You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)
You are attempting to establish an IPsec VPN between two SRX devices. However, there is another device between the SRX devices that does not pass traffic that is using UDP port 4500.
How would you resolve this problem?
Enable NAT-T.
Disable NAT-T.
Disable PAT.
Enable PAT.
Correct answer: B
Explanation:
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue. Reference : https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&cad=rja&ved=0CHsQFjAJ&url=http%3A%2F %2Fchimera.labs.oreilly.com%2Fbooks %2F1234000001633%2Fch10.html&ei=NZrtUZHHO4vJrQezmoCwAw&usg=AFQjCNGU05bAtnFu1vXNg ssixHtCBoNBnw&sig2=iKzzPNQqiH2xrsjveXIleA&bvm=bv.49478099,d.bmk
NAT-T also uses UDP port 4500 (by default) rather than the standard UDP. So disabling NAT-T will resolve this issue.