Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?



Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535
Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535
Remote selector 192.168.22.0/0 -192.168.22.255/65535



Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535
Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535
Remote selector 192.168.22.0/0 -192.168.22.255/65535

A.
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 – 0.0.0.0/65535

B.
Local selector 0.0.0.0/0 – 0.0.0.0/65535

Explanation:
The traffic selector is used to determine which traffic should be protected (encrypted
over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over
the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from
192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).



Leave a Reply 0

Your email address will not be published. Required fields are marked *