300-209 CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS) - Practice Questions

Question 1

DRAG DROP

Drag and drop the descriptions from the left onto the correct IPsec tunnel types on the right.

Select and Place:

Answer is in the explanation below.

Question 2

SIMULATION

Scenario

You are the network security administrator for your organization. Your company is growing and a remote branch office is being created. You are tasked with configuring your headquarters Cisco ASA to create a site-to-site IPsec VPN connection to the branch office Cisco ISR. The branch office ISR has already been deployed and configured and you need to complete the IPsec connectivity configurations on the HQ ASA to bring the new office online.

Use the following parameters to complete your configuration using ASDM. For this exercise, not all ASDM screens are active.

Enable IKEv1 on outside I/F for Site-to-site VPN Add a Connection Profile with the following parameters: - Peer IP: 203.0.113.1

- Connection name: 203.0.113.1

- Local protected network: 10.10.9.0/24

- Remote protected network: 10.11.11.0/24

- Group Policy Name: use the default policy name supplied

- Preshared key: cisco

- Disable IKEv2

- Encryption Algorithms: use the ASA defaults

Disable pre-configured NAT for testing of the IPsec tunnel - Disable the outside NAT pool rule

Establish the IPsec tunnel by sending ICMP pings from the Employee PC to the Branch Server at IP address 10.11.11.20 Verify tunnel establishment in ASDM VPN Statistics> Sessions window pane

You have completed this exercise when you have successfully configured, established, and verified site-to-site IPsec connectivity between the ASA and the Branch ISR.

Topology