Your company's on-premises network is connected to a VPC via a Cloud VPN tunnel. The VPC has a static route (0.0.0.0/0) with the VPN tunnel as its next hop, causing all internet-bound traffic to route through the on-premises network. You set up Cloud NAT in one region to translate primary IP addresses of Compute Engine instances, expecting their internet traffic to exit directly from the VPC instead of the on-premises network. However, VM traffic is not being translated as intended. What should you do?

Exam-Like

Lower the TCP Established Connection Idle Timeout for the NAT gateway.

0.0%

Add firewall rules that allow ingress and egress of the external NAT IP address, have a target tag that is on the Compute Engine instances, and have a priority value higher than the priority value of the default route to the VPN gateway.

10.0%

Add a default static route to the VPC with the default internet gateway as the next hop, the network tag associated with the Compute Engine instances, and a higher priority than the priority of the default route to the VPN tunnel.

90.0%

Increase the default min-ports-per-vm setting for the Cloud NAT gateway.

0.0%

Google Professional Cloud Network Engineer

Comments

Get started today