A FortiOS device is used for termination of VPNs for a number of remote spoke VPN units (designated Group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared keys. Your company recently acquired another organization. You are asked to establish VPN connectivity for the newly acquired organization’s sites for which new devices will be provisioned (designated Group B spokes). Both existing (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired organization (Group B) have different access permissions that your existing VPN spokes units (Group A). Which two solutions meet the requirements for the new spoke group? (Choose two.)

A. Implement a new phase 1 dial-up main mode tunnel with preshared keys and XAuth. Use identity policies to filter traffic.
B. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than Group A spokes. Use standard policies to filter traffic for the new dial- up tunnel.
C. Implement a new phase 1 dial-up main mode tunnel with certificate authentication. Use standard policies to filter traffic for the new dial-up tunnel.
D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID. Use standard policies to filter traffic for the new dial-up tunnel.
  Discussion forum

Question
0

Leave an answer