NSE 7 – Network Security Technologies 7.2 — Question 14

Which statement about IKE and IKE NAT-T is true?

Answer options

• A. IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.
• B. IKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.
• C. They each use their own IP protocol number.
• D. They both use UDP as their transport protocol and the port number is configurable.

Correct answer: D

Explanation

The correct answer is D because both IKE and IKE NAT-T utilize UDP as their transport protocol, and the port number can be configured. Option A is incorrect as IKE does not encapsulate ESP traffic; it is used for key management. Option B is wrong since IKE NAT-T is not exclusive to IKEv2, and option C is incorrect as they do not operate with separate IP protocol numbers.