Exam JN0-696 topic 1 question 29 discussion

Actual exam question from Juniper's JN0-696

Question #: 29
Topic #: 1

-- Exhibit ""

-- Exhibit --
Click the Exhibit button.
You have created a new VPN tunnel to your partner's site but IKE Phase 1 is not coming up. You check the trace log and find the following log message:

Jun -
[IKED 2] iked_pm_id_validate id NOT matched.
Considering the topology and the SRX Series device's configuration shown in the exhibit, which modification is needed under [edit security gateway Partner]?

A. rename address 20.1.1.1 to address 192.168.1.1
B. set remote-identity inet 192.168.1.1
C. set local-identity inet 20.1.1.1
D. set local-identity inet 50.1.1.1

Show Suggested Answer

Suggested Answer: B 🗳️
You stablish the tunnel against a public IP of a firewall, which maps NAT to the private IP. The address is right, as you never been able to reach a private IP address through the internet.
You need to stablish the tunnel with the private IP, so the remote address command is the right choice.
References:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB25462

by lugiricy at April 4, 2025, 8:42 p.m.

Comments

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!

Exam JN0-696 All Questions

View all questions & answers for the JN0-696 exam

Exam JN0-696 topic 1 question 29 discussion

Comments

SY0-701