HPE Aruba Certified Network Security Associate (ACNSA) — Question 35

An administrator supports a group of employees that connect to the corporate office using the VIA client. An Aruba Mobility Controller (MC), behind a corporate firewall, terminates the user's VPN sessions. The VPN sessions fail to establish because of the existing firewall rules.
Which connections must the administrator allow on the firewall? (Choose three.)

Answer options

• A. TCP 443
• B. UDP 8211
• C. UDP 8202
• D. UDP 500
• E. UDP 4500
• F. TCP 4443

Correct answer: A, D, E

Explanation

The correct connections to permit are TCP 443, UDP 500, and UDP 4500 because they are essential for establishing secure VPN sessions. TCP 443 is used for HTTPS traffic, while UDP 500 and UDP 4500 are critical for IPsec VPN negotiation and NAT traversal, respectively. The other options (UDP 8211, UDP 8202, TCP 4443) are not necessary for the VPN connection and can be blocked without impacting the user's ability to connect.