PROFESSIONAL-CLOUD-NETWORK-ENGINEER · Question #198
PROFESSIONAL-CLOUD-NETWORK-ENGINEER Question #198: Real Exam Question with Answer & Explanation
Sign in or unlock PROFESSIONAL-CLOUD-NETWORK-ENGINEER to reveal the answer and full explanation for question #198. The question stem and answer options stay visible for context.
Question
You are attempting to establish a HA VPN to your on-premises network; however, the VPN connection is not establishing successfully. You have full administrative control over the Google Cloud networking environment and the on-premises firewalls that are acting as the VPN devices. The Google Cloud console shows "Negotiation failure" and "BGP is down". You check Cloud Logging by using a query for resource.type="vpn_gateway" and resource.labels.gateway_id="TUNNEL_ID_NUMBER". Logs Explorer shows frequent log entries: log name: .../logs/cloud.googleapis.com%2Fipsec_events" type: "vpn_gateway" textPayload: "received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built" You need to troubleshoot the VPN failure and take corrective action based on the Cloud Logging entries. What should you do?
Options
- AUpdate the Google Cloud BGP session configuration to match the BGP peer ASN on the on-
- BCompare and review the Phase 2 settings on the on-premises firewall. Make sure the settings
- CCreate a new Cloud VPN gateway in a region closer to the peer VPN gateway.
- DCompare the Phase 1 settings and recreate the Cloud VPN tunnel by choosing a different IKE
Unlock PROFESSIONAL-CLOUD-NETWORK-ENGINEER to see the answer
You've previewed enough free PROFESSIONAL-CLOUD-NETWORK-ENGINEER questions. Unlock PROFESSIONAL-CLOUD-NETWORK-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.