An administrator is troubleshooting an IPsec VPN tunnel that establishes phase 1 but fails phase 2. Which TWO commands are MOST useful to diagnose the phase 2 failure? (Choose two.)
Shows phase 2 proposals and selectors.
Why this answer
Options A and D are correct. 'diagnose vpn ike config' shows the IKE configuration including phase 2 proposals and selectors. 'diagnose debug application ike 255' enables detailed IKE debug, which will show the negotiation details including phase 2 failure reasons.