NSE4 · Question #288
NSE4 Question #288: Real Exam Question with Answer & Explanation
Sign in or unlock NSE4 to reveal the answer and full explanation for question #288. The question stem and answer options stay visible for context.
Question
A FortiClient fails to establish a VPN tunnel with a FortiGate unit. The following information is displayed in the FortiGate unit logs: msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)" msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)" msg="Initiator: sent 192.168.11.101 quick mode message #1 (OK)" msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa" msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)" msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5" msg="Failed to acquire an IP address Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
Options
- AAn IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
- BThere is no IPSec firewall policy configured for the policy-based VPN.
- CThere is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2
- DThe phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses
Unlock NSE4 to see the answer
You've previewed enough free NSE4 questions. Unlock NSE4 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.