled
C. The IKEv1 policy number should be at least 256
D. There should be route for the 10.8.8.0/24 network configured
B ikev1 need to be enabled by using the “crypto ikev1 enable outside” CLI
the answer is B your explanation is right but a correction in your choice its a B option on your explanation
C is correct.
The command you reference is to enable ikev1 for the “transform set” not interface.
The configuration is missing “crypto ikev1 enable outside”. If you don’t enable IKE on the interface the ASA will drop IKE traffic.
Also, “route outside 0.0.0.0 0.0.0.0 172.16.1.1” is the default and it will route the remote network out the outside interface. No need to add extra route statement.
Great!
So IKEv1 is not enabled on the outside interface.
the answer is B your explanation is right but a correction in your choice its a B option on your explanation
Seems that ikev1 is enabled at “crypto map cmap 10 set ikev1 transform-set AES256”.
IMHO there must be the following line:
route outside 10.8.8.0 255.255.255.0 172.17.11
I would go with D. Does anyone agree?