NSE 7 — Enterprise Firewall — Question 57
Which two configurations are mandatory for an auto-discovery VPN (ADVPN) implementation on a hub? (Choose two.)
Answer options
- A. The remote-ip must be on a different IP address from the overlay subnet.
- B. set net-device must be disabled to avoid dynamic interface creation.
- C. set add-route must be enabled to add routes.
- D. An overlay IP address with a mask of /32 must be assigned to the IPsec virtual interface.
Correct answer: B, D
Explanation
The correct configurations for ADVPN on a hub are to disable set net-device, which prevents the automatic creation of dynamic interfaces, and to assign an overlay IP address with a /32 mask to the IPsec virtual interface, which is essential for identifying the endpoint in the VPN. The other options are not mandatory; having a remote IP on a different address or enabling set add-route are not prerequisites for ADVPN functionality.