Refer to the exhibit, which contains the output of diagnose vpn tunnel list.
Which command will capture ESP traffic for the VPN named DialUp_0?
NSE7_NST-7.2 Exam QuestionsBrowse all questions from this exam
NSE7_NST-7.2 Exam - Question 31
Show AnswerHide Answer
Correct Answer:
Discussion
3 commentsad01c21Option: D
Dec 4, 2024Should be D, UDP 4500
tuky88Option: C
Dec 8, 2024C is correct. Refer to: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Capture-ESP-and-Interesting-traffic-on-single-GUI/ta-p/193867
ad01c21
Dec 10, 2024I'm not agree, we are in situation of NAT-T, because port 4500 is used, hence ESP traffic is encapsulated in UDP 4500.
evdw
Dec 17, 2024We are in a NAT-T because scr addr of device is not same as scr addr of the packet, and indeed most of the time UDP/4500 is then used, as in this case so correct answer is D
evdw
Dec 17, 2024We are in a NAT-T because scr addr of device is not same as scr addr of the packet, and indeed most of the time UDP/4500 is then used, as in this case so correct answer is D
gneehaOption: D
Dec 17, 2024because mode=silent means nat is forced so nat is present so udp 4500 refer https://www.examtopics.com/discussions/fortinet/view/94129-exam-nse7_efw-70-topic-1-question-46-discussion/