— Exhibit –-
user@host> show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131073 ESP:3des/sha1 ac23df79 2532/ unlim – root 4500 1.1.1.1
>131073 ESP:3des/sha1 cbc9281a 2532/ unlim – root 4500 1.1.1.1
user@host> show security ipsec security-associations detail
Virtual-system: root
Local Gateway: 1.0.0.1, Remote Gateway: 1.1.1.1
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Version: IKEv1
DF-bit: clear
Direction: inbound, SPI: ac23df79, AUX-SPI: 0
, VPN Monitoring: -Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
Direction: outbound, SPI: cbc9281a, AUX-SPI: 0
, VPN Monitoring: -Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
— Exhibit –-
Refer to the Exhibit.
The exhibit shows output from two show commands.
What are two conclusions about the VPN tunnel from the output? (Choose two.)
A.
VPN monitoring is enabled.
B.
There is a device performing NAT between the two VPN endpoints.
C.
3DES is the encryption protocol.
D.
Traffic with the DF-bit set that exceeds the MTU will be dropped.