What causes the SIP Early NAT chain module to appear in the chain?
A. The SIP traffic is trying to pass through the firewall.
B. SIP is configured in IPS.
C. A VOIP domain is configured.
D. The default SIP service is used in the Rule Base.
Answer: D
In a production environment, your gateway is configured to apply a Hide NAT for all internal traffic destined to the Internet. However, you are setting up a VPN tunnel with a remote gateway, and you are concerned about the encryption domain that you need to define on the remote gateway. Does the remote gateway need to include your production gateway’s external IP in its encryption domain?
A. No – all packets destined through a VPN will leave with original source and destination packets without translation.
B. No – all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, will have the same internal source and destination IP addresses.
C. Yes – all packets destined to go through the VPN tunnel will have the payload encapsulated in an ESP packet and after decryption at the remote site, the packet will contain the source IP of the Gateway because of Hide NAT.
D. Yes – The gateway will apply the Hide NAT for this VPN traffic.
Answer: B
