Fortinet
NSE8_812 · Question #49
NSE8_812 Question #49: Real Exam Question with Answer & Explanation
Sign in or unlock NSE8_812 to reveal the answer and full explanation for question #49. The question stem and answer options stay visible for context.
Question
Refer to the exhibits.
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C.
Referring to the exhibits, which configuration will restore VPN connectivity?
Exhibit A:
vd: root/0
name: vpn-hub02-1
version: 2
interface: wan1 7
addr: 10.73.255.67:500 -> 10.73.255.82=500
tun_id: 10.73.255.82/::10.73.255.82
remote_location: 0.0.0.0
created: 82236s ago
peer-id: CN = fgtdc01.example.com
peer-id-auth: yes
assigned IPv4 address: 192.168.73.67/255.255.255.224
auto-discovery: 2 receiver
PPK: no
IKE SA: created 1/1 established 1/1 time 50/50/50 ms
IPSec SA: created 1/2 established 1/2 time 0/25/50 ms
id/spi: 1 e4f6465bbae7490f/2535d26ef1f21557
direction: initiator
status: established 82236-82236s ago = 50ms
proposal: aes256-sha256
child: no
PPK: no
message-id sent/recv: 4/1
lifetime/rekey: 86400/3863
DPD sent/recv: 00000000/00000000
peer-id: CN = fgtdc01.example.com
Exhibit B: fgt01-branch01 # diag vpn tunnel list list all ipsec tunnel in vd 0
vpn=vpn-hub02-1 serial=10.73.255.67:0->10.73.255.82:0 tun_id=10.73.255.82 tun_id=::10.73.255.82 dst_mtu=1500 dpd=link on weight=1 bound_if=1 igw=static/1 tun=tunnel/255 mode=auto/1 encap=none/536 options[0218]=npu create_dev fragment accept: traffic=0/create_dev_id=0 child_name=0 child_num=0 re_cnt=4 ilast=0 olast=0 ad=r/2 stat: rxp=1 txp=1500326 rxb=73 txb=27304063 dpd: mode=on-demand time=10 idl=2850ms retry=0 count=0 segno=0 natt: mode=auto_natt=0 nat_local=0 nat_p_port=0 proxyid=vpn-hub02-1 proto=0 sa=1 ref=27 serial=1 net=negotiate adr dir: 0/0.0.0.0/0.0.0.0 dst: 0/0.0.0.0/0.0.0.0 SA: ref=0 options=1a227 type=00 soft=0 autu=1438 expire=3844/08 replaywin=2048 seq=b1d15 len=0 replaywin_lastseq=00000000 ltn=0 qat=0 hash_search_len=1 life: type=0 size=0 id=1 time=0/4294967295 decr spi=4dadc1a4 esp-aes key=32 6495040906365610c49c9b9d15e22c454644048049048a481e6ed9f937d42ef ah=sha256 key=20 7fb8c9a764411d510b04db8263c10d4df583b23c9db8d260eb2dcfa1ad59 enci spi=d43f60f6 esp-aes key=32 02741b12b5eb52ee6f01166a72e1c01b0f55097e9db8f7e2d9a5b11779b556c3cf ah=sha256 key=20 9e9b0fdbe4c21c473c4f52df7e1dfb00dbe7e1afe1f7e24747f5f2dd2b0fa decipkts/bytes=0/0, encipkts/bytes=1455659/316245764 npu_flag=03 npu_rqw=10.73.255.82 npu_lqw=10.73.255.67 npu_selid=0 dec_npuid=1 enc_npuid=1 Exhibit C: config vpn ipsec phase1-interface edit "vpn-hub02-1" set interface "wan1" set net-device enable set mode-cfg enable set proposal aes256-sha256 set add-route disable set auto-discovery receiver set remote-gw 10.73.255.82 next endOptions
- Aconfig vpn ipsec phase1-interface edit "vpn-hub02-1" set ike-version 1 set authmethod signature set certificate "BR01FGTLOCAL" set peer "vpn-hub02-1_peer" next end
- Bconfig vpn ipsec phase1-interface edit "vpn-hub02-1" set ike-version 2 set net-device enable set psksecret fortinet next end
- Cconfig vpn ipsec phase1-interface edit "vpn-hub02-1" set ike-version 2 set authmethod signature set npu-offload disable set certificate "BR01FGTLOCAL" set peer "vpn-hub02-1_peer" next end
- Dconfig vpn ipsec phase1-interface edit "vpn-hub02-1" set ike-version 2 set authmethod signature set certificate "BR01FGTLOCAL" set peer "vpn-hub02-1_peer" next end
Unlock NSE8_812 to see the answer
You've previewed enough free NSE8_812 questions. Unlock NSE8_812 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.