JNCIE-DC: Juniper Networks Certified Expert – Data Center — Question 14
You are asked to design security policies for your corporate network where policy-based VPNs will be used.
In this scenario, which three statements for a traffic match are true? (Choose three.)
Answer options
- A. The policy action is always permit.
- B. A VPN tunnel is indirectly referenced by a route that points to a specific tunnel interface.
- C. The security policy sets up the IPsec tunnel.
- D. Tunnels are generated when traffic matches a policy.
- E. The policy refers to the remote IKE gateway.
Correct answer: A, B, C
Explanation
Option A is correct because policy actions typically default to permit in these scenarios. Option B is accurate as it describes how a VPN tunnel is associated with a route leading to a specific tunnel interface. Option C is true since the security policy is responsible for establishing the IPsec tunnel. Options D and E are incorrect as they do not accurately reflect the mechanics of policy-based VPNs.