Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 468

A network administrator is setting up a site-to-site VPN from a Cisco FTD to a cloud environment. After the administrator configures the VPN on both sides, they still cannot reach the cloud environment. Which command must the administrator run on the FTD to verify that the VPN is encrypting traffic in both directions?

Answer options

• A. show crypto ipsec sa
• B. show crypto ipsec stats
• C. show vpn-sessiondb detail l2l
• D. show crypto isakmp sa

Correct answer: A

Explanation

The command 'show crypto ipsec sa' is the correct choice as it displays the status of the IPsec Security Associations, confirming whether traffic is being encrypted in both directions. The other options provide information on different aspects of the VPN, but do not specifically verify the encryption status of the traffic.