Q55 — AWS ANS-C01 Ch.1

Question 55 of 100 | ← Chapter 1

A network engineer needs to build an encrypted connection between an on-premises data center and a VPC. The network engineer attaches the VPC to a virtual private gateway and sets up an AWS Site-to-Site VPN connection. The VPN tunnel is UP after configuration and is working. However, during rekey for phase 2 of the VPN negotiation, the customer gateway device is receiving different parameters than the parameters that the device is configured to support. The network engineer checks the IPsec configuration of the VPN tunnel. The network engineer notices that the customer gateway device is configured with the most secure encryption algorithms that the AWS Site-to-Site VPN configuration le provides. What should the network engineer do to troubleshoot and correct the issue?

Correct Answer: B. Check the native customer gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.

Explanation

在这个问题中,客户网关设备在VPN协商的第2阶段重密钥时收到了不支持的参数。由于是客户网关设备出现接收参数与配置不匹配的情况,所以应该检查原生客户网关日志。同时,为解决此问题,需要将VPN隧道选项限制为客户网关所要求的特定VPN参数。因此,选项B是正确的答案。 查看全部