AD-VPN

Questions and Answers

Which protocol(s) does AD-VPN support for dynamic routing?

BGP, OSPF, Rip-v2 and Rip-NG (correct)

BGP only

OSPF only

Rip-v2 and Rip-NG only

What are the overlays that connect a spoke to a hub called?

Direct tunnels

Parent tunnels (correct)

Shortcut tunnels

Child tunnels

What are the direct tunnels negotiated over parent tunnels called?

Auto-discovery tunnels

Shortcut tunnels (correct)

Overlay tunnels

Dynamic tunnels

What should be enabled on the spoke overlay to inform the hubs that the spoke can negotiate shortcuts?

Auto-discovery-receiver

What should be enabled on the hub overlay that connects the spoke to allow for shortcut negotiation between spokes?

Auto-discovery-sender

What should be enabled on the hub overlay that connects to the other hub to forward AD-VPN sender and receiver information between hubs?

Auto-discovery-forwarder

What happens when a user in Boston sends traffic to London and the shortcut between them has not been negotiated?

The traffic is routed through Hub1 and Hub2

What message does Hub1 send to Boston to inform that it can try to negotiate a direct connection to London?

Shortcut offer message

What message does Boston send to acknowledge the shortcut offer from Hub1?

Shortcut query message

What initiates the tunnel IKE negotiation between Spoke1 and Spoke2?

Traffic from Spoke1 to Spoke2

Which configuration must be enabled on the phase1 of each overlay on spokes?

net-device and auto-discovery-receiver

What happens if ping access is not enabled on the interface of the spokes?

Ping probes fail and shortcuts are marked as dead.

Why is overlay stickiness important for AD-VPN?

It prevents spokes from negotiating shortcuts over unreachable underlays.

Which type of link is MPLS?

Private link assigned with a private IP-address

Why do cross-ISP overlays fail to establish?

The ISP1 and MPLS networks are not routable between them.

What must be changed from their default values in AD-VPN with FortiManager VPN Manager?

Set protected networks to all

What does disabling the Add Route option on the hub prevent?

The hub from adding routes based on IKE negotiations

What is the phase1 name created when using FortiManager VPN console for AD-VPN?

Phase1name_0

Where is the configuration of the Protected Subnet located?

VPN Communities

What does AD-VPN use instead of adding routes based on IKE negotiations?

Dynamic routing protocol

Which technology enables direct spoke-to-spoke communication in a hub-and-spoke network?

AD-VPN

What is the basis of the AD-VPN solution?

IKE and IPsec

What are the benefits of using full-mesh topology in a hub-and-spoke network?

Direct spoke-to-spoke communication

What is the alternative to using a full-mesh topology in a hub-and-spoke network?

AD-VPN

What does SD-WAN support in relation to AD-VPN?

AD-VPN shortcuts

What increases the delay of communication in a hub-and-spoke topology?

Communication through the hub

What is the impact of geographically distant hub and spokes in a hub-and-spoke topology?

Increased delay of communication

What does AD-VPN enable spokes to do without making many configuration changes?

Negotiate on-demand IPsec tunnels

What does SD-WAN do with traffic in relation to AD-VPN shortcuts?

Steers traffic through shortcuts

What is the main advantage of using AD-VPN in a hub-and-spoke topology?

Enables direct spoke-to-spoke communication