Click the Exhibit button.Referring to the exhibit, you must send traffic from Host-1 to Host-2. These two hosts can only communicate with IPv4.Which feature would you use to permit communication between Host-1 and Host-2?
Click the Exhibit button -[edit security]user@host# show policiesglobal {policy new-policy {match {source-address any;destination-address any;application junos-https;}then {permit {application-services {application-firewall {rule-set appfw;}}}}}}[edit security]user@host# show application-firewallrule-sets appfw {rule 1 {match {dynamic-application junos:SSL;}then {permit;}}rule 2 {match {dynamic-application junos:HTTP;}then {reject;}}default-rule {permit;}}Referring to the exhibit, which two statements are correct? (Choose two.)
Click the Exhibit button.user@host> show log messageFeb 4 00:04:17 host rpd[4516]: EVENT <UpDowm> st0.0 index 76 <Up Broadcast Multicast>Feb 4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway:192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:Feb 4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 > (null) <Up Broadcast Multicast>Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name: to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID: ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:11,[0..7]=0.0.0.0/0)Feb 4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539, ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway:192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:Feb 4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway:192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:Feb 4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name: to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)Feb 4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local:192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available, Remote Not-Available, VR-ID: 0Referring to the exhibit, which statement is correct?to-spoke-3 VPN is failing.
You have configured an IPsec VPN with traffic selectors; however, your IPsec tunnel does not appear to be working properly.What are two reasons for the problem? (Choose two.)
You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implementIDP SSL decryption. Upon enabling the decryption, you notice sessions are not decrypted.Which action resolves the problem?
You are asked to implement a Dynamic IPsec VPN on your new SRX240. You are required to facilitate up to 5 simultaneous users.Which two statements must be considered when accomplishing the task?
