Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 137

A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)

Answer options

• A. Enable dead peer detection for both tunnels.
• B. Use the same shared IPsec profile for both tunnels.
• C. Configure the same NHRP network IDs for both tunnels.
• D. Specify the tunnel destination in each tunnel.
• E. Assign a unique tunnel key to each tunnel.

Correct answer: B, E

Explanation

Using the same shared IPsec profile for both tunnels ensures that both tunnels have a consistent security configuration, which can resolve conflicts. Assigning a unique tunnel key to each tunnel distinguishes the tunnels effectively, preventing any cross-communication issues between them. The other options do not directly address the root cause of the problem or may complicate the configuration further.