Module 7 NAT Policies Flashcards
What are the two NAT types?
Source and Destination NAT.
What is Source NAT?
Private (internal) users to access the public internet.
What is Destination NAT?
Hosts on public external network, access to private, internal servers.
Is NAT directional?
Yes, the forms are directional are are described from the perspective of the NAT device.
What is source NAT
NAT to translate outbound traffic, private network to the internet
Are private and extranet in the same NAT zone?
Yes, both exist within the private network.
What is the difference between static, dynamic and dynamic IP and port( DIPP)
Static is 1 to 1 translation, source port unchanged. Dynamic no port number, 1 to 1 translation to next available address in the range. DIPP allows multiple clients same IP with diff source port.
For NAT, what can you specify besides an IP address to be translated?
IP address, a range of IP addresses, a subnet, or a combination.
What if the egress interface has a dynamically assigned IP address, always changes?
You can specify the interface in the DIPP rule - this ensures NAT policy updates automatically
What is the flow logic with NAT?
Security policy rule enforced after NAT policy rule is evaluated, but before NAT translation is applied.
What is the first thing to do when configuring NAT
Create a NAT policy rule
What is important to remember when creating a NAT policy rule
Use the fields in the Original Packet tab to define the match criteria, pre-nat IP’s, zones, etc.
How does a NAT policy rule match packets?
A NAT policy rule matches the packet based on the original pre-NAT source and destin address and pre-NAT dest zone.
What are the problems with dynamic NAT?
Translated pool can be exhausted if the number of internal hosts concurrently creation outbound sessions exceeds the number of IP addresses in the pool.
What can help with Dynamic IP NAT exhaustion
Setting Advanced (Dynamic IP/Port Failback) button - uses DIPP if dynamic IP pool runs out.
