Google Cloud Professional Cloud Network Engineer — Question 211

Your organization has a legacy VPN device that uses IKEv1 and does not support BGP. Connectivity from your on-premises environment to Google Cloud needs to be established. You are using 172.16.100.0/24, 172.16.101.0/24, and 172.16.102.0/24 in your on-premises environment, and 192.168.100.0/24, 192.168.101.0/24, and 192.168.102.0/24 in your Google Cloud environment. You have configured a VPN gateway and you need to configure a policy-based VPN tunnel. What should you do?

Answer options

• A. Configure the tunnel with LOCAL_TS set to 172.16.100.0/22 and REMOTE_TS set to 192.168.100.0/22.
• B. Configure the tunnel with LOCAL_TS set to 192.168.100.0/22 and REMOTE_TS set to 172.16.100.0/22.
• C. Configure the tunnel with LOCAL_TS set to 172.16.100.0/24, 172.16.101.0/24, and 172.16.102.0/24, and REMOTE_TS set to 192.168.100.0/24,192.168.101.0/24, and 192.168.102.0/24.
• D. Configure the tunnel with LOCAL_TS set to 172.16.100.0/24, 172.16.101.0/24, and 172.16.102.0/24, and REMOTE_TS set to 0.0.0.0/0.

Correct answer: B

Explanation

The correct answer is B, as it correctly assigns the LOCAL_TS to the Google Cloud subnet and the REMOTE_TS to the on-premises subnet, allowing proper traffic flow. Options A and C do not correctly match the required local and remote subnets for the VPN configuration, while option D is incorrect because it uses a catch-all address that would not correctly route the intended traffic.