You are setting up an HA VPN connection between your Google Cloud Virtual Private Cloud (VPC) and an on-premises network. The VPN gateway is named `VPN_GATEWAY_1`. How can you ensure that VPN tunnels in the project only establish connections to your on-premises VPN public IP address `203.0.113.1/32`?

Exam-Like

Configure a firewall rule accepting 203.0.113.1/32, and set a target tag equal to VPN_GATEWAY_1.

25.0%

Configure the Resource Manager constraint constraints/compute.restrictVpnPeerIPs to use an allowList consisting of only the 203.0.113.1/32 address.

55.0%

Configure a Google Cloud Armor security policy, and create a policy rule to allow 203.0.113.1/32.

0.0%

Configure an access control list on the peer VPN gateway to deny all traffic except 203.0.113.1/32, and attach it to the primary external interface.

20.0%

Google Professional Cloud Network Engineer