CCNP Security Question of the Week

When configuring a site-to-site IPsec tunnel, which of the following is a valid command?

  1. tunnel-group 1.1.1.1 type ipsec-l2l
  2. tunnel-group 2.2.2.2 type s2s
  3. tunnel-group SiteB type ipsec l2l
  4. tunnel-group SiteB type s2s

The correct answer is 1.

LAN to LAN VPNs will use a connection profile with the IP address of the peer being connected to. Hence options C and D are not valid because they use a name instead of an ip address as the identifier for the connection profile. Option B is also incorrect because although it uses an ip address to identify the connection profile, the syntax of s2s is not valid.

Related Courses:
ASAE — ASA Essentials
FIREWALL — Deploying Cisco ASA Firewall Solutions
VPN — Deploying Cisco ASA VPN Solutions
CCNP Security — Cisco Certified Network Professional Security

In this article

Join the Conversation