what is the problem?

Click the Exhibit button. — Exhibit – — Exhibit — Host traffic is traversing through an IPsec
tunnel. Users are complaining of intermittent issues with their connection. Referring to the
exhibit, what is the problem?

Click the Exhibit button. — Exhibit – — Exhibit — Host traffic is traversing through an IPsec
tunnel. Users are complaining of intermittent issues with their connection. Referring to the
exhibit, what is the problem?

A.
The tunnel is down due to a configuration change.

B.
The do-not-fragment bit is copied to the tunnel header.

C.
The MSS option on the SYN packet is set to 1300.

D.
The TCP SYN check option is disabled for tunnel traffic.

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

Fe

Fe

B is the answer as we can see in the previous version of the exam

https://kb.juniper.net/InfoCenter/index?page=content&id=KB25625&actp=search

If the configuration is changed to set security ipsec vpn df-bit copy, it will copy the DF-bit of the inner IP header to the outer IP header. This will return type=3 code=4 ICMP to the sender, when it exceeds the tunnel interface MTU and encrypted and fragmented IP packets will not be transmitted. <<<<<<<<<<<<<

set security ipsec vpn df-bit copy

root> show security ipsec security-associations index 131073
ID: 131073 Virtual-system: root, VPN Name: vpn-001
Local Gateway: 120.1.1.1, Remote Gateway: 120.1.1.254
Local Identity: ipv4_subnet(any:0,[0..7]=150.1.1.0/24)
Remote Identity: ipv4_subnet(any:0,[0..7]=100.1.1.0/24)
Version: IKEv1
DF-bit: copy <=========
Bind-interface: st0.0

Reply