You have been asked to configure traffic to flow between two virtual routers (VRs) residing on two
unique logical systems (LSYSs) on the same SRX5800.
How would you accomplish this task?
A.
Configure a security policy that contains the context from VR1 to VR2 to permit the relevant
traffic.
B.
Configure a security policy that contains the context from LSYS1 to LSYS2 and relevant match
conditions in the rule set to allow traffic between the IP networks in VR1 and VR2.
C.
Configure logical tunnel interfaces between VR1 and VR2 and security policies that allow
relevant traffic between VR1 and VR2 over that link.
D.
Configure an interconnect LSYS to facilitate a connection between LSYS1 and LSYS2 and
relevant policies to allow the traffic.
Explanation:
Reference :http://kb.juniper.net/InfoCenter/index?page=content&id=KB21260
Remember that LS contain the VR.
Answer is D. The question refers to communicating 2 LS (the VRs are contained in the LS)
http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/logical-systems-config/junos-security-logical-systems.pdf
This topic covers the interconnect logical system that serves as an internal virtual private
LAN service (VPLS) switch connecting one logical system on the device to another. The
topic also explains how logical tunnel (lt-0/0/0) interfaces are used to connect logical
systems through the interconnect logical system.
A device running logical systems can use an internal VPLS switch to pass traffic without
it leaving the device. The interconnect logical system switches traffic across logical
10 Copyright © 2011, Juniper Networks, Inc.
Junos OS Logical Systems Configuration Guide for Security Devicessystems that use it. Although a virtual switch is used typically, it is not mandatory. If you
choose to use a virtual switch, you must configure the interconnect logical system. There
can be only one interconnect logical system on a device.
For communication between logical systems on the device to occur, you must configure
an lt-0/0/0 interface on each logical system that will use the internal switch, and you
must associate it with its peer lt-0/0/0 interface on the interconnect logical system,
effectively creating a logical tunnel between them. You define a peer relationship at each
end of the tunnel when you configure the logical system’s lt-0/0/0 interfaces.
You might want all logical systems on the device to be able to communicate with one
another without using an external switch. Alternatively, you might want some logical
systems to connect across the internal switch but not all of them.
The interconnect logical systemdoes not require security resources assigned to it through
a security profile. However, you must assign a dummy security profile containing no
resources to the interconnect logical system. Otherwise you will notbe able to successfully
commit the configuration for it.
0
0
The correct answer is D
0
0