Which two statements about the new deployment are true?

You are asked to deploy a group VPN between various sites associated with your company.
The gateway devices at the remote locations are SRX240 devices. Which two statements
about the new deployment are true? (Choose two.)

You are asked to deploy a group VPN between various sites associated with your company.
The gateway devices at the remote locations are SRX240 devices. Which two statements
about the new deployment are true? (Choose two.)

A.
The networks at the various sites must use NAT.

B.
The participating endpoints in the group VPN can belong to a chassis cluster.

C.
The networks at the various sites cannot use NAT.

D.
The participating endpoints in the group VPN cannot be part of a chassis cluster.

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

pawel

pawel

D is no longer good answer if we take: Junos OS 15.1X49-D40
http://www.juniper.net/documentation/en_US/junos15.1×49-d40/topics/concept/vpn-security-group-limitations-understanding.html

So B and C are correct.

Reply

Kareem

Kareem

HI Pawel,

as per your provided link it indicate in the first line that “The following are not supported in this release for Group VPNv2:” and one of them is “Group members configured as chassis clusters.”. So, we still have the same limitation in this new release. C and D are the correct answers.

Reply

LSYS

LSYS

C and D are correct

Reply

Fe

Fe

Understanding Group VPN Limitations

The following are not supported in this release for group VPNs:

Non-default routing instances
Chassis cluster >>>>>>>>>>>>>>>>>>>>>>>>>>
Server clusters
Route-based group VPN
Public Internet-based deployment
SNMP
Deny policy from Cisco GET VPN server
J-Web interface for configuration and monitoring

http://www.juniper.net/documentation/en_US/junos12.1×47/topics/concept/vpn-security-group-limitations-understanding.html

The following are not supported in this release for Group VPNv2:

SNMP.
Deny policy from Cisco GET VPN server.
PKI support for Phase 1 IKE authentication.
Colocation of group server and member, where server and member functions coexist in the same physical device.
Group members configured as chassis clusters. <<<<<<<<<<<<<<<<<<<<<<<<<<<
J-Web interface for configuration and monitoring.
Multicast data traffic.

Group VPNv2 is not supported in deployments where IP addresses cannot be preserved—for example, across the Internet where NAT is used.

http://www.juniper.net/techpubs/en_US/junos15.1×49-d40/topics/concept/vpn-security-group-limitations-understanding.html

Reply

Marta Perez

Marta Perez

Passed JN0-633 exam recently!

65 multiple choice questions, a little difficult to pass.

Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.

I learned valid JN0-633 dumps here:

http://www.passleader.com/jn0-633.html (209Q VCE and PDF)

Recommend to you!

Reply