Free Preparation Discussions
MENU
Cisco Exam 300-440 Topic 5 Question 5 Discussion
Topic #: 5
Refer to the exhibits.
Refer to the exhibit. An engineer successfully brings up the site-to-site VPN tunnel between the remote office and the AWS virtual private gateway, and the site-to-site routing works correctly. However, the end-to-end ping between the office user PC and the AWS EC2 instance is not working. Which two actions diagnose the loss of connectivity? (Choose two.)
The end-to-end ping between the office user PC and the AWS EC2 instance is not working because either the security group rules for the host VPC are blocking the ICMP traffic or the IPsec SA counters are showing errors or drops. To diagnose the loss of connectivity, the engineer should check both the security group rules and the IPsec SA counters. The network security group rules on the host VNET are not relevant because they apply to Azure, not AWS. The IPsec SA configuration on the Cisco VPN router and the AWS private virtual gateway are not likely to be the cause of the problem because the site-to-site VPN tunnel is already up and the site-to-site routing works correctly.Reference:=
AWS Documentation, User Guide for AWS VPN, Section: Security Groups for Your VPC
Meaghan
11 months agoDelmy
11 months agoYvonne
11 months agoElenor
11 months agoIsaac
12 months agoKirk
12 months agoNathalie
12 months agoMicheal
1 years agoFelix
1 years agoMaryann
1 years agoYoulanda
1 years agoLawana
1 years agoLindy
1 years agoLemuel
1 years agoVernell
1 years agoSanjuana
1 years agoSue
1 years agoLai
1 years agoLelia
1 years ago