nerdexam
Palo_Alto_Networks

PSE-PLATFORM · Question #189

PSE-PLATFORM Question #189: Real Exam Question with Answer & Explanation

The correct answer is C. Enable on Site-A and Site-B. Explanation/Reference: NAT traversal (NAT-T) must be enabled on both gateways if you have NAT occurring on a device that sits between the two gateways. A gateway can see only the public (globally routable) IP address of the NAT device.

Question

Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet. How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B?

Options

  • AEnable on Site-A only
  • BEnable on Site-B only with Passive Mode
  • CEnable on Site-A and Site-B
  • DEnable on Site-B only

Explanation

Explanation/Reference: NAT traversal (NAT-T) must be enabled on both gateways if you have NAT occurring on a device that sits between the two gateways. A gateway can see only the public (globally routable) IP address of the NAT device.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PSE-PLATFORM Practice