18

A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24. and VPN only subnets CIDR (20.0.1.0/24. along with the VPN gateway (vgw-12345. to connect to the user-s data center. The user-s

data center has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456. to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

A. Destinatio

n: 20.0.1.0/24 and Target: i-12345

B. Destination: 0.0.0.0/0 and Target: i-12345

C. Destination: 172.28.0.0/12 and Target: vgw-12345

D. Destination: 20.0.0.0/16 and Target: local

Explanation:

The user can create subnets as per the requireme

nt within a VPC. If the user wants to connect VPC from his own data center, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data center. When the user has configured this setup with Wizard, it will create a virt

ual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization-s DC will be routed to the VPN ga

teway.

Here are the valid entries for the main route table in this scenario:

Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance.

Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization-s data

center traffic to the VPN gateway.

Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC.