NSE 4 – FortiGate 6.2 — Question 64

Which two options are purposes of NAT traversal in IPsec? (Choose two.)

Answer options

• A. To force a new DH exchange with each phase 2 rekey
• B. To detect intermediary NAT devices in the tunnel path
• C. To encapsulate ESP packets in UDP packets using port 4500
• D. To dynamically change phase 1 negotiation mode to aggressive mode

Correct answer: B, C

Explanation

The correct answers, B and C, are essential for NAT traversal as they help in identifying NAT devices and allow ESP packets to be encapsulated in UDP for compatibility with NAT. Options A and D are not related to NAT traversal; they pertain to phase 1 and phase 2 negotiation processes but do not address the specific purpose of traversing NAT devices.