Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 69

An engineer has successfully established a Phase 1 and Phase 2 tunnel between two sites. Site A has internal subnet 192.168.0.0/24 and Site B has internal subnet 10.0.0.0/24. The engineer notices that no packets are decrypted at Site B. Pings to 192.168.0.1 from internal Site B devices make it to the Site B router, and the Site A router has incrementing encrypt and decrypt counters. What must be done to ensure bidirectional communication between both sites?

Answer options

• A. Modify the routing at Site B so that traffic is sent to Site A.
• B. Configure the correct DH group on both devices.
• C. Allow protocol ESP or AH on the firewall in front of the Site B router.
• D. Enable PFS on the headend device.

Correct answer: C

Explanation

The correct answer is C because allowing protocol ESP or AH on the firewall is essential for proper packet decryption and securing the VPN tunnel. Options A, B, and D do not directly address the issue of packet decryption at Site B, which is critical for bidirectional communication.