Which of the following options provide a viable solution to remedy this situation?

A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being
advertised from the customer’s end, however the customer is unable to connect from EC2 instances inside its
VPC to servers residing in its datacenter.
Which of the following options provide a viable solution to remedy this situation? (Choose 2 answers)

A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being
advertised from the customer’s end, however the customer is unable to connect from EC2 instances inside its
VPC to servers residing in its datacenter.
Which of the following options provide a viable solution to remedy this situation? (Choose 2 answers)

A.
Add a route to the route table with an iPsec VPN connection as the target.

B.
Enable route propagation to the virtual pinnate gateway (VGW).

C.
Enable route propagation to the customer gateway (CGW).

D.
Modify the route table of all Instances using the ‘route’ command.

E.
Modify the Instances VPC subnet route table by adding a route back to the customer’s on-premises
environment.

Show Hint

Leave a Reply 13

Your email address will not be published. Required fields are marked *

Venku

Venku

Yes it is B and E.

Reply

Manik

Manik

Aren’t Virtual private gateways for VPN?

Reply

JK

JK

B and E.

Customer Gateways are for VPN connections only where as Virtual Private Gateways are also a requirement for Direct Connect.

See: https://aws.amazon.com/directconnect/faqs/
Using AWS Direct Connect with Amazon Virtual Private Cloud
Q. What are the technical requirements for virtual interfaces to VPCs?

Reply

swagata mondal

swagata mondal

B&E

Reply

Zane

Zane

The technical requirements for virtual interfaces to VPCs is described below

This connection requires the use of Border Gateway Protocol (BGP). You will need the following information to complete the connection:

A public or private ASN. If you are using a public ASN you must own it. If you are using a private ASN, it must be in the 64512 to 65535 range.

A new unused VLAN tag that you select

The VPC Virtual Private Gateway (VGW) ID This is why B is correct

AWS will allocate private IPs (/30) in the 169.x.x.x range for the BGP session and will advertise the VPC CIDR block over BGP. You can advertise the default route via BGP.

Reply

Mir

Mir

Answer: A,C (Answer Taken from exam dumps)

Reply

mutiger91

mutiger91

A is wrong because an IPSEC VPN is a different type of connection than DirectConnect (which uses an MPLS circuit rather than IPSEC over the internet)

B is correct. DirectConnect uses the same virtual interface (the virtual gateway) that VPN would use. Enabling the route propagation to this device allows the VPC virtual router to see what networks are available in the data center and do dynamic routing to them.

C is incorrect. The customer gateway is part of VPN setup, not DirectConnect

D is incorrect. The only time you do routing from an instance in AWS is when that instance is a networking appliance (e.g. Cisco Cloud Services Router)

E is correct. This sends traffic bound for the data center to the interface that connects to the data center.

Reply

AliPasha

AliPasha

B and E.

Reply