You are asked to implement a monitoring feature that periodically verifies that the data plane is
working across your IPsec VPN. Which configuration will accomplish this task?
A.
[edit security ike]
user@srx# show
policy policy-1 {
mode main;
proposal-set standard;
pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA
}
gateway my-gateway {
ike-policy policy-1;
address 10.10.10.2;
dead-peer-detection;
external-interface ge-0/0/1;
}
B.
[edit security ipsec]
user@srx# show
policy policy-1 {
proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0;
dead-peer-detection;
ike {
gateway my-gateway;
ipsec-policy policy-1;
}
establish-tunnels immediately;
}
C.
[edit security ike]
user@srx# show
policy policy-1 {
mode main;
proposal-set standard;
pre-shared-key ascii-text “$9$URiqPFnCBIc5QIcylLXUjH”; ## SECRET-DATA
}
gateway my-gateway {
ike-policy policy-1;
address 10.10.10.2;
vpn-monitor;
external-interface ge-0/0/1;
}
D.
[edit security ipsec]
user@srx# show
policy policy-1 {
proposal-set standard;
}
vpn my-vpn {
bind-interface st0.0;
vpn-monitor;
ike {
gateway my-gateway;
ipsec-policy policy-1;
}
establish-tunnels immediately;
}
Explanation:
Reference: https://www.juniper.net/techpubs/en_US/junos11.4/information-products/topiccollections/security/software-all/monitoring-and-troubleshooting/index.html?topic-59092.html
Answer is right . see AJSEC book part 1 chapter 6 page 12-13 .
vpn-monitor is juniper proprietary . and is configured under [edit security ipsec vpn vpn-name]