which modification is needed under [edit security gateway Partner]?

— Exhibit –

— Exhibit —

Click the Exhibit button.
You have created a new VPN tunnel to your partner’s site but IKE Phase 1 is not coming up. You
check the trace log and find the following log message:
Jun
[IKED 2] iked_pm_id_validate id NOT matched.
Considering the topology and the SRX Series device’s configuration shown in the exhibit, which
modification is needed under [edit security gateway Partner]?

— Exhibit –

— Exhibit —

Click the Exhibit button.
You have created a new VPN tunnel to your partner’s site but IKE Phase 1 is not coming up. You
check the trace log and find the following log message:
Jun
[IKED 2] iked_pm_id_validate id NOT matched.
Considering the topology and the SRX Series device’s configuration shown in the exhibit, which
modification is needed under [edit security gateway Partner]?

A.
rename address 20.1.1.1 to address 192.168.1.1

B.
set remote-identity inet 192.168.1.1

C.
set local-identity inet 20.1.1.1

D.
set local-identity inet 50.1.1.1

Explanation:



Leave a Reply 5

Your email address will not be published. Required fields are marked *


Junos

Junos

A – Because gateway address should be set to external interface of the vpn device.

hanndeyll

hanndeyll

For me B is right, you stablish the tunnel against a public IP, which is firewall’s, who mades the NAT to the private IP, so the address is right, for you´ll never been able to reach a private IP address through the internet.

Any way, you need to stablish the tunnel with the private IP, so for me remote address command is the right choice.