JN0-332 Question #394: Real Exam Question with Answer & Explanation

You have created an IPsec VPN on an SRX Series device. You believe the tunnel is configured correctly, but traffic from a host with the IP address of 10.12.1.10 cannot reach a remote device over the tunnel with an IP address of 10.128.64.132. The ge-0/0/1.0 interface is in the trust zone and the st0.0 interface is in the vpn zone. The output of four show commands is shown in the exhibit. What is the configuration problem with the tunnel? user@host> show security ike security-associations 1.1.1.2 Index Remote Address State Initiator cookie Responder cookie Mode 8 1.1.1.2 UP 3a895f8a9f620198 9040753e66d700bb Main user@host> show security ipsec security-associations Total active tunnels: 0 user@host> show route inet.0: 7 destinations, 7 routes (6 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:00:25 > to 2.2.2.1 via ge-0/0/0.0 2.2.2.0/24 *[Direct/0] 00:00:25 > via ge-0/0/0.0 2.2.2.2/32 *[Local/0] 00:00:25 Local via ge-0/0/0.0 10.1.1.0/30 *[Direct/0] 00:06:06 > via st0.0 10.1.1.1/32 *[Local/0] 00:06:06 Local via st0.0 10.12.1.0/24 *[Direct/0] 00:06:06 > via ge-0/0/1.0 10.12.1.1/32 *[Local/0] 00:06:06 Local via ge-0/0/1.0 10.128.64.0/24 *[Static/5] 00:00:25 > to 2.2.2.1 via ge-0/0/0.0 user@host> show security policies Default policy: deny-all From zone: trust, To zone: vpn Policy: permit-all, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1 Source addresses: any Destination addresses: any Applications: any Action: permit