What should the SysOps administrator do to troubleshoot this issue?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A company has an AWS Site-to-Site VPN connection between on-premises resources and resources that are hosted in a VPC.A SysOps administrator launches an Amazon EC2 instance that has only a private IP address into a private subnet in the VPC.The EC2 instance runs Microsoft Windows Server.A security group for the EC2 instance has rules that allow inbound traffic from the on-premises network over the VPN connection.The on-premises environment contains a third-party network firewall.Rules in the third-party network firewall allow Remote Desktop Protocol (RDP) traffic to flow between the on-premises users over the VPN connection.The on-premises users are unable to connect to the EC2 instance and receive a timeout error.

What should the SysOps administrator do to troubleshoot this issue?

Create Amazon CloudWatch logs for the EC2 instance to check for blocked traffic.

Create Amazon CloudWatch logs for the Site-to-Site VPN connection to check for blocked traffic.

Create VPC flow logs for the EC2 instance’s elastic network interface to check for rejected traffic.

Instruct users to use EC2 Instance Connect as a connection method.

Explanations:

Amazon CloudWatch logs do not capture packet-level details or traffic flow information directly related to network access or connection attempts on an EC2 instance.

CloudWatch logs for the VPN connection do not provide detailed flow information for specific EC2 traffic; VPC flow logs are needed for packet-level analysis.

VPC flow logs provide information on accepted and rejected traffic, which helps diagnose network access issues and verify if the traffic is being blocked or allowed.

EC2 Instance Connect does not support RDP connections and would not be helpful for troubleshooting this VPN connection issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − twelve =