AD-VPN

Questions and Answers

Which protocol(s) does AD-VPN support for dynamic routing?

• BGP, OSPF, Rip-v2 and Rip-NG (correct)
• BGP only
• OSPF only
• Rip-v2 and Rip-NG only

What are the overlays that connect a spoke to a hub called?

• Direct tunnels
• Parent tunnels (correct)
• Shortcut tunnels
• Child tunnels

What are the direct tunnels negotiated over parent tunnels called?

• Auto-discovery tunnels
• Shortcut tunnels (correct)
• Overlay tunnels
• Dynamic tunnels

What should be enabled on the spoke overlay to inform the hubs that the spoke can negotiate shortcuts?

Auto-discovery-receiver (C)

What should be enabled on the hub overlay that connects the spoke to allow for shortcut negotiation between spokes?

Auto-discovery-sender (A)

What should be enabled on the hub overlay that connects to the other hub to forward AD-VPN sender and receiver information between hubs?

Auto-discovery-forwarder (B)

What happens when a user in Boston sends traffic to London and the shortcut between them has not been negotiated?

The traffic is routed through Hub1 and Hub2 (B)

What message does Hub1 send to Boston to inform that it can try to negotiate a direct connection to London?

Shortcut offer message (D)

What message does Boston send to acknowledge the shortcut offer from Hub1?

Shortcut query message (A)

What initiates the tunnel IKE negotiation between Spoke1 and Spoke2?

Traffic from Spoke1 to Spoke2 (B)

Which configuration must be enabled on the phase1 of each overlay on spokes?

net-device and auto-discovery-receiver (B)

What happens if ping access is not enabled on the interface of the spokes?

Ping probes fail and shortcuts are marked as dead. (B)

Why is overlay stickiness important for AD-VPN?

It prevents spokes from negotiating shortcuts over unreachable underlays. (A)

Which type of link is MPLS?

Private link assigned with a private IP-address (B)

Why do cross-ISP overlays fail to establish?

The ISP1 and MPLS networks are not routable between them. (B)

What must be changed from their default values in AD-VPN with FortiManager VPN Manager?

Set protected networks to all (A)

What does disabling the Add Route option on the hub prevent?

The hub from adding routes based on IKE negotiations (D)

What is the phase1 name created when using FortiManager VPN console for AD-VPN?

Phase1name_0 (A)

Where is the configuration of the Protected Subnet located?

VPN Communities (D)

What does AD-VPN use instead of adding routes based on IKE negotiations?

Dynamic routing protocol (C)

Which technology enables direct spoke-to-spoke communication in a hub-and-spoke network?

AD-VPN (C)

What is the basis of the AD-VPN solution?

IKE and IPsec (B)

What are the benefits of using full-mesh topology in a hub-and-spoke network?

Direct spoke-to-spoke communication (A)

What is the alternative to using a full-mesh topology in a hub-and-spoke network?

AD-VPN (C)

What does SD-WAN support in relation to AD-VPN?

AD-VPN shortcuts (A)

What increases the delay of communication in a hub-and-spoke topology?

Communication through the hub (D)

What is the impact of geographically distant hub and spokes in a hub-and-spoke topology?

Increased delay of communication (A)

What does AD-VPN enable spokes to do without making many configuration changes?

Negotiate on-demand IPsec tunnels (B)

What does SD-WAN do with traffic in relation to AD-VPN shortcuts?

Steers traffic through shortcuts (A)

What is the main advantage of using AD-VPN in a hub-and-spoke topology?

Enables direct spoke-to-spoke communication (A)