CCNP Route FAQ: Routing over Branch Internet Connections
Figure: Example Small, Medium, and Large Branch Designs
Q1. Router R1 sits at an Enterprise branch office, using the Internet for its only connectivity back to the rest of the Enterprise. Which of the following is not a benefit of using an IPsec tunnel for packets sent through the Internet, between R1 and the rest of the Enterprise?
a. Privacy
b. Authentication
c. Allows using an IGP between R1 and the Enterprise
d. Secure communications
Q2. Router R1 sits at an Enterprise branch office, using both the Internet and a leased line to another Enterprise router for its two connectivity options back into the rest of the Enterprise network. The engineer planning for this branch decided to use the leased line for all Enterprise traffic, unless it fails, in which case the Internet connection should be used to pass traffic to the Enterprise. Which of the following is most likely to be useful on the branch router? (Choose two.)
a. IPsec tunnel
b. GRE tunnel
c. Floating static route
d. An IGP
Q3. Router R1, a branch router, connects to the Internet using DSL. The engineer plans to use a configuration with a dialer interface. The answers list a feature and interface on which the feature could be configured. Which combinations accurately describe the interface under which a feature will be configured?
a. PPP on the ATM interface
b. VPI/VCI on the dialer interface
c. IP address on the ATM interface
d. CHAP on the dialer interface
Q4. Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, and into the core of an Enterprise network. The branch also allows local hosts to communicate directly with public sites in the Internet over this same DSL connection. Which of the following answers defines how the branch NAT config avoids performing NAT for the Enterprisedirected traffic but does perform NAT for the Internet-directed traffic?
a. By not enabling NAT on the IPsec tunnel interface
b. By not enabling NAT on the GRE tunnel interface
c. By configuring the NAT-referenced ACL to not permit the Enterprise traffic
d. By asking the ISP to perform NAT in the cloud
Q5. Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router’s logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?
a. When the packet received on the LAN interface is permitted by the ACL listed on the tunnel gre acl command under the incoming interface
b. When routing the packet, matching a route whose outgoing interface is the GRE tunnel interface
c. When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interface
d. When permitted by an ACL that was referenced in the associated crypto map