A network engineer is troubleshooting a site-to-site VPN between two Cisco routers. The tunnel is up, but traffic is not passing. On R1, the engineer issues the command 'show crypto map' and sees that the crypto map is applied to the outbound interface. What is the most likely cause of the traffic failure?
Trap 1: The access-list in the crypto map does not permit the traffic.
Incorrect because the tunnel is up, indicating the IKE and IPsec negotiations succeeded; the issue is the crypto map application direction.
Trap 2: The ISAKMP policy is misconfigured.
Incorrect because the tunnel is up, so ISAKMP negotiation succeeded.
Trap 3: The transform set is incorrect.
Incorrect because the tunnel is up, meaning the transform set was accepted during negotiation.
- A
The crypto map is applied to the wrong interface.
Correct because crypto maps should be applied to the inbound direction of the interface to match traffic for encryption.
- B
The access-list in the crypto map does not permit the traffic.
Why wrong: Incorrect because the tunnel is up, indicating the IKE and IPsec negotiations succeeded; the issue is the crypto map application direction.
- C
The ISAKMP policy is misconfigured.
Why wrong: Incorrect because the tunnel is up, so ISAKMP negotiation succeeded.
- D
The transform set is incorrect.
Why wrong: Incorrect because the tunnel is up, meaning the transform set was accepted during negotiation.