# NSE7 — Question 425

**Type:** multiple_choice
**Topics:** topic_1

## Question

Examine the IPsec configuration shown in the exhibit; then answer the question below.
//IMG//

An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands: diagnose vpn ike log-filter src-addr4 10.0.10.1 diagnose debug application ike -1 diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both IPsec gateways. However, the IKE real time debug does NOT show any output. Why isn't there any output?

## Correct Answer

_See scenario._

## Explanation

A correct
dst-addr4 usualy is used because if you have one phase1-int with many phase2, you will get a lot of spam in the output, but it is good filter for p2p connection. In this case "Remote" is just name, it is a "local" device and it has correct ip for the src filter.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/fortinet/NSE7/425  
Practice (tracked): https://hiexam.net/study/NSE7/practice