30 Questions
Which routing protocols are supported by AD-VPN?
BGP, OSPF, Ripv2, Rip next-generation
What type of IP addresses are supported by AD-VPN?
Both IP-v4 and IP-v6
What is required for the on-demand tunnels in AD-VPN?
NAT
What type of architecture does AD-VPN support?
Single or multiple hub architectures
What is the purpose of negotiation in AD-VPN?
To establish a connection attempt
What is the role of Boston in the negotiation process?
To receive a connection attempt from London
What type of architecture does AD-VPN support?
Hub-and-spoke
What is the purpose of NAT in AD-VPN?
To support on-demand tunnels
What type of traffic does AD-VPN support?
PIM/multicast
What is required for AD-VPN to function?
Use of dynamic routing
Which routing protocol is required for AD-VPN?
BGP
What is the purpose of the overlay subnet in a hub-and-spoke topology?
To provide a unique IP address for each participant
What is the purpose of the shortcut offer message in the AD-VPN negotiation process?
To notify the hub of available tunnel options
What information does Boston include in the IKE message when negotiating a direct connection to London?
Boston's public IP-address and desired destination subnet
How does Hub 1 know that AD-VPN is enabled in all the VPNs all the way to London?
Through auto-discovery-sender enable settings
What is the purpose of the phase-2 configuration in AD-VPN?
To set the quick modes for the VPN
How does Spoke-1 acknowledge the shortcut offer from the Hub?
By sending a shortcut query to the Hub
What does Hub 2 have in this example of AD-VPN topology?
Two spokes
What happens when Hub 1 receives packets from Boston destined for London?
Hub 1 sends an IKE message to Boston
What initiates the tunnel IKE negotiation between Spoke-1 and Spoke-2?
The firewall policy
Which command should be used to enable AD-VPN in a spoke?
auto-discovery-receiver
What must be configured in the hub to enable AD-VPN for IPsec traffic?
auto-discovery-sender
What is the purpose of configuring a BGP neighbor group in the hub?
To forward routes learned from one spoke to other spokes
What should be done in the hub to ensure dynamic routing is used for learning the spokes' protected subnets?
Disable set add-route
What is the requirement for having a dynamic routing protocol over IPsec?
Assign an overlay IP-address to the IPsec virtual interface
What command should be used to indicate that an IPsec tunnel wants to participate in an auto-discovery VPN?
auto-discovery-receiver
What should be included in the neighbor range configuration in the hub?
All the spokes individually as neighbors
What should be done to ensure FortiGate does not create a dynamic interface in the hub?
Disable set net-device
What should be added to BGP configuration in the hub to advertise the local network(s) behind the hub over BGP?
set add-route
What should be assigned to the IPsec virtual interface in a spoke?
Interface IP
Test your knowledge on configuring IBGP neighbor groups and route reflectors in a hub and spoke network setup. Learn about creating neighbor ranges, eliminating the need to define each spoke individually, and ensuring effective route learning in an IBGP environment.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
