Which of these is true of IP addressing with regard to VPN termination?
A . addressing designs need to allow for summarization
B . termination devices need routable addresses inside the VPN
C . IGP routing protocols will update their routing tables over an IPsec VPN
D . designs should not include overlapping address spaces between sites, since NAT is not
supported
Answer: A
Explanation:
Best design practices say the VPN design should allow for summarization. With regards to D – sometimes you cannot avoid overlapping addresses as this is what is configured at client’s end, and the only option is to hide the overlapping subnet behind NAT – based on experience (The author of this remark has 50x VPN tunnels and majority of them is using NAT, even if the subnet doesn’t overlap, we want to hide our real IPs behind something else – extra security)
Leave a Reply