Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 167

An engineer must force a new IKEv2 security association to be built when using FlexVPN. Which two commands must the engineer apply to meet the requirement? (Choose two.)

Answer options

• A. clear flexvpn sessions
• B. clear ipsec sa
• C. clear isakmp crypto sa
• D. shut the tunnel interface
• E. no shut the tunnel interface

Correct answer: D, E

Explanation

The commands 'shut the tunnel interface' and 'no shut the tunnel interface' are used to disable and then re-enable the tunnel interface, respectively, which forces a new IKEv2 security association to be established. The other options, while related to VPN operations, do not achieve the same result of restarting the security association.