AWS VPN Connection for Highly Available On-Premise Data Centers

Establishing Highly Available VPN Connection to AWS | ANS-C01 Exam Answer

Q: Your company has multiple data centers located on-premise.They want to establish a VPN connection to AWS.But they also want the connection to be highly available.Which of the below options can fulfil this requirement.Choose 2 answers from the options below.Each option presents part of the option.

Create 2 customer gateways.Create a Virtual private gateway

Prev Question Next Question

Question

Your company has multiple data centers located on-premise.

They want to establish a VPN connection to AWS.

But they also want the connection to be highly available.

Which of the below options can fulfil this requirement.

Choose 2 answers from the options below.

Each option presents part of the option.

Answers

A. Create 2 customer gateways.

B. Create 2 Virtual private gateways

C. Create a Virtual private gateway

D. Create a customer gateway.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and C.

The below diagram shows a high available architecture for AWS VPN connections.

For more information on High Availability of VPN connections , please refer to the below link:

https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/

DataCenter
10.0.0.016

Customer
Gateway #1

Data Center2
10..0.016

172.16.0.0/16

‘Customer
Gateway #2.

Amazon Region

To establish a highly available VPN connection between on-premise data centers and AWS, we need to use redundant components and configurations to ensure that if one component fails, another component can take over the connection without interruption.

A customer gateway is a physical device or software application on-premise that connects the customer network to the AWS network. A virtual private gateway is an AWS-side VPN endpoint that represents two Amazon VPCs or a VPC and a VPN connection.

To create a highly available VPN connection to AWS from multiple on-premise data centers, we need to use redundant components on both the customer gateway and virtual private gateway sides. Here are the options:

Option A: Create 2 customer gateways. This option can fulfill the high availability requirement by configuring two customer gateways in each data center and establishing VPN connections to two virtual private gateways in AWS. By using two customer gateways, we can ensure that if one customer gateway fails, the other customer gateway can take over the VPN connection without interruption.

Option B: Create 2 Virtual private gateways. This option can fulfill the high availability requirement by configuring two virtual private gateways in AWS and establishing VPN connections to each data center's customer gateway. By using two virtual private gateways, we can ensure that if one virtual private gateway fails, the other virtual private gateway can take over the VPN connection without interruption.

Option C: Create a Virtual private gateway. This option cannot fulfill the high availability requirement because there is no redundancy in the virtual private gateway. If the virtual private gateway fails, there will be no backup to take over the VPN connection.

Option D: Create a customer gateway. This option cannot fulfill the high availability requirement because there is no redundancy in the customer gateway. If the customer gateway fails, there will be no backup to take over the VPN connection.

Therefore, options A and B can fulfill the high availability requirement.

Prev Question Next Question