Answer-first summary for fast verification
Answer: Check the native customer gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.
The issue described involves a mismatch in VPN parameters during the rekey for phase 2 of the VPN negotiation, specifically with the customer gateway device receiving different parameters than it is configured to support. Since the VPN tunnel is already UP and working, the problem is not with the initial setup but with the rekey process. The most secure encryption algorithms are already in use, as per the AWS Site-to-Site VPN configuration file. The key to resolving this issue lies in ensuring that the VPN tunnel options are restricted to the specific VPN parameters that the customer gateway requires, as it is the customer gateway that is experiencing the mismatch. Therefore, the network engineer should check the native customer gateway logs to identify the specific parameters it supports and then adjust the VPN tunnel options accordingly. This approach directly addresses the root cause of the issue by aligning the VPN parameters with the customer gateway's configuration.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A network engineer must establish an encrypted connection between an on-premises data center and a VPC. The engineer connects the VPC to a virtual private gateway and configures an AWS Site-to-Site VPN connection. The VPN tunnel is operational after setup. However, during the phase 2 rekey of the VPN negotiation, the customer gateway device receives parameters that differ from its configured supported parameters.
The engineer reviews the IPsec configuration of the VPN tunnel and observes that the customer gateway device is configured with the most secure encryption algorithms available in the AWS Site-to-Site VPN configuration file.
What steps should the network engineer take to troubleshoot and resolve this issue?
A
Check the native virtual private gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the virtual private gateway requires.
B
Check the native customer gateway logs. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.
C
Check Amazon CloudWatch logs of the virtual private gateway. Restrict the VPN tunnel options to the specific VPN parameters that the virtual private gateway requires.
D
Check Amazon CloudWatch logs of the customer gateway. Restrict the VPN tunnel options to the specific VPN parameters that the customer gateway requires.