ExamGecko
Home / Palo Alto Networks / PCNSE / Practice Test 2
Ask Question

Palo Alto Networks PCNSE Practice Test 2

Add to Whishlist
00:00:00
Show Answer
Report Issue   Restart test

Question 1 / 40

An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0."

What is the cause of the issue?

IPSec crypto profile mismatch
IPSec crypto profile mismatch
IPSec protocol mismatch
IPSec protocol mismatch
mismatched Proxy-IDs
mismatched Proxy-IDs
bad local and peer identification IP addresses in the IKE gateway
bad local and peer identification IP addresses in the IKE gateway
Comment (0)
Suggested answer: C
Explanation:

According to the Palo Alto Networks documentation, "A successful phase 2 negotiation requires not only that the security proposals match, but also the proxy-ids on either peer, be a mirror image of each other. So it is mandatory to configure the proxy-IDs whenever you establish a tunnel between the Palo Alto Network firewall and the firewalls configured for policy-based VPNs." The log message indicates that the local and remote IDs are identical, which means they are not mirrored.Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClW8CAK

asked 23/09/2024
shubha sunil
39 questions