Free Preparation Discussions
MENU
Cisco Exam 300-440 Topic 5 Question 5 Discussion
Topic #: 5
Refer to the exhibits.
Refer to the exhibit. An engineer successfully brings up the site-to-site VPN tunnel between the remote office and the AWS virtual private gateway, and the site-to-site routing works correctly. However, the end-to-end ping between the office user PC and the AWS EC2 instance is not working. Which two actions diagnose the loss of connectivity? (Choose two.)
The end-to-end ping between the office user PC and the AWS EC2 instance is not working because either the security group rules for the host VPC are blocking the ICMP traffic or the IPsec SA counters are showing errors or drops. To diagnose the loss of connectivity, the engineer should check both the security group rules and the IPsec SA counters. The network security group rules on the host VNET are not relevant because they apply to Azure, not AWS. The IPsec SA configuration on the Cisco VPN router and the AWS private virtual gateway are not likely to be the cause of the problem because the site-to-site VPN tunnel is already up and the site-to-site routing works correctly.Reference:=
AWS Documentation, User Guide for AWS VPN, Section: Security Groups for Your VPC
Meaghan
4 months agoDelmy
4 months agoYvonne
4 months agoElenor
4 months agoIsaac
5 months agoKirk
5 months agoNathalie
5 months agoMicheal
5 months agoFelix
6 months agoMaryann
6 months agoYoulanda
6 months agoLawana
5 months agoLindy
5 months agoLemuel
5 months agoVernell
5 months agoSanjuana
5 months agoSue
5 months agoLai
5 months agoLelia
6 months ago