JNCIE-DC: Juniper Networks Certified Expert – Data Center — Question 8
An auditor reviewed your companys firewall configurations and is requiring that IPsec VPN connections must not expose IKE identities during IKE negotiations.
Which two methods satisfy this requirement? (Choose two.)
Answer options
- A. Use main mode for the IKE policy.
- B. Use aggressive mode for the IKE policy.
- C. Use IKEv2 instead of IKEv1.
- D. Configure GRE over IPsec.
Correct answer: A
Explanation
The correct answer is A because using main mode protects IKE identities by not exposing them during negotiations. Option B, aggressive mode, does expose IKE identities and is therefore not compliant. While option C, using IKEv2, is a more secure protocol, it does not specifically address the exposure of IKE identities, and option D does not relate to the IKE negotiation process.