What needs to be configured during phase 2 of a route-based VPN, that does not have to be configured during a policy-based VPN? (assume both devices are NetScreens using route-based VPNs)
A.
Proxy-id
B.
Tunnel-binding
C.
Transport mode
D.
Replay protection
E.
Custom proposals
Explanation:
Route-based VPNs, like policy-based VPNs, can also use either manual key or autokey IKE, but are configured and function somewhat differently. Route-based VPNs do not make reference to a tunnel object, but rather the destination address of the traffic. When the NetScreen appliance performs a route lookup to see which interface it should use to send the traffic, it sees there is a route through a tunnel interface that is bound to a VPN tunnel and uses that interface to deliver the traffic.