AWS VPN CloudHub: Virtual Private Gateways and Customer Gateways Configuration

Virtual Private Gateways and Customer Gateways Configuration

Prev Question Next Question

Question

A customer has two local data centers that need to establish VPN connections to an AWS VPC.

You plan to use AWS VPN CloudHub to manage these multiple VPN connections.

In the future, you may want to add more Site-to-Site VPN connections in CloudHub.

To establish redundant connections, each local data center needs twoSite-to-Site VPN connections so that the service is not impacted even if one Customer Gateway becomes unavailable.

How many Virtual Private Gateways and Customer Gateways does this scenario need?

Answers

A. 2 Virtual Private Gateway and 4 Customer Gateways.

B. 2 Virtual Private Gateway and 2 Customer Gateways.

C. 1 Virtual Private Gateway and 4 Customer Gateways.

D. 1 Virtual Private Gateway and 2 Customer Gateways.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - C.

VPN CloudHub operates on a simple hub-and-spoke model to manage multiple AWS Site-to-Site VPN connections.

The VPN CloudHub architecture is as follows.

A common Virtual Private Gateway is required and each VPG supports ten IPsec VPN connections.

Besides, for each local data center, a redundant Site-to-Site VPN connection should be established to ensure connectivity if one Customer Gateway becomes unavailable.

Two Customer Gateways are required for each local data center, and 4 Customer Gateways are needed in total.

References can be found in:

https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html, https://docs.aws.amazon.com/vpn/latest/s2svpn/VPN_CloudHub.html, https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html, https://aws.amazon.com/vpn/faqs/

Option A is incorrect: Because one Virtual Private Gateway is enough for this scenario.

Option B is incorrect: Because 4 Customers Gateways are required to provide high availability.

Option C is CORRECT: Please check the above explanations.

Option D is incorrect: Because each data center needs two Site-to-Site VPN connections and two Customer Gateways.

Te

EC2 Instances
VPC Subnet 1

Availability Zone 7)

Ta

EC2 Instances
VPC Subnet 2

Amazon VPC

Virtual
Private
[Gateway

Customer (SS
Gateway

ASN: 6500)

Customer
Gateway

Customer Network

New York

ASN ao Es

Customer Network
Los Angeles

Customer
Gateway | Customer Network
ASN: 6502 Miami

In this scenario, there are two local data centers that need to establish VPN connections to an AWS VPC using AWS VPN CloudHub to manage multiple VPN connections. Each data center needs two Site-to-Site VPN connections for redundancy so that the service is not impacted if one Customer Gateway becomes unavailable. We need to determine how many Virtual Private Gateways and Customer Gateways are required for this scenario.

Virtual Private Gateway is a logical representation of a VPN gateway that can be used to provide connectivity for remote networks or devices to an Amazon VPC. Customer Gateway is a physical device or software application on the customer side of the VPN connection that terminates the VPN connection and provides connectivity to the customer's network.

To provide redundancy for each local data center, we need to establish two Site-to-Site VPN connections. Therefore, for two local data centers, we need a total of four Site-to-Site VPN connections. Each Site-to-Site VPN connection requires a Virtual Private Gateway and a Customer Gateway.

So, for the given scenario, we need 2 Virtual Private Gateways and 4 Customer Gateways.

Therefore, the correct answer is option A. 2 Virtual Private Gateway and 4 Customer Gateways.

Prev Question Next Question