Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 153

An engineer is implementing a failover solution for a FlexVPN client site where ESP traffic to the primary FlexVPN server is blocked intermittently after tunnel establishment. This issue causes users at the branch site to lose access to the corporate network. The solution must quickly establish a tunnel and send traffic to the secondary FlexVPN server only during a failover event. Which action must the engineer take to implement this solution?

Answer options

• A. Create one tunnel with peer statements to each server and use Dead Peer Detection to track the status or the primary server.
• B. Create two tunnels for each FlexVPN server and use the tunnel keepalive command to track the status of each FlexVPN server.
• C. Create one tunnel with peer statements to each server and use object tracking to track the status of the primary server.
• D. Create two tunnels for each FlexVPN server and use a dynamic routing protocol to track the status or each FlexVPN server.

Correct answer: C

Explanation

The correct answer is C because it allows for a single tunnel configuration that can dynamically check the status of the primary server using object tracking, enabling a quick failover to the secondary server. Option A does not use object tracking, option B creates unnecessary complexity with two tunnels, and option D involves a dynamic routing protocol which is not needed for this scenario.