Ultimate access to all questions.
You are setting up a high-availability VPN to your on-premises network, but the VPN connection fails to establish. You have full administrative access to both the Google Cloud networking environment and the on-premises firewalls serving as VPN devices. The Google Cloud console displays "Negotiation failure" and "BGP is down." Upon checking Cloud Logging with the query resource.type="vpn_gateway" and resource.labels.gateway_id="TUNNEL_ID_NUMBER", you observe frequent log entries in Logs Explorer:
logName: …/logs/cloud.googleapis.com%2Fipsec_events
type: "vpn_gateway"
textPayload: "received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built"
logName: …/logs/cloud.googleapis.com%2Fipsec_events
type: "vpn_gateway"
textPayload: "received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built"
How should you troubleshoot the VPN failure and resolve the issue based on these Cloud Logging entries?_
A
Update the Google Cloud BGP session configuration to match the BGP peer ASN on the on-premises side.
B
Compare and review the Phase 2 settings on the on-premises firewall. Make sure the settings match one of the supported cipher suites for HA VPN.
C
Create a new Cloud VPN gateway in a region closer to the peer VPN gateway.
D
Compare the Phase 1 settings and recreate the Cloud VPN tunnel by choosing a different IKE version and pre-shared key.