A network engineer must establish an encrypted connection between an on-premises data center and a VPC. The engineer connects the VPC to a virtual private gateway and configures an AWS Site-to-Site VPN connection. The VPN tunnel is operational after setup. However, during the phase 2 rekey of the VPN negotiation, the customer gateway device receives parameters that differ from its configured supported parameters.

The engineer reviews the IPsec configuration of the VPN tunnel and observes that the customer gateway device is configured with the most secure encryption algorithms available in the AWS Site-to-Site VPN configuration file.

What steps should the network engineer take to troubleshoot and resolve this issue?

Exam-Like

Check the native virtual private gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the virtual private gateway requires.

16.7%

Check the native customer gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.

33.3%

Check Amazon CloudWatch logs of the virtual private gateway. Restrict the VPN tunnel options to the specific VPN parameters that the virtual private gateway requires.

33.3%

Check Amazon CloudWatch logs of the customer gateway. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.

16.7%

AWS Certified Advanced Networking - Specialty

Comments

Get started today