Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 147

A company is setting up a dynamic crypto map on the Cisco ASA at the headquarters to accept connections from the branch offices. There will be no IP subnet overlap between the branch offices, but the engineer does not know which encryption domains will be requested by the branch offices. Additionally, the company security policy states that routing protocol traffic should not leave the HQ network. Which solution should be used to route traffic back to the branches from the Cisco ASA with minimal administrative effort?

Answer options

• A. Configure Reverse Route Injection on the dynamic crypto map.
• B. Configure a default route with the tunneled keyword on all branch routers.
• C. Configure static routes for remote subnets.
• D. Configure snapshot routing with EIGRP to send out of band routing updates.

Correct answer: A

Explanation

The correct answer is A because Reverse Route Injection allows the ASA to automatically create routes for remote subnets learned through the dynamic crypto map, simplifying management. Options B and C require more manual configuration and do not align with the requirement of minimizing administrative effort, while D does not comply with the policy against routing protocol traffic leaving the HQ network.