Home » Juniper » JN0-696 » What is causing the problem?
Click the Exhibit button.
You configured a route-based VPN, but users complain that they cannot pass traffic through it.
Referring to the exhibit, what is causing the problem?
A. The external interface should be ge-0/0/0.1.
B. The local and remote proxy IDs do not match.
C. The gateway is not configured properly.
D. The name of the IKE policy should be the same as the IPsec policy.
Correct Answer: A
Explanation/Reference:
Example configuration:
Example configuration:
a. First, locate the IKE Gateway using ‘show security ike’
root@siteA # show security ike
…
gateway gw-siteB { <-------- ike-policy ike-phase1-policy; address 2.2.2.2;
external-interface ge-0/0/3.0;
}
b. Then locate the IPsec VPN for that IKE Gateway using ‘show security ipsec’
root@siteA # show security ipsec
…
vpn ike-vpn-siteB {
bind-interface st0.0;
ike {
gateway gw-siteB; <-------- proxy-identity { local 192.168.2.0/24; remote 192.168.1.0/24; service any;
}
ipsec-policy ipsec-phase2-policy;
}
establish-tunnels immediately;
}
Incorrect:
B: Proxy IDs are not related to the problem.
C: The gateway configuration is fine.
D: The name of the IKE and the IPSec policy does not have to have the same name.
Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB10093&actp=search
Download Printable PDF. VALID exam to help you PASS.
|
|