VMware SD-WAN by VeloCloud Specialist — Question 6

A customer wants to limit branch tunnel counts by only allowing Dynamic Branch to Branch VPN tunnels to be established between sites within the same region.
How can this be accomplished while still allowing inter-region site-to-site connectivity via hubs?

Answer options

• A. Create separate profiles for Edges in each region, each including Business Policies for traffic with a destination subnet in the other region with the Network Service set to "Internet Backhaul" and with the appropriate hub(s) specified.
• B. Create separate profiles for Edges in each region, then in Cloud VPN settings, make sure that "Branch to Hub" and "Branch to Branch VPN" are enabled and that "To Edges within Profile" is checked under "Dynamic Branch to Branch VPN".
• C. Create separate profiles for Edges in each region, then in Cloud VPN settings, make sure that "Branch to Hub" is disabled and "Branch to Branch VPN" is enabled.
• D. Create separate profiles for Edges in each region, then in Cloud VPN settings, make sure that "Branch to Hub" and "Branch to Branch VPN" are enabled and that "Isolate Profile" is checked.

Correct answer: D

Explanation

The correct answer is D because enabling both 'Branch to Hub' and 'Branch to Branch VPN' while checking 'Isolate Profile' ensures that only tunnels within the same region are established while still allowing hub connectivity. The other options either do not provide the necessary isolation or do not enable the correct settings to achieve the desired connectivity restrictions.