AWS VPN Flashcards
With regard to VPN on AWS, what protocol is supported?
IPSec
When you assign a Virtual Private Gateway as part of a VPN, can you change the ASN after it has been assigned?
No it is not possible.
What happens if you do not assign an ASN to a Virtual Private Gateway?
AWS will assign a default of 64512
What are the key virtual components in an AWS VPN?
Virtual Private Gateway (VPG)
Customer Gateway (CG)
Connection
How do I know if my hardware or software VPN device on the customer side is compatible with AWS VPN?
AWS has a list of validated
With AWS VPN, how many IPSec tunnels connect to the customer gateway?
Two for redundancy.
If there is a device failure on one of the tunnels, will you lose connectivity?
No, traffic will start to flow on the second tunnel.
With AWS VPN, will the connection come up automatically?
No the connection only comes up with data is generated on the client side. The AWS VPG is not the initiator.
What protocol is used for payload encryption on AWS VPN IPsec tunnel?
AES 128 or AWS 256.
What authentication hashing algorithim is available on AWS VPN?
SHA-1 and SHA2. SHA-1 is vunerable to hacking so it should not be used.
What is Perfect Forward Secrecy?
It encure thet each session gets it uniuqu session keys for encryption so that if the session key got comp[eramized it would only be that session and not others.
What are the VPN componets used?
VPNGW
CUSTOMER GW
What is a customer GW?
The customer GW represents you on-prem physical VPN, this holds the information needed for AWS VPN about the Customer GW.
I need to connect from on-prem to my VPC using IPv6, I, what options do I have?
You cna not use IPV6 with AWS site-to-site VPN, only IPv4 is supported, you will need to use a commercial VPN form the market place.
I need to connect to a customer GW VPN, the customer insists that we need to use dynamic VPN’s, what options do I have?
AWS VPN supports dynamic routing.
