What are two conclusions about the VPN tunnel from the output?

— Exhibit —
user@host> show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131073 ESP:3des/sha1 ac23df79 2532/ unlim – root 4500 1.1.1.1
>131073 ESP:3des/sha1 cbc9281a 2532/ unlim – root 4500 1.1.1.1
user@host> show security ipsec security-associations detail
Virtual-system: root
Local Gateway: 1.0.0.1, Remote Gateway: 1.1.1.1
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Version: IKEv1
DF-bit: clear
Direction: inbound, SPI: ac23df79, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
Direction: outbound, SPI: cbc9281a, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
— Exhibit —
Click the Exhibit button.
The exhibit shows output from two show commands.
What are two conclusions about the VPN tunnel from the output? (Choose two.)

— Exhibit —
user@host> show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131073 ESP:3des/sha1 ac23df79 2532/ unlim – root 4500 1.1.1.1
>131073 ESP:3des/sha1 cbc9281a 2532/ unlim – root 4500 1.1.1.1
user@host> show security ipsec security-associations detail
Virtual-system: root
Local Gateway: 1.0.0.1, Remote Gateway: 1.1.1.1
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Version: IKEv1
DF-bit: clear
Direction: inbound, SPI: ac23df79, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
Direction: outbound, SPI: cbc9281a, AUX-SPI: 0
, VPN Monitoring: –
Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
— Exhibit —
Click the Exhibit button.
The exhibit shows output from two show commands.
What are two conclusions about the VPN tunnel from the output? (Choose two.)

A.
VPN monitoring is enabled.

B.
There is a device performing NAT between the two VPN endpoints.

C.
3DES is the encryption protocol.

D.
Traffic with the DF-bit set that exceeds the MTU will be dropped.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


el_junos

el_junos

Is this right? where is NAT?
A C ?

H

H

‘root 4500’ = this is the port. Without NAT it would be 500, but when NAT occurs it changes to 4500.