where are policies going to be required?

Exhibit

Review the exhibit. In this route-based VPN configuration, where are policies going to be required?

Review the exhibit. In this route-based VPN configuration, where are policies going to be required?

A.
208 – Trust to Untrust

B.
208 – Untrust to Trust

C.
5XT – Trust to Untrust

D.
5XT – Untrust to Trust

Explanation:
Route-based VPNs, like policy-based VPNs, can also use either manual key or autokey IKE, but are configured and function somewhat differently. Route-based VPNs do not make reference to a tunnel object, but rather the destination address of the traffic. When the NetScreen appliance performs a route lookup to see which interface it should use to send the traffic, it sees there is a route through a tunnel interface that is bound to a VPN tunnel and uses that interface to deliver the traffic. There are some advantages to using a route-based VPN. Using route-based VPNs is a good way to conserve system resources. Unlike policy-based VPNs, you can configure multiple policies that allow or deny specific traffic to flow through a route-based VPN, and all of these policies will use a single security association. Route-based VPNs also offer the ability to exchange dynamic routing information, such as border gateway protocol (BGP), on the tunnel interface.
Route-based VPNs allow you to create policies that have an action of deny, unlike policy-based VPNs. Route-based VPNs also have different limitations than policy-based VPNs.With route-based VPNs, you are limited by one of two things: the number of route entries your appliance supports, or the number of tunnel interfaces your appliance supports, whichever of the two is the least. In this scenario we would configure thenpolicies on the 208 firewall.



Leave a Reply 0

Your email address will not be published. Required fields are marked *