Create a VPN Connection | AWS Certified Solutions Architect - Professional

Create a VPN Connection

Prev Question Next Question

Question

You work in the integration team of a company, and your team is integrating the infrastructure with Amazon VPC.

You are recently assigned a task to create a VPN connection.

You have the AWS management console logging access.

The first step that you plan to do is to create a customer gateway in the AWS VPC console.

In order to do that, which information do you need? (Select TWO)

Answers

A. A Border Gateway Protocol (BGP) Autonomous System Number (ASN) if the routing type is Dynamic.

B. A BGP Autonomous System Number (ASN) if the routing type is static.

C. A dynamic public IP address for the customer gateway device. If the customer gateway is behind a NAT device, use the NAT device`s dynamic public IP address.

D. A static, internet-routable IP address for the customer gateway device.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - A, D.

The first step of creating a VPN connection is to set up a customer gateway in the AWS VPC console according to https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html.

Option A is correct: AWS VPN has used BGP ASN to establish the connection for dynamic routing.

Option B is incorrect: For static routing, no BGP ASN is needed.

Option C is incorrect: The internet-routable IP address for the customer gateway device's external interface is required.

And the value must be static.

Option D is correct: Same reason as option.

Version Description Run a PowerShell script or specify the paths to scripts to run.

Targets

Targets are the instances you would like to associate with this document. You can choose to target by both managed instance and tag.

Select Targets by ©

AWS-RunPatchBaseline
e@ AWS-RunPowerShellScript
AWS-RunRemoteScript
AWS-RunSaltState
AWS-RunShellScript

AWS-SetupInventory

Specifying a Tag

Manually Selecting Instances

Amazon
Amazon
Amazon
Amazon
Amazon

Amazon

Windows,Linux
Windows,Linux
Windows,Linux
Linux
Linux

Windows,Linux

When creating a VPN connection in Amazon VPC, the first step is to create a customer gateway. A customer gateway is the VPN device that is located on-premises and establishes the VPN connection with the virtual private gateway (VGW) in Amazon VPC.

To create a customer gateway, the following information is required:

A static, internet-routable IP address for the customer gateway device: This is required to establish a secure VPN tunnel between the customer gateway and virtual private gateway. The IP address must be reachable over the internet and should not be a private or non-routable IP address.
A Border Gateway Protocol (BGP) Autonomous System Number (ASN): This is required if the routing type is dynamic. BGP is a protocol that enables the exchange of routing information between the customer gateway and the virtual private gateway. If the customer gateway is using BGP, it must have a unique ASN.

In addition, if the customer gateway is behind a NAT device, the dynamic public IP address of the NAT device can be used.

It is important to note that the ASN is only required for dynamic routing. If the routing type is static, an ASN is not required. Static routing requires the configuration of static routes on the customer gateway, whereas dynamic routing uses BGP to automatically learn and advertise routes between the customer gateway and the virtual private gateway.

In summary, to create a customer gateway in Amazon VPC, you need a static, internet-routable IP address for the customer gateway device, and a BGP ASN if the routing type is dynamic. If the customer gateway is behind a NAT device, the dynamic public IP address of the NAT device can be used.

Prev Question Next Question