A security administrator has configured an IPsec tunnel between two SRX devices. The devices
are configured with OSPF on the st0 interface and an external interface destined to the IPsec
endpoint. The adminstrator notes that the IPsec tunnel and OSPF adjacency keep going up and
down. Which action would resolve this issue?
A.
Create a firewall filter on the st0 interface to permit IP protocol 89.
B.
Configure the IPsec tunnel to accept multicast traffic.
C.
Create a /32 static route to the IPsec endpoint through the external interface.
D.
Increase the OSPF metric of the external interface.
Explanation:
Reference: http://packetsneverlie.blogspot.in/2013/03/route-based-ipsec-vpn-with-ospf.html
Answer is Right 🙂
look at AJSEC book part 1 chapter 8 page 43 .
“we recommended that you configure static routes that use a /32 netmask on both devices…”