Question 40 of 56 from exam 300-730-SVPN: Implementing Secure Solutions with Virtual Private Networks

Question 40 of 56 from exam 300-730-SVPN: Implementing Secure Solutions with Virtual Private Networks

Prev Question Next Question

Question

Ciscoasa# sh cap o trace packet-number 4 737 packets captured 4: 08:19:36.054181 10. 99.117.195.56485 > 10.31.124.31.443: § 3919220036:3919220036(0) win 64240 <mss 1260,nop,wscale 8,nop,nop,sackOK> Phase: 1 Type: CAPTURE subtype Result: ALLOW Config: Additional Information: MAC Access list Phase: 2 Type: ACCESS-LIST Subtype: Result: ALLOW Implicit Rule Additional Information: MAC Access list Phase: 3 Type: UN-NAT Subtype: static Result: ALLOW Config: nat (inside,outside) source static obj_172.16.0.0 24 interface Additional Informatio NAT divert to egress interface inside Untranslate 10.31.124.31/443 to 172.16.0.0/443 Phase: 4 Type: ACCESS-LIST Subtype: log Result: ALLOW Config access-group global_access 1 global access-list global_access 1 extended permit ip any any Additional Information: — Phase: 5 Type: NAT Subtype Result: ALLOW Config: nat (inside,outside) source static obj _172.16.0.0_24 interface Additional Information: Static translate 10.99.117.195/56485 to 10.99.117.195/56485 Phase: 6 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Informatio: Phase: 7 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Phase: 8 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Phase: 9 Type: NAT Subtype: rpf-check nat (inside,outside) source static obj_172.16.0.0_24 interface Additional Information: Phase: 10 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Phase: 11 Type: IP-OPTIONS Subtype: Result: ALLOW Config Additional Information: Phase: 12 ‘Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 123456, packet dispatched to next module Phase: 13 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 172.16.0.0 using egress ifc inside Result: input-interface: outside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: allow 1 packet shown

Refer to the exhibit.

An SSL client is connecting to an ASA headend.

The session fails with the message 'Connection attempt has timed out.

Please verify Internet connectivity.' Based on how the packet is processed, which phase is causing the failure?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

Prev Question Next Question