Juniper Security Support, Professional (JNCSP-SEC) - JN0-696 FREE EXAM DUMPS QUESTIONS & ANSWERS
-- Exhibit -{hold:node0} user@host1> show chassis cluster status Cluster ID. 1 Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0 node0 1 hold no no node1 0 lost n/a n/a {hold:node0}
user@host1> show configuration | no-more
system { host-name host1; root-authentication { encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA } name-server { 172.16.10.100; } services { ssh; telnet; web-management { http; } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any;
}
} } interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.131/26;
}
}
}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}
}
}
ge-0/0/9 {
unit 0 {
family inet {
address 172.16.10.1/24;
} } } }
security {
policies {
default-policy {
permit-all;
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}
}
}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/9.0;
}
}
security-zone Untrust {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/8.0;
}
}
}
}
{hold:node1} user@host2> show chassis cluster status Cluster ID. 1 Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0 node0 0 lost n/a n/a node1 1 hold no no
{hold:node1}
user@host2> show configuration | no-more
system { host-name host2; root-authentication { encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA } name-server { 172.16.10.100; } services { ssh; telnet; web-management { http; } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands {
interactive-commands any;
}
} } interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.132/26;
}
}
}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}
}
}
ge-0/0/9 {
unit 0 {
family inet {
address 172.16.10.1/24;
}
}
} }
security {
policies {
default-policy {
permit-all;
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}
}
}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service; } } interfaces { ge-0/0/9.0; } } security-zone Untrust { host-inbound-traffic { system-services { any-service; } } interfaces { ge-0/0/8.0; } } }
}
-- Exhibit -
Click the Exhibit button.
A user attempted to form a chassis cluster on an SRX240; however, the cluster did not form. While investigating the problem, you see the output shown in the exhibit.
What is causing the problem?
Redundancy group: 0 , Failover count: 0 node0 1 hold no no node1 0 lost n/a n/a {hold:node0}
user@host1> show configuration | no-more
system { host-name host1; root-authentication { encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA } name-server { 172.16.10.100; } services { ssh; telnet; web-management { http; } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any;
}
} } interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.131/26;
}
}
}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}
}
}
ge-0/0/9 {
unit 0 {
family inet {
address 172.16.10.1/24;
} } } }
security {
policies {
default-policy {
permit-all;
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}
}
}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/9.0;
}
}
security-zone Untrust {
host-inbound-traffic {
system-services {
any-service;
}
}
interfaces {
ge-0/0/8.0;
}
}
}
}
{hold:node1} user@host2> show chassis cluster status Cluster ID. 1 Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0 node0 0 lost n/a n/a node1 1 hold no no
{hold:node1}
user@host2> show configuration | no-more
system { host-name host2; root-authentication { encrypted-password "$1$KI99zGk6$MbYFuBbpLffu9tn2.sI7l1"; ## SECRET-DATA } name-server { 172.16.10.100; } services { ssh; telnet; web-management { http; } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands {
interactive-commands any;
}
} } interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.210.14.132/26;
}
}
}
ge-0/0/8 {
unit 0 {
family inet {
address 172.16.1.1/24;
}
}
}
ge-0/0/9 {
unit 0 {
family inet {
address 172.16.10.1/24;
}
}
} }
security {
policies {
default-policy {
permit-all;
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/0.0;
}
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
traceroute;
http;
snmp;
}
}
}
security-zone Trust {
host-inbound-traffic {
system-services {
any-service; } } interfaces { ge-0/0/9.0; } } security-zone Untrust { host-inbound-traffic { system-services { any-service; } } interfaces { ge-0/0/8.0; } } }
}
-- Exhibit -
Click the Exhibit button.
A user attempted to form a chassis cluster on an SRX240; however, the cluster did not form. While investigating the problem, you see the output shown in the exhibit.
What is causing the problem?
Correct Answer: D
Vote an answer
-- Exhibit --
[edit]
user@SRX-1# show security ike traceoptions
file ike-trace;
flag all;
[edit]
user@SRX-1# show security ipsec traceoptions
flag all;
user@SRX-1> show log ike-trace
...
Jun 13 17:00:33 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Invalid protocol_id = 0
Jun 13 17:00:34 Received authenticated notification payload unknown from local:192.168.1.10 remote:192.168.1.11 IKEv1 for P1 SA 3075335 Jun 13 17:00:34 iked_pm_ike_spd_notify_receiveD. Negotiation is already failed. Reason: TS
unacceptable.
Jun 13 17:00:34 QM notification `(null)' (40001) (size 8 bytes) from 192.168.1.11 for protocol
Reserved spi[0...3]=0f f0 ce d3
Jun 13 17:00:34 ike_st_i_private: Start
Jun 13 17:00:34 ike_st_o_qm_hash_2: Start
Jun 13 17:00:34 ike_st_o_qm_sa_values: Start
Jun 13 17:00:34 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Error = No proposal chosen (14)
Jun 13 17:00:34 ike_alloc_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276}
Jun 13 17:00:34 ike_encode_packet: Start, SA = { 0x15276b72 6656c3b6 - 4ea713e7 d2487276 }
/ 65407839, nego = 2
Jun 13 17:00:34 ike_send_packet: Start, send SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2, dst = 192.168.1.11:500, routing table id = 0
Jun 13 17:00:34 ike_delete_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2 Jun 13 17:00:34 ike_free_negotiation_info: Start, nego = 2 Jun 13 17:00:34 ike_free_negotiation: Start, nego = 2 Jun 13 17:00:34 IPSec negotiation failed for SA-CFG Unknown for local:192.168.1.10,
remote:192.168.1.11 IKEv1. status: TS unacceptable Jun 13 17:00:34 P2 ed info: flags 0x0, P2 error: TS unacceptable Jun 13 17:00:34 iked_pm_ipsec_sa_done: Phase2 failed 2/3 times for P1 SA 3075335 -- Exhibit -
Click the Exhibit button.
The IPsec tunnel is not establishing between SRX-1 and a remote device.
Referring to the exhibit, what is causing this problem?
[edit]
user@SRX-1# show security ike traceoptions
file ike-trace;
flag all;
[edit]
user@SRX-1# show security ipsec traceoptions
flag all;
user@SRX-1> show log ike-trace
...
Jun 13 17:00:33 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Invalid protocol_id = 0
Jun 13 17:00:34 Received authenticated notification payload unknown from local:192.168.1.10 remote:192.168.1.11 IKEv1 for P1 SA 3075335 Jun 13 17:00:34 iked_pm_ike_spd_notify_receiveD. Negotiation is already failed. Reason: TS
unacceptable.
Jun 13 17:00:34 QM notification `(null)' (40001) (size 8 bytes) from 192.168.1.11 for protocol
Reserved spi[0...3]=0f f0 ce d3
Jun 13 17:00:34 ike_st_i_private: Start
Jun 13 17:00:34 ike_st_o_qm_hash_2: Start
Jun 13 17:00:34 ike_st_o_qm_sa_values: Start
Jun 13 17:00:34 :500 (Responder) -> 192.168.1.11:500 { 15276b72 6656c3b6 - 4ea713e7
d2487276 [1] / 0x9828a32e } QM; Error = No proposal chosen (14)
Jun 13 17:00:34 ike_alloc_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276}
Jun 13 17:00:34 ike_encode_packet: Start, SA = { 0x15276b72 6656c3b6 - 4ea713e7 d2487276 }
/ 65407839, nego = 2
Jun 13 17:00:34 ike_send_packet: Start, send SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2, dst = 192.168.1.11:500, routing table id = 0
Jun 13 17:00:34 ike_delete_negotiation: Start, SA = { 15276b72 6656c3b6 - 4ea713e7 d2487276},
nego = 2 Jun 13 17:00:34 ike_free_negotiation_info: Start, nego = 2 Jun 13 17:00:34 ike_free_negotiation: Start, nego = 2 Jun 13 17:00:34 IPSec negotiation failed for SA-CFG Unknown for local:192.168.1.10,
remote:192.168.1.11 IKEv1. status: TS unacceptable Jun 13 17:00:34 P2 ed info: flags 0x0, P2 error: TS unacceptable Jun 13 17:00:34 iked_pm_ipsec_sa_done: Phase2 failed 2/3 times for P1 SA 3075335 -- Exhibit -
Click the Exhibit button.
The IPsec tunnel is not establishing between SRX-1 and a remote device.
Referring to the exhibit, what is causing this problem?
Correct Answer: A
Vote an answer
-- Exhibit -
[edit security utm]
user@host# show
custom-objects { url-pattern { blocklist { value [ http://badsite.com http://blocksite.com ]; } acceptlist { value http://juniper.net; } } custom-url-category { blacklist { value blocklist; } whitelist { value acceptlist; } }
}
feature-profile { web-filtering { url-whitelist whitelist; url-blacklist blacklist; type juniper-local; juniper-local {
profile web-filter {
custom-block-message "Site is not allowed";
fallback-settings {
default log-and-permit;
}
}
}
}
}
utm-policy utm1 {
web-filtering {
http-profile web-filter;
}
}
-- Exhibit --
Click the Exhibit button.
You set up Web filtering to allow employees to only access your internal website. You notice that employees are still able to reach websites outside of the blacklists.
Referring the exhibit, which parameter must be changed?
[edit security utm]
user@host# show
custom-objects { url-pattern { blocklist { value [ http://badsite.com http://blocksite.com ]; } acceptlist { value http://juniper.net; } } custom-url-category { blacklist { value blocklist; } whitelist { value acceptlist; } }
}
feature-profile { web-filtering { url-whitelist whitelist; url-blacklist blacklist; type juniper-local; juniper-local {
profile web-filter {
custom-block-message "Site is not allowed";
fallback-settings {
default log-and-permit;
}
}
}
}
}
utm-policy utm1 {
web-filtering {
http-profile web-filter;
}
}
-- Exhibit --
Click the Exhibit button.
You set up Web filtering to allow employees to only access your internal website. You notice that employees are still able to reach websites outside of the blacklists.
Referring the exhibit, which parameter must be changed?
Correct Answer: B
Vote an answer
-- Exhibit -user@R1> show security ike security-associations
user@R1> show security zones
Security zone: trust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 3
Interfaces:
ge-0/0/0.0
ge-0/0/6.0
lo0.0
Security zone: untrust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 1
Interfaces:
ge-0/0/1.0
Security zone: junos-host
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes Interfaces bounD. 0 Interfaces:
user@R1> show interfaces st0
Physical interface: st0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 503 Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192 Device flags : Present Running Interface flags: Point-To-Point Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps)
Logical interface st0.0 (Index 72) (SNMP ifIndex 546) Flags: Link-Layer-Down Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel Input packets : 3 Output packets: 3 Security: Zone: Null Protocol inet, MTU: 9192 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 172.19.0.0/30, Local: 172.19.0.1
user@R1> show interfaces ge-0/0/1 Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 135, SNMP ifIndex: 508
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, SpeeD. 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: b0:c6:9a:73:27:81, Hardware address: b0:c6:9a:73:27:81 Last flapped : 2013-06-12 15:22:48 UTC (00:59:41 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 541) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 40 Output packets: 27 Security: Zone: untrust Allowed host-inbound traffic : ping Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary Destination: 184.0.15.0/30, Local: 184.0.15.1, Broadcast: 184.0.15.3
user@R1> show log ipsec-trace | match "500|drop"
Jun 12 16:32:10 16:32:10.680034:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:32:54 16:32:54.680399:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:33:00 16:33:00.680794:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500 Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet droppeD. for self but not interested Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
-- Exhibit -
Click the Exhibit button.
You are asked to troubleshoot a new IPsec tunnel that is not establishing between R1 and R2. The remote team has verified that R2's configuration is correct.
Referring to the exhibit, which two actions are required to resolve the problem? (Choose two.)
user@R1> show security zones
Security zone: trust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 3
Interfaces:
ge-0/0/0.0
ge-0/0/6.0
lo0.0
Security zone: untrust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bounD. 1
Interfaces:
ge-0/0/1.0
Security zone: junos-host
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes Interfaces bounD. 0 Interfaces:
user@R1> show interfaces st0
Physical interface: st0, Enabled, Physical link is Up Interface index: 130, SNMP ifIndex: 503 Type: Secure-Tunnel, Link-level type: Secure-Tunnel, MTU: 9192 Device flags : Present Running Interface flags: Point-To-Point Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps)
Logical interface st0.0 (Index 72) (SNMP ifIndex 546) Flags: Link-Layer-Down Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel Input packets : 3 Output packets: 3 Security: Zone: Null Protocol inet, MTU: 9192 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 172.19.0.0/30, Local: 172.19.0.1
user@R1> show interfaces ge-0/0/1 Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 135, SNMP ifIndex: 508
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, SpeeD. 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: b0:c6:9a:73:27:81, Hardware address: b0:c6:9a:73:27:81 Last flapped : 2013-06-12 15:22:48 UTC (00:59:41 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 541) Flags: SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 40 Output packets: 27 Security: Zone: untrust Allowed host-inbound traffic : ping Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary Destination: 184.0.15.0/30, Local: 184.0.15.1, Broadcast: 184.0.15.3
user@R1> show log ipsec-trace | match "500|drop"
Jun 12 16:32:10 16:32:10.680034:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:51 16:32:51.874191:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:51 16:32:51.874191:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:51 16:32:51.874555:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:32:54 16:32:54.680399:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:32:56 16:32:56.888094:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet droppeD. for self but not interested
Jun 12 16:32:56 16:32:56.888094:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
Jun 12 16:33:00 16:33:00.680794:CID-0:RT:ageout 71,184.0.15.2/500->184.0.15.1/500,17, (0/0)
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:184.0.15.2/500->184.0.15.1/500;17> :
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: ge-0/0/1.0:184.0.15.2/500->184.0.15.1/500, udp
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: find flow: table 0x4f160b38, hash 8769(0xffff), sa
184.0.15.2, da 184.0.15.1, sp 500, dp 500, proto 17, tok 8
Jun 12 16:33:07 16:33:06.902220:CID-0:RT:pak_for_self : proto 17, dst port 500, action 0x0
Jun 12 16:33:07 16:33:06.902220:CID-0:RT: flow_first_in_dst_nat: in 0/1.0>, out A> dst_adr
184.0.15.1, sp 500, dp 500 Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet droppeD. for self but not interested Jun 12 16:33:07 16:33:06.902220:CID-0:RT: packet dropped, packet droppeD. for self but not
interested.
-- Exhibit -
Click the Exhibit button.
You are asked to troubleshoot a new IPsec tunnel that is not establishing between R1 and R2. The remote team has verified that R2's configuration is correct.
Referring to the exhibit, which two actions are required to resolve the problem? (Choose two.)
Correct Answer: C,D
Vote an answer