You are creating route-basedVPNson a NS208. When creating your 101stinterface, you receive an error message and are prevented from additional tunnel interfaces. What would cause this problem?

A.
There is a limit of 100 tunnel interfaces per zone

B.
There is a limit of 100 tunnel interfaces per NS208

C.
There is a limit of 100 tunnel interfaces per virtual router

D.
Acquire a license key to increase the number of tunnel interfaces that can be created.

Explanation:

The configuration of aNetScreendevice for VPN support is particularly flexible. You can create route-based and policy-based VPN tunnels. Additionally, each type of tunnel can use Manual Key orAutoKeyIKE to manage the keys used for encryption and authentication. With policy-based VPN tunnels, a tunnel is treated as an object (or a building block) that together with source,
destination, service, and action, comprises a policy that permits VPN traffic. (Actually, the VPN policy action is
tunnel, but the action permit is implied, if unstated). In a policy-based VPN configuration, a policy specifically
referencesa VPN tunnel by name.
With route-basedVPNs, the policy does not specifically reference a VPN tunnel. Instead, the policy references a destination address. When theNetScreen device does a route lookup to find the interface through which it must send traffic to reach that address, it finds a route via a tunnel interface, which is bound to a specific VPN tunnel1. Thus, with a policy-based VPN tunnel, you can consider a tunnel as an element in the construction of a policy. With a route-based VPN tunnel, you can consider a tunnel as a means for delivering traffic, and the policy as a method for either permitting or denying the delivery of that traffic. The number of policy-based VPN tunnels that you can create is limited by the number of policies that the device supports. The number of route-based VPN tunnels that you create is limited by the number of route entries (4096 for a ns208)orthe number of tunnel interfaces that the device supports (256 for a ns208) -whichever number is lower. A route-based VPN tunnel configuration is a good choice when you want to conserve tunnel resources while setting granular restrictions on VPN traffic. Although you can create numerous policies referencing the same VPN tunnel, each policy creates an individualIPSecsecurity association (SA) with the remote peer, each of which counts as an individual VPN tunnel. With a route-based approach toVPNs, the regulation of traffic is not coupled to the means of its delivery. You can configure dozens of policies to regulate traffic flowing through a single VPN tunnel between two sites, and there is just oneIPSecSA at work. Also, a route-based VPN configuration allows you to create policies referencing a destination reached through a VPN tunnel in which the action is deny, unlike a policy-based VPN configuration, in which-as stated earlier-the action must be tunnel, implying permit.