Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)
A.
The npu_flag for this tunnel is 03.
B.
Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.
npu_flag=00 Both IPsec SAs loaded to the kernel
npu_flag=01 Outbound IPsec SA copied to NPU
npu_flag=02 Inbound IPsec SA copied to NPN
npu_flag=03 Both outbound and inbound IPsec SA copied to NPU
npu_flag=20 Unsupported cipher or HMAC, IPsec SA cannot be offloaded
npu_flag=03 Both outbound and inbound IPsec SA copied to NPU
"set replay enable" under config vpn ipsec phase2-interface in order to enable Anti-Replay
A - npu_flag=03 Means that both ingress & egress ESP packets will be offloaded.
C - "set replay enable" under config vpn ipsec phase2-interface in order to enable Anti-Replay
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
johnnd
Highly Voted 1 year agoromartinedg
Most Recent 8 months, 1 week agonerrabacer
8 months, 1 week agocertifi46
1 year agomau_80
10 months, 3 weeks agoQuetchup
1 year, 1 month agoBeluga123
1 year, 2 months agoSeph1
1 year, 3 months ago