An architect is helping an organization with the Logical Design of an NSX-T Data Center solution.
This information was gathered during the Assessment Phase:
– Data between two networks connected over a public network needs to be encrypted.
– Certificate authentication is required.
– Dynamic route learning is preferred.
Which should the architect include in their design?
A . Deploy a Tler-0 gateway in Active/Active mode. Configure policy-based IPSec VPN with SHA256withRSA as the hash algorithm.
B . Deploy a Tler-0 gateway In Active/Active mode. Configure route-based IPSec VPN with SHA512wlthRSA as the hash algorithm.
C . Deploy a Tier-0 gateway in Active/Standby mode. Configure route-based IPSec VPN with SHA512withRSA as the hash algorithm.
D . Deploy a Tier-0 gateway in Active/Standby mode. Configure policy-based IPSec VPN with SHA256withRSA as the hash algorithm.
Answer: C
Explanation:
F- For IP-Sec, Tier 0 Gateways must be in Active/Standby. Route-based IPSec VPN is required for
dynamic route learning
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-C0E5AF10-576D-493A-A079-C4C95D8F5373.html
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-DF689847-252E-451E-84B5-DB507CC010AC.html