Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 19

While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?

Answer options

• A. Verify that the ISAKMP proposals match.
• B. Ensure that UDP 500 is not being blocked between the devices.
• C. Correct the peer's IP address on the crypto map.
• D. Confirm that the pre-shared keys match on both devices.

Correct answer: D

Explanation

The correct answer is D because if the pre-shared keys do not match, the ISAKMP negotiation will fail, resulting in the MM_KEY_EXCH state. The other options, while important for ISAKMP troubleshooting, do not directly address the issue of mismatched pre-shared keys, which is crucial for establishing a secure tunnel.