Lesson 4

Question 1

Used mostly for inbound server connections. Eg, when you want an inside server to always appear with a fixed address on the outside network.

Answer 1

Static NAT

Question 2

Static NAT Configuration

Answer 2

static ( local_if,global_if) global_ip local_ip

“ INSIDE , OUTSIDE “ “ OUTSIDE , INSIDE “

Question 3

____________or port redirection , is useful when the security appliance needs to statically map multiple inside servers to one global IP address.

Answer 3

Static Port Address Translation

Question 4

I f d e s t = 1 4 2 . 2 3 2 . 0 . 1 0 1 : 8 0 , t r a n s l a t e t o 1 0 . 1 0 . 7 7 . 1 0

Answer 4

ASA1(config )# static (inside,outside) tcp 142.232.0.101 80 10.10.77.10 80 netmask 255.255.255.255

Question 5

Dynamic NAT & PAT

nat (inside) 1 0 0
global (outside) 1 200.200.200.1 - 200.200.200. 5 255.255.255.0
global (outside) 1 200.200.200.200 255.255.255.0

Answer 5

When these addresses run out, PAT will be used with the 200.200.200.200 IP address for the remaining connections.

Question 6

This example shows two separate PAT processes running for the two separate networks

Answer 6

nat (inside) 1 10.1.0.0 255.255.0.0
nat (inside) 2 10.2.0.0 255.255.0.0
global (outside) 1 200.200.200. 5 255.255.255.0
global (outside) 2 200.200.200. 10 255.255.255.0

Question 7

The NAT ID can be in the range of 0 to ________

Answer 7

2 billion

Question 8

nat id 0 means ________

Answer 8

do not NAT

Question 9

PAT can handle a theoretical maximum of ___________ connections .

Answer 9

64000

Question 10

Whenever you change a global pool you need to ___________ to activate it correctly.

Answer 10

clear the xlate table

Question 11

__________ lets you establish translation rules by specifying both the real address (the source address) and the destination address (eg, partner connections).

Answer 11

Policy NAT

Question 12

Policy NAT global example

Answer 12

access - list NET1 permit ip 10.1.2.0 255.255.255.0 209.165. 201. 0 255.255.255.224

nat (inside) 1 access - list NET1 global (outside) 1 209.165.202. 129 255.255.255.255

Question 13

Policy NAT static example

Answer 13

Policy NAT - 3 Configuration for diagram using a static mapping: access - list NET1 permit ip host 10.1.2.27 209.165. 201 .0 255.255.255.224

static (inside,outside) 209.165.202. 129 access - list NET1

Question 14

Access lists can only contain _______ statements

Answer 14

PERMIT

Question 15

An access list can only be used_______ within the NAT process.

Answer 15

once

You can’t reuse the same list with a different NAT id.

Question 16

___________can be used in some cases where local IP addresses need to bypass NAT and not be translated .

Answer 16

NAT exemption , which uses the nat 0 access - list command

Question 17

NAT Exemption-2

Answer 17

FW(config )# access - list EXEMPT - VPN permit ip 10.10.1.0 255.255.255.0 10.100.0.0 255.255.0.0
FW(config )# nat - control
FW(config )# nat (inside) 0 access - list EXEMPT - VPN
FW(config )# nat (inside) 1 10.10.1.0 255.255.255.0
FW(config )# global (outside) 1 interface

Question 18

Using the__________________ allows the appliance to “doctor” the DNS reply being sent back to the internal user.

Answer 18

A - record translation feature ( DNS Doctoring )

Question 19

_____must be enabled to support this functionality (Check using show run dns - guard ).

Answer 19

DNS inspection