— Exhibit –-
security {
ike {
policy IKE-STANDARD {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text “XXXXXX”;
}
gateway GW-HUB {
ike-policy IKE-STANDARD;
dynamic hostname site1.company.com;
external-interface ge-0/0/0.0;
}
}
ipsec {
policy IPSEC-STANDARD {
proposal-set standard;
}

vpn VPN-HUB {
bind-interface st0.0;
ike {
gateway GW-HUB;
ipsec-policy IPSEC-STANDARD;
}
}
}
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
ping;
ike;
}
}
interfaces {
ge-0/0/0.0;
}
}
security-zone trust {
system-services {
ping;
}
interfaces {
ge-0/0/1.0;
}

}
}
}

— Exhibit –-
Refer to the Exhibit.
You are implementing a new route-based IPsec VPN on an SRX Series device and the tunnel will
not establish.
What needs to be modified in the configuration shown in the exhibit?

A.
Change the bind-interface from st0.0 to ge-0/0/0.0.

B.
Add st0.0 to a security zone.

C.
Add esp under host-inbound-traffic on zone untrust.

D.
Add ike under host-inbound-traffic on zone trust.