Mastering IBGP Neighbor Groups and Route Reflectors in a Hub and Spoke Network

Questions and Answers

Which routing protocols are supported by AD-VPN?

• BGP, OSPF, RIP, PIM
• BGP, OSPF, EIGRP, IS-IS
• BGP, EIGRP, IS-IS, PIM
• BGP, OSPF, Ripv2, Rip next-generation (correct)

What type of IP addresses are supported by AD-VPN?

• Only IP-v4
• Only IP-v6
• Neither IP-v4 nor IP-v6
• Both IP-v4 and IP-v6 (correct)

What is required for the on-demand tunnels in AD-VPN?

• NAT (correct)
• PIM/multicast
• Static routing
• Dynamic routing

What type of architecture does AD-VPN support?

Single or multiple hub architectures (D)

What is the purpose of negotiation in AD-VPN?

To establish a connection attempt (B)

What is the role of Boston in the negotiation process?

To receive a connection attempt from London (B)

What type of architecture does AD-VPN support?

Hub-and-spoke (D)

What is the purpose of NAT in AD-VPN?

To support on-demand tunnels (B)

What type of traffic does AD-VPN support?

PIM/multicast (B)

What is required for AD-VPN to function?

Use of dynamic routing (A)

Which routing protocol is required for AD-VPN?

BGP (A)

What is the purpose of the overlay subnet in a hub-and-spoke topology?

To provide a unique IP address for each participant (D)

What is the purpose of the shortcut offer message in the AD-VPN negotiation process?

To notify the hub of available tunnel options (B)

What information does Boston include in the IKE message when negotiating a direct connection to London?

Boston's public IP-address and desired destination subnet (B)

How does Hub 1 know that AD-VPN is enabled in all the VPNs all the way to London?

Through auto-discovery-sender enable settings (A)

What is the purpose of the phase-2 configuration in AD-VPN?

To set the quick modes for the VPN (B)

How does Spoke-1 acknowledge the shortcut offer from the Hub?

By sending a shortcut query to the Hub (B)

What does Hub 2 have in this example of AD-VPN topology?

Two spokes (C)

What happens when Hub 1 receives packets from Boston destined for London?

Hub 1 sends an IKE message to Boston (D)

What initiates the tunnel IKE negotiation between Spoke-1 and Spoke-2?

The firewall policy (D)

Which command should be used to enable AD-VPN in a spoke?

auto-discovery-receiver (A)

What must be configured in the hub to enable AD-VPN for IPsec traffic?

auto-discovery-sender (B)

What is the purpose of configuring a BGP neighbor group in the hub?

To forward routes learned from one spoke to other spokes (C)

What should be done in the hub to ensure dynamic routing is used for learning the spokes' protected subnets?

Disable set add-route (C)

What is the requirement for having a dynamic routing protocol over IPsec?

Assign an overlay IP-address to the IPsec virtual interface (B)

What command should be used to indicate that an IPsec tunnel wants to participate in an auto-discovery VPN?

auto-discovery-receiver (A)

What should be included in the neighbor range configuration in the hub?

All the spokes individually as neighbors (D)

What should be done to ensure FortiGate does not create a dynamic interface in the hub?

Disable set net-device (D)

What should be added to BGP configuration in the hub to advertise the local network(s) behind the hub over BGP?

set add-route (B)

What should be assigned to the IPsec virtual interface in a spoke?

Interface IP (B)

Flashcards are hidden until you start studying