ExamTopics Logo
Mail Us[email protected]
Menu
Juniper Discussions
exam questions

Exam JN0-696 All Questions

View all questions & answers for the JN0-696 exam
Go to Exam

Exam JN0-696 topic 1 question 25 discussion

Actual exam question from Juniper's JN0-696
Question #: 25
Topic #: 1
[All JN0-696 Questions]

-- Exhibit --
user@SRX-1> show configuration security ike
traceoptions {
file ike-trace;
flag all;
}
policy juniper {
proposal-set standard;
pre-shared-key ascii-text "$ $ znCO hKMXtuMX - gTz "; ## SECRET-DATA
}
gateway juniper {
ike-policy juniper;
address 192.168.1.11;
external-interface fe-0/0/7;
}
user@SRX-1> show configuration security ipsec
traceoptions {
flag all;
}
policy juniper {
proposal-set standard;
}
vpn juniper {
bind-interface st0.0;
ike {
gateway juniper;
ipsec-policy juniper;
}
}
user@SRX-1> show security ike security-associations
user@SRX-1> show security ipsec security-associations

Total active tunnels: 0 -
user@SRX-1> show log ike-trace
...
Jun 13 16:21:33 ike_st_o_all_done: MESSAGE: Phase 1 { 0x3f669946 90eba0c7 - 0x76bdffab f8770040 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key l
Jun 13 16:21:33 192.168.1.10:500 (Responder) -> 192.168.1.11:500 { 3f669946 90eba0c7 - 76bdffab f8770040 [-1] / 0x00000000 } IP; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key
Jun 13 16:21:33 ike_encode_packet: Start, SA = { 0x3f669946 90eba0c7 - 76bdffab f8770040 } / 00000000, nego = -1
Jun 13 16:21:33 ike_send_packet: Start, send SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1, dst = 192.168.1.11:500, routing table id = 0
Jun 13 16:21:33 ike_send_notify: Connected, SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1
Jun 13 16:21:33 iked_pm_ike_sa_done: local:192.168.1.10, remote:192.168.1.11 IKEv1
Jun 13 16:21:33 iked_pm_id_validate id NOT matched.
Jun 13 16:21:33 P1 SA 3075313 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x331.
Jun 13 16:21:33 iked_pm_ike_sa_delete_notify_done_cB. For p1 sa index 3075313, ref cnt 1, status: Error ok
Jun 13 16:21:33 ike_expire_callback: Start, expire SA = { 3f669946 90eba0c7 - 76bdffab f8770040}, nego = -1
Jun 13 16:21:33 ike_alloc_negotiation: Start, SA = { 3f669946 90eba0c7 - 76bdffab f8770040}
...
-- Exhibit --
Click the Exhibit button.
You are troubleshooting a new IPsec VPN that is not establishing between SRX-1 and a remote end device.
Referring to the exhibit, what is causing the problem?

  • A. Pre-shared key mismatch
  • B. IKE Phase 1 proposals mismatch
  • C. IKE Phase 1 IKE ID mismatch
  • D. IKE Phase 2 proxy ID mismatch
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
See line:
Jun 13 16:21:33 iked_pm_id_validate id NOT matched.
by lugiricy at April 4, 2025, 8:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel