View all questions & answers for the H12-821_V1.0 exam
After IPsec is deployed on an enterprise network, services are interrupted. The administrator finds that no data flow triggers IKE negotiation.
Which of the following are possible causes?(Select all that apply)
Configuration error of an interzone security policy
An unreachable route
The IPsec policy is not correctly applied to the related interface.
A mismatch between the ACL and protected data flow
All four are valid reasons why IKE (Internet Key Exchange) negotiation might not be triggered:
A– Security policy mismatches canblock data flows, preventing IPsec from initiating.
B– If theroute to the peer is unreachable, no packets can reach the tunnel interface, and IKE will not start.
C– If the IPsec policy is notbound to the correct interface, no protection is triggered.
D– If the ACL doesnot match the actual traffic, the flow will bypass IPsec.
Reference from Huawei HCIP-Datacom-Core Technology Study Guide:
“Common causes of IKE negotiation failure include incorrect ACLs, misapplied policies, unreachable peers, and misconfigured security zones.”
(Chapter: VPN Technologies – Section: IPsec Troubleshooting)
Submit