PrepAway - Latest Free Exam Questions & Answers

Which two statements are true concerning policy-based IPsec VPNs on an SRX Series device?

Which two statements are true concerning policy-based IPsec VPNs on an SRX Series device? (Choose two)

PrepAway - Latest Free Exam Questions & Answers

A.
A new tunnel is set up for each flow of traffic that matches the policy.

B.
One tunnel is set up for all flows of traffic that match the policy.

C.
A new tunnel is set up before a flow of traffic matches the policy.

D.
A new tunnel is set up only when a flow of traffic matches the policy.

3 Comments on “Which two statements are true concerning policy-based IPsec VPNs on an SRX Series device?

  1. Shahid says:

    Y I think this is the correct sequence:
    Policy-based VPNs are required when one endpoint of the tunnel uses dynamic addressing.
    For policy-based IPsec VPNs, a new tunnel generates for each flow of traffic that
    matches the policy.

    Policy match and tunnel establishment:
    The Junos OS looks up the security policy. The traffic matches a tunnel policy. The original packet receives encryption.

    The Junos OS hashes the packet with an authentication key.

    The Junos OS builds the tunnel packet with a new IP header, IPsec header, and hash value. The new packet travels to the tunnel peer.




    0



    0
  2. Dilip Kumar says:

    A & D

    Route-based VPN tunnel configuration is a good choice when you want to conserve tunnel resources while setting granular restrictions on VPN traffic.

    With a policy-based VPN, although you can create numerous tunnel policies referencing the same VPN tunnel, each tunnel policy pair creates an individual IPsec security association (SA) with the remote peer. Each SA counts as an individual VPN tunnel.

    http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/policy-based-route-based-vpn-comparing.html




    0



    0

Leave a Reply