ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 319 discussion

Exam question from Amazon's ANS-C00
Question #: 319
Topic #: 1
[All ANS-C00 Questions]

You are configuring a VPN to AWS for your company. You have configured the VGW and CGW. You have created the VPN. You have also run the necessary commands on your router. You allowed all TCP and UDP traffic between your datacenter and your VPC. The tunnel still doesn't come up. What is the most likely reason?

  • A. You forgot to turn on route propagation in the route table.
  • B. You do not have a public ASN.
  • C. Your advertised subnet is too large.
  • D. You haven't added protocol 50 to your firewall.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
You haven't allowed protocol 50 through the firewall. Protocol 50 is different from UDP (17) and TCP (6) and requires a rule in your firewall for your VPN tunnel to come up.
by CloudArchitect at Dec. 4, 2020, 4:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gondohwe
Highly Voted 3 years, 4 months ago
after a vpn creation assuming you have advertised routes properly either static or dynamic you also need to make sure firewall rules protocol 50 for ESP otherwise the tunnel wont come up hence D makes sense
upvoted 6 times
...
Malcnorth59
Most Recent 3 years, 4 months ago
The question sates that the VPN has been established so the correct protocols and ports have been enabled. the most likely cause is route propagation.. Answer:A
upvoted 3 times
...
Elmir
3 years, 6 months ago
The correct answer is D. Protocol 50 is an IP protocol number 50(ESP), not TCP or UDP. It`s a quite tricky question)
upvoted 4 times
...
wahlbergusa
3 years, 7 months ago
IP Protocol Number 50 is ESP. Yes IP. NOT TCP or UDP Protocol Number. Search the internet guys.
upvoted 1 times
...
Huy
3 years, 7 months ago
A. The question mention that you allowed ALL UDP and TCP between datacenter and VPC so can't be D. When you run command to initialize the connection from your router, it will advertise routes to AWS via BGP -> VPC propagation
upvoted 1 times
...
ChauPhan
3 years, 8 months ago
D. You haven't added protocol 50 to your firewall.
upvoted 2 times
jithin1234
3 years, 7 months ago
question doesn't mention firewall. You allowed all TCP and UDP traffic between your datacenter and your VPC
upvoted 1 times
jithin1234
3 years, 7 months ago
i change my answer to D. initially i was thinking A but it doesn't make sense.
upvoted 1 times
...
...
...
CloudArchitect
3 years, 8 months ago
Port 50? I think the answer is A: See section: Route tables and VPN route priority @ https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html You can enable route propagation for your route table to automatically propagate your network routes to the table for you.
upvoted 1 times
CloudArchitect
3 years, 8 months ago
Changing my answer to D
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel