Answer-first summary for fast verification
Answer: Create a single Cloud VPN tunnel that uses route-based VPN., Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to the same peer IP address.
To connect an on-premises network with 30 CIDR ranges to Google Cloud without BGP support, two methods align with Google-recommended practices: 1. **Route-based VPN (Option A)**: A single tunnel with route-based VPN uses a broad traffic selector (e.g., 0.0.0.0/0) and relies on static routes to direct traffic. This avoids the CIDR limit per tunnel, enabling all 30 CIDRs to be reachable through a single tunnel. 2. **Policy-based VPN with Multiple Tunnels (Option E)**: Policy-based VPNs allow up to 5 CIDRs per tunnel. To cover 30 CIDRs, multiple tunnels are required. Option E uses one CIDR per tunnel (30 tunnels total) connected to the same on-prem peer IP. While not ideal due to management complexity, this complies with technical limits and ensures reachability. Options B, C, and D are invalid due to exceeding CIDR limits per tunnel (B, D) or requiring impractical peer IP configurations (C).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are setting up a connection between your organization's Google Cloud environment and your on-premises network, which does not support BGP. Your on-premises network has 30 CIDR ranges that need to be accessible from Google Cloud. The VPN gateway generates a unique child security association (SA) for each CIDR. To ensure all 30 on-premises CIDR ranges are reachable from Google Cloud while following Google's best practices, which two approaches should you use? (Select two.)
A
Create a single Cloud VPN tunnel that uses route-based VPN.
B
Create a single Cloud VPN tunnel that uses policy-based routing with 30 CIDRs as the remote traffic selectors.
C
Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to unique peer IP addresses.
D
Create multiple Cloud VPN tunnels that use policy-based routing with 10 CIDR per tunnel as the remote traffic selectors.
E
Create multiple Cloud VPN tunnels that use policy-based routing so that each tunnel has one CIDR block for its local traffic selector and one CIDR block for its remote traffic selector. Connect each tunnel to the same peer IP address.