nerdexam
Fortinet

NSE7_SDW-6.4 · Question #65

NSE7_SDW-6.4 Question #65: Real Exam Question with Answer & Explanation

The correct answer is B. FortiGate creates one single IPsec virtual interface that is shared by all clients. C. FortiGate maps the remote gateway 100.64.3.1 to tunnel index interface 1.. See the full explanation below for the reasoning.

Question

Refer to the exhibit. Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.) config vpn ipsec phase1-interface edit Hub set add-route enable set net-device enable set tunnel-search nexthop next end

diagnose vpn tunnel list name Hub list ipsec tunnel by names in vd 0

name=hub-ver-1 ver=13 id=100.64.1.1:0->0.0.0.0:0 dst_mtu=0 bound_if=0 key-state=1/1 tun_if=0/0 mode=dialup/2 encap=none/512 options[0200]=search-nexthop frag-rxfc accept_traffic=1 proxylD_num=0 child_num=2 refcnt=20 ilast=176 olast=176 ad=/0 psk_id= psp=22 exp=1 rxb=892 txb=1752 dpdp=mode=on-demand idle=20000ms retry=3 count=0 seqno=0 natt: mode=none draft=0 interval=0 remote_port=0 run_tally=2 ipsec route tree: 100.64.1.1 100.64.5.1 0 172.16.1.2 1 172.16.1.3 0

Options

  • AFortiGate creates separate virtual interfaces for each dial-up client.
  • BFortiGate creates one single IPsec virtual interface that is shared by all clients.
  • CFortiGate maps the remote gateway 100.64.3.1 to tunnel index interface 1.
  • DFortiGate does not install IPsec static routes for remote protected networks in the routing table.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NSE7_SDW-6.4 Practice