PCNSE · Question #839
PCNSE Question #839: Real Exam Question with Answer & Explanation
The correct answer is A: On the HQ firewall select peer IP address type FQDN. On the remote location firewall, enable DDNS under the interface used for the IPSec Dynamic DNS (DDNS) is required on the remote location's firewall so it can update the hostname with its dynamically assigned IP address. The HQ firewall will then be able to resolve the dynamic IP
Question
A firewall administrator is configuring an IPSec tunnel between a company's HQ and a remote location. On the HQ firewall, the interface used to terminate the IPSec tunnel has a static IP. At the remote location, the interface used to terminate the IPSec tunnel has a DHCP assigned IP address. Which two actions are required for this scenario to work? (Choose two.)
Options
- AOn the HQ firewall select peer IP address type FQDN
- BOn the remote location firewall select peer IP address type Dynamic
- COn the HQ firewall enable DDNS under the interface used for the IPSec tunnel
- DOn the remote location firewall, enable DDNS under the interface used for the IPSec tunnel
Explanation
On the remote location firewall, enable DDNS under the interface used for the IPSec Dynamic DNS (DDNS) is required on the remote location's firewall so it can update the hostname with its dynamically assigned IP address. The HQ firewall will then be able to resolve the dynamic IP using the associated hostname. On the HQ firewall, select peer IP address type FQDN. Since the remote location's IP is dynamically assigned, the HQ firewall needs to use the Fully Qualified Domain Name (FQDN) option to reference the dynamic IP address. This will allow the HQ firewall to resolve the IP address of the remote firewall using DDNS.
Topics
Community Discussion
No community discussion yet for this question.