which statement is true?

Click the Exhibit button. Traffic is being sent from Host-1 to Host-2 through an IPsec VPN.
In this process, SRX-2 is using NAT to change the destination address of Host-2 from
192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and
SRX-2 uses the 10.10.50.1 address for its tunnel endpoint. Referring to the exhibit, which
statement is true?

Click the Exhibit button. Traffic is being sent from Host-1 to Host-2 through an IPsec VPN.
In this process, SRX-2 is using NAT to change the destination address of Host-2 from
192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and
SRX-2 uses the 10.10.50.1 address for its tunnel endpoint. Referring to the exhibit, which
statement is true?

A.
The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

B.
The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

C.
The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination
address.

D.
The security policy on SRX-2 must permit traffic from the 192.168.1.1destination
address.

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

wissam

wissam

the answer shouldn’t be D ? because the internal IP of the host 2 is 192.168.1.1 and the security policies should be done on the internal IPs and not the translated IPs

Reply

pawel

pawel

We are talking here about destination nat, so it occurs before security policy in the packet flow process. Answer B is correct as sec policy must allow flow after the NAT.

Reply