The exhibit shows an IPSec tunnel configuration In an effort to increase the security of the tunnel, you must configure the tunnel to negotiate a new tunnel key during IKE phase 2.

How can the configuration be changed to accommodate this requirement/?

A.
A new tunnel key is negotiated by default during phase 2; no configuration change is necessary.

B.
PFS must be added to the IKE policy pol-ike.

C.
PFS must be added to the IPSec policy poi-IPSec.

D.
A new tunnel key cannot be negotiated in IKE phase 2 with route-based IPSec VPNs; a policy- based IPSec VPN must be