As shown in the figure, the configurations of the two security gateways are:
RTA
[RTA] ike peer 123
[RTA-ike-peer-123] pre-shared-ke simp le 123
[RTA-ike-peer-123] remote-address 10.2.1.2
[RTA-ike-peer-123] local-address 10.2.1.1
[RTA-ike-peer-123]quit
[RTA] ipsec proposal 1
[RTA-ipsec-proposal-1] quit
[RTA]acl number 3000
[RTA-acl-adv-3000] rule 0 permit ip source 10.1.1.0 0.255.255.255
[RTA]ipsec polic 1 1 isakmp
[RTA-ipsec-polic-isakmp-1-1] securit acl 3000
[RTA-ipsec-polic-isakmp-1-1] ike-peer 123
[RTA-ipsec-polic-isakmp-1-1] proposal 1
[RTA-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA] interface Serial 0/2/1
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA-Serial0/2/1]] ipsec polic 1
RTB:
[RTB] ike peer 123
[RTB-ike-peer-123] pre-shared-ke simple 123
[RTB-ike-peer-123] remote-address 10.2.1.1
[RTB-ike-peer-123] local-address 10.2.1.2
[RTB-ike-peer-123]quit
[RTB] ipsec proposal 1
[RTB-ipsec-proposal-1] quit
[RTB]acl number 3000
[RTB-acl-adv-3000] rule 0 permit ip source 10.3.1.0 0.255.255.255
[RTB]ipsec polic 1 1 isakmp
[RTB-ipsec-polic-isakmp-1-1] securit acl 3000
[RTB-ipsec-polic-isakmp-1-1] ike-peer 123
[RTB-ipsec-polic-isakmp-1-1] proposal 1
[RTB-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.3.1.1 255.255.255.0
[RTB] interface Serial0/2/1
[RTB-Serial0/2/1] ip address 10.2.1.2 255.255.255.0
[RTB-Serial0/2/1] ipsec polic 1
This shows that ______ .
- A . either any party initiated SA negotiation can be successful
B. any any party initiated SA negotiation can not succeed
C. Only there from the RTA to RTB launch of SA negotiation can succeed
D. Only there from RTB to RTA launched the SA negotiation can succeed
Explanation:
- tunnel after successful iterations Road Tunnel ID
Routing information exchange from egress PE to remote CE
There are many ways for the remote CE to learn VPN routes from the egress PE , including static routing, RIP , OSPF , IS-IS, and BGP , which are the same as the routing information exchange from the local CE to the ingress PE .I won't repeat them here.It is worth noting that the routes advertised by the egress PE to the remote CE are ordinary IPv4 routes.Example of VPN route publishing process