NSE4 · Question #45
NSE4 Question #45: Real Exam Question with Answer & Explanation
The correct answer is A: The connecting client has been allocated address 172.20.1.1.. The diagnose vpn tunnel list output confirms that a connecting VPN client has been allocated the IP address 172.20.1.1 and that Dead Peer Detection (DPD) is enabled in the Phase 1 settings for the tunnel.
Question
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below. Which statements are correct regarding this output? (Choose two.)
Options
- AThe connecting client has been allocated address 172.20.1.1.
- BIn the Phase 1 settings, dead peer detection is enabled.
- CThe tunnel is idle.
- DThe connecting client has been allocated address 10.200.3.1.
Explanation
The diagnose vpn tunnel list output confirms that a connecting VPN client has been allocated the IP address 172.20.1.1 and that Dead Peer Detection (DPD) is enabled in the Phase 1 settings for the tunnel.
Common mistakes.
- C. The
diagnose vpn tunnel listcommand typically displays information for active or established tunnels; while a tunnel can be idle (no traffic), the primary purpose of this command is to list currently functioning VPN connections. - D. If the connecting client has been allocated 172.20.1.1 (as per choice A), it cannot also be simultaneously allocated 10.200.3.1 for the same VPN connection.
Concept tested. IPsec tunnel diagnostics interpretation (FortiGate)
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/cli-reference/263590/diagnose-vpn-tunnel
Topics
Community Discussion
No community discussion yet for this question.