A network administrator has been tasked with implementing an IKEv2 tunnel from a remote site to a headquarter site. For security reasons, all traffic from the remote site must be sent across the tunnel, including traffic destined to the internet. Both sites are using a Cisco ASA firewall and are capable of running IKEv2.
Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?
| A. |
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535 | |
| B. |
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535 | |
| C. |
Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535 | |
| D. |
Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0-0.0.0.0/65535 | |
| E. |
Local selector 0.0.0.0/0-0.0.0.0/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535 |
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).