Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 433

Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration.

What part of the configuration should the engineer verify?

Answer options

Correct answer: C

Explanation

The correct answer is C, Proxy-IDs, as they define the traffic selectors for the VPN tunnel and must match on both ends for successful establishment. Options A and B pertain to different aspects of the VPN configuration, while D is related to software compatibility rather than the specific connection issue at hand.