Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 514

A network engineer configures a site-to-site VPN with a colleague. During testing, the engineer discovers that only phase 1 is up, and application traffic cannot pass. Which configuration parameter must be checked on each device?

Answer options

• A. hash algorithm
• B. peer IP address
• C. encryption domain
• D. preshared key

Correct answer: C

Explanation

The encryption domain defines which IP addresses are allowed to communicate over the VPN. If phase 1 is established but traffic is not flowing, it's likely that the encryption domains are not correctly configured to match on both ends. The other options, while important, would not directly affect the ability to pass traffic once phase 1 is up.