WatchGuard Network Security Essentials — Question 49

While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)

Answer options

• A. BOVPN Gateway settings
• B. BOVPN-Allow policies
• C. BOVPN Tunnel settings
• D. BOVPN Tunnel Route settings

Correct answer: A

Explanation

The correct answer is A because the BOVPN Gateway settings are where encryption parameters for the VPN tunnel are defined, allowing you to modify the phase one encryption method. The other options, such as BOVPN-Allow policies, BOVPN Tunnel settings, and BOVPN Tunnel Route settings, do not directly address the encryption method mismatch issue.