Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 71

A network engineer is configuring a server. The router will terminate encrypted VPN connections on g0/0, which is in the VRF "Internet". The clear-text traffic that must be encrypted before being sent out traverses g0/1, which is in the VRF "Internal". Which two VRF-specific configurations allow VPN traffic to traverse the VRF-aware interfaces? (Choose two.)

Answer options

• A. Under the IKEv2 profile, add the ivrf Internal command.
• B. Under the virtual-template interface, add the ip vrf forwarding Internet command.
• C. Under the IKEv2 profile, add the match fvrf Internal command.
• D. Under the IKEv2 profile, add the match fvrf Internet command.
• E. Under the virtual-template interface, add the tunnel vrf Internet command.

Correct answer: D, E

Explanation

The correct answers are D and E because they correctly configure the IKEv2 profile and the virtual-template interface to associate the VPN traffic with the appropriate VRF for routing. Options A and C do not accurately link the VPN traffic to the correct VRF, and option B does not facilitate the necessary VPN processing on the g0/1 interface.