PrepAway - Latest Free Exam Questions & Answers

what is the problem?

Click the Exhibit button. — Exhibit – — Exhibit — Host traffic is traversing through an IPsec
tunnel. Users are complaining of intermittent issues with their connection. Referring to the
exhibit, what is the problem?

PrepAway - Latest Free Exam Questions & Answers

A.
The tunnel is down due to a configuration change.

B.
The do-not-fragment bit is copied to the tunnel header.

C.
The MSS option on the SYN packet is set to 1300.

D.
The TCP SYN check option is disabled for tunnel traffic.

One Comment on “what is the problem?

  1. Fe says:

    B is the answer as we can see in the previous version of the exam

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB25625&actp=search

    If the configuration is changed to set security ipsec vpn df-bit copy, it will copy the DF-bit of the inner IP header to the outer IP header. This will return type=3 code=4 ICMP to the sender, when it exceeds the tunnel interface MTU and encrypted and fragmented IP packets will not be transmitted. <<<<<<<<<<<<<

    set security ipsec vpn df-bit copy

    root> show security ipsec security-associations index 131073
    ID: 131073 Virtual-system: root, VPN Name: vpn-001
    Local Gateway: 120.1.1.1, Remote Gateway: 120.1.1.254
    Local Identity: ipv4_subnet(any:0,[0..7]=150.1.1.0/24)
    Remote Identity: ipv4_subnet(any:0,[0..7]=100.1.1.0/24)
    Version: IKEv1
    DF-bit: copy <=========
    Bind-interface: st0.0




    0



    0

Leave a Reply