A company operates an AWS environment with multiple VPCs interconnected via a transit gateway. They plan to use AWS Site-to-Site VPN to connect their on-premises network to the AWS environment. However, the on-premises network lacks a static public IP address. A network engineer needs to configure the VPN connection to be initiated from the AWS side to enable traffic from the AWS environment to the on-premises network.

Which three steps should the network engineer perform to establish VPN connectivity between the transit gateway and the on-premises network?

Exam-Like

Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 1 (IKEv1).

Configure the Site-to-Site VPN tunnel options to use Internet Key Exchange version 2 (IKEv2).

Use a private certificate authority (CA) from AWS Private Certificate Authority to create a certificate.

Use a public certificate authority (CA) from AWS Private Certificate Authority to create a certificate.

Create a customer gateway. Specify the current dynamic IP address of the customer gateway device’s external interface.

AWS Certified Advanced Networking - Specialty