Which two statements are true about route-based VPNs? (Choose two.)
A.
Route-based VPNs cannot be used to configure remote access or dialup VPNs.
B.
The from-zone and to-zone, for a security policy to permit traffic over a route-based VPN, are
derived from the zone in which the protected network lies and the zone in which the IKE interface
lies.
C.
system services ike must be enabled on the st0.x interface.
D.
You cannot re-write the DSCP bits on the inner IP header of an ESP packet that was created or
forwarded using a route-based VPN.
http://www.juniper.net/techpubs/en_US/junos11.4/topics/concept/policy-based-route-based-vpn-comparing.html
Route-based VPNs do not support remote-access (dial-up) VPN configurations.
http://chimera.labs.oreilly.com/books/1234000001633/ch10.html#fragmentation
The SRX automatically copies the DSCP bits from the original packet to the IPsec packet so that the network devices between the two VPN gateways can provide the appropriate processing on the encrypted traffic.