Router R1 has configured ISAKMP policies numbered 1, 5, 9, and 203. Router R2 only has default policies. How will R1 attempt to negotiate the IKE Phase 1 ISAKMP tunnel with R2?

Router R1 has configured ISAKMP policies numbered 1, 5, 9, and 203. Router R2 only has default policies. How will R1 attempt to negotiate the IKE Phase 1 ISAKMP tunnel with R2?

• R1 and R2 cannot match policies because the policy numbers are different.
• R1 will attempt to match policy #1 with the most secure matching policy on R2.
• R1 will try to match policy #203 with the most secure default policy on R2.
• R1 will begin to try to match policy #1 with policy #65514 on R2.

Explanation: Peers will attempt to negotiate using the policy with the lowest number (highest priority). Peers do not require matching priority numbers. R1 will attempt to use the most secure default policy (policy #1). If R2 has a matching policy, then R1 and R2 can successfully negotiate the IKE Phase 1 ISAKMP tunnel. If there is no agreement to use the most secure default policy, R1 will attempt to use the next most secure policy.

Exam with this question: Modules 18 - 19: VPNs Group Exam Answers