When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the crypto map command in interface configuration mode?
- to configure the transform set
- to bind the interface to the ISAKMP policy
- to force IKE Phase 1 negotiations to begin
- to negotiate the SA policy
Explanation: The crypto map command, along with the name of the policy, is used to bind the interface to the ISAKMP policy created previously. A transform set is configured using the crypto ipsec transform-set command. Interesting traffic between peers forces IKE Phase 1 negotiations to begin. Peers negotiate the ISAKMP SA policy in step 2 of IPsec negotiations.
Exam with this question: Checkpoint Exam: VPNs Group Exam Answers
Please login or Register to submit your answer