Juniper
JN0-332 · Question #390
JN0-332 Question #390: Real Exam Question with Answer & Explanation
Sign in or unlock JN0-332 to reveal the answer and full explanation for question #390. The question stem and answer options stay visible for context.
Question
You are implementing a new route-based IPsec VPN on an SRX Series device and the tunnel will not establish. What needs to be modified in the configuration shown in the exhibit? security { ike { policy IKE-STANDARD { mode aggressive; proposal-set standard; pre-shared-key ascii-text "XXXXXX"; } gateway GW-HUB { ike-policy IKE-STANDARD; dynamic hostname site1.company.com; external-interface ge-0/0/0.0; } } ipsec { policy IPSEC-STANDARD { proposal-set standard; } vpn VPN-HUB { bind-interface st0.0; ike { gateway GW-HUB; ipsec-policy IPSEC-STANDARD; } } } zones { security-zone untrust { host-inbound-traffic { system-services { ping; ike; } } interfaces { ge-0/0/0.0; } } security-zone trust { system-services { ping; } interfaces { ge-0/0/1.0; } } } }
Options
- AChange the bind-interface from st0.0 to ge-0/0/0.0.
- BAdd st0.0 to a security zone.
- CAdd esp under host-inbound-traffic on zone untrust.
- DAdd ike under host-inbound-traffic on zone trust.
Unlock JN0-332 to see the answer
You've previewed enough free JN0-332 questions. Unlock JN0-332 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.