What address should be used to create the customer gateway resource?

While setting up an AWS managed VPN connection, a SysOps administrator creates a customer gateway resource in AWS. The customer gateway device resides in a data center with a NAT gateway in front of it.

What address should be used to create the customer gateway resource?
A . The private IP address of the customer gateway device
B . The MAC address of the NAT device in front of the customer gateway device
C . The public IP address of the customer gateway device
D . The public IP address of the NAT device in front of the customer gateway device

View Answer

Answer: D

Explanation:

Step-by-Step

Understand the Problem:

Setting up an AWS managed VPN connection requires creating a customer gateway resource.

The customer gateway device is behind a NAT gateway in the data center.

Analyze the Requirements:

The customer gateway resource needs to be created using an IP address that can be reached by AWS.

Evaluate the Options:

Option A: The private IP address of the customer gateway device.

A private IP address is not reachable by AWS over the internet.

Option B: The MAC address of the NAT device.

MAC addresses are not used for identifying gateways in AWS.

Option C: The public IP address of the customer gateway device.

This would be correct if the device were directly connected to the internet, but it is behind a NAT.

Option D: The public IP address of the NAT device in front of the customer gateway device.

The NAT device’s public IP address is reachable by AWS and will route traffic to the customer gateway device.

Select the Best Solution:

Option D: Using the public IP address of the NAT device ensures that AWS can establish a VPN connection with the customer gateway device behind the NAT.

Reference: AWS Site-to-Site VPN Documentation

Customer Gateway Devices Behind a NAT

Specifying the public IP address of the NAT device ensures proper routing of VPN traffic to the customer gateway device.