NAT/PAT Chap 9 Flashcards
What is the primary purpose of NAT?
conserve IPv4 addresses increase network security allow peer-to-peer file sharing enhance network performance
conserve IPv4 addresses
Which method is used by a PAT-enabled router to send incoming packets to the correct inside hosts?
It uses the destination TCP or UDP port number on the incoming packet. It uses the source TCP or UDP port number on the incoming packet. It uses the source IP address on the incoming packet. It uses a combination of the source TCP or UDP port number and the destination IP address on the incoming packet.
It uses the destination TCP or UDP port number on the incoming packet.
What are two benefits of NAT? (Choose two.)
It saves public IP addresses. It adds a degree of privacy and security to a network. It increases routing performance. It makes troubleshooting routing issues easier. It makes tunneling with IPsec less complicated.
It saves public IP addresses.
It adds a degree of privacy and security to a network.
What is a disadvantage of NAT?
There is no end-to-end addressing. The router does not need to alter the checksum of the IPv4 packets. The internal hosts have to use a single public IPv4 address for external communication. The costs of readdressing hosts can be significant for a publicly addressed network.
There is no end-to-end addressing.
What is an advantage of deploying IPv4 NAT technology for internal hosts in an organization?
makes internal network access easy for outside hosts using UDP provides flexibility in designing the IPv4 addressing scheme increases the performance of packet transmission to the Internet enables the easy deployment of applications that require end-to-end traceability
provides flexibility in designing the IPv4 addressing scheme
Refer to the exhibit. Which address or addresses represent the inside global address?
10.1.1.2 192.168.0.100 209.165.20.25 any address in the 10.1.1.0 network
209.165.20.25
Refer to the exhibit. A technician is configuring R2 for static NAT to allow the client to access the web server. What is a possible reason that the client PC cannot access the web server?
Interface S0/0/0 should be identified as the outside NAT interface. Interface Fa0/1 should be identified as the outside NAT interface. The IP NAT statement is incorrect. The configuration is missing a valid access control list.
Interface S0/0/0 should be identified as the outside NAT interface.
A network administrator configures the border router with the command R1(config)# ip nat inside source list 4 pool corp. What is required to be configured in order for this particular command to be functional?
a NAT pool named corp that defines the starting and ending public IP addresses an access list named corp that defines the private addresses that are affected by NAT an access list numbered 4 that defines the starting and ending public IP addresses ip nat outside to be enabled on the interface that connects to the LAN affected by the NAT a VLAN named corp to be enabled and active and routed by R1
a NAT pool named corp that defines the starting and ending public IP addresses
When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool?
No users can access the server. The request to the server for the seventh user fails. All users can access the server. The first user gets disconnected when the seventh user makes the request.
The request to the server for the seventh user fails.
What is defined by the ip nat pool command when configuring dynamic NAT?
the pool of global address the range of internal IP addresses that are translated the pool of available NAT servers the range of external IP addresses that internal hosts are permitted to access
the pool of global address
Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?
defines which addresses can be translated defines which addresses are allowed into the router defines which addresses are assigned to a NAT pool defines which addresses are allowed out of the router
defines which addresses can be translated
A network engineer has configured a router with the command ip nat inside source list 4 pool corp overload. Why did the engineer use the overload option?
The company has more private IP addresses than available public IP addresses. The company needs to have more public IP addresses available to be used on the Internet. The company router must throttle or buffer traffic because the processing power of the router is not enough to handle the normal load of external-bound Internet traffic. The company has a small number of servers that should be accessible by clients from the Internet.
The company has more private IP addresses than available public IP addresses.
What are two of the required steps to configure PAT? (Choose two.)
Define a pool of global addresses to be used for overload translation. Create a standard access list to define applications that should be translated. Define the range of source ports to be used. Identify the inside interface. Define the hello and interval timers to match the adjacent neighbor router.
Define a pool of global addresses to be used for overload translation.
Identify the inside interface.
What is the major benefit of using NAT with Port Address Translation?
It allows external hosts access to internal servers. It improves network performance for real-time protocols. It allows many internal hosts to share the same public IPv4 address. It provides a pool of public addresses that can be assigned to internal hosts.
It allows many internal hosts to share the same public IPv4 address.
What is the purpose of port forwarding?
Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN. Port forwarding allows users to reach servers on the Internet that are not using standard port numbers. Port forwarding allows an internal user to reach a service on a public IPv4 address that is located outside a LAN. Port forwarding allows for translating inside local IP addresses to outside local addresses.
Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN.
A network administrator is configuring a static NAT on the border router for a web server located in the DMZ network. The web server is configured to listen on TCP port 8080. The web server is paired with the internal IP address of 192.168.5.25 and the external IP address of 209.165.200.230. For easy access by hosts on the Internet, external users do not need to specify the port when visiting the web server. Which command will configure the static NAT?
R1(config)# ip nat inside source static tcp 192.168.5.25 80 209.165.200.230 8080 R1(config)# ip nat inside source static tcp 192.168.5.25 8080 209.165.200.230 80 R1(config)# ip nat inside source static tcp 209.165.200.230 80 192.168.5.25 8080 R1(config)# ip nat inside source static tcp 209.165.200.230 8080 192.168.5.25 80
R1(config)# ip nat inside source static tcp 192.168.5.25 8080 209.165.200.230 80
What is a characteristic of unique local addresses?
They allow sites to be combined without creating any address conflicts. They are designed to improve the security of IPv6 networks. Their implementation depends on ISPs providing the service. They are defined in RFC 3927.
They allow sites to be combined without creating any address conflicts.
Which statement describes IPv6 ULAs?
They conserve IPv6 address space. They are assigned by an ISP. They begin with the fe80::/10 prefix. They are not routable across the Internet.
They are not routable across the Internet.
Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?
dynamic NAT with a pool of two public IP addresses PAT using an external interface static NAT with one entry static NAT with a NAT pool
PAT using an external interface
MATCH: step 1 step 2 step 3 step 4 step 5
R1 translates the IP address in the packets from 209.65.200.254 to 192.168.10.10.
R1 replaces the address 192.168.10.10 with a translated inside global address.
R1 checks the NAT configuration to determine if this packet should be translated.
R1 selects an available global address from the dynamic address pool.
The host sends packets that request a connection to the server at the address 209.165.200.254
If there is no translation entry for this IP address, R1 determines that the source address 192.168.10.10 must be translated
step 1 –> The host sends packets that request a connection to the server at the address 209.165.200.254
step 2 –> R1 checks the NAT configuration to determine if this packet should be translated.
step 3 –> If there is no translation entry for this IP address, R1 determines that the source address 192.168.10.10 must be translated
step 4 –> R1 selects an available global address from the dynamic address pool.
step 5 –> R1 replaces the address 192.168.10.10 with a translated inside global address.
A technician is required to configure an edge router to use a different TCP port number for each session with a server on the Internet. What type of Network Address Translation (NAT) should be implemented?
a many-to-one address mapping between local and global addresses
a many-to-many address mapping between local and global addresses
a one-to-many address mapping between local and global addresses
a one-to-one address mapping between local and global addresses
a many-to-one address mapping between local and global addresses
What does the asterisk (*) represent in the following output?
NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1]
A. The packet was destined for a local interface on the router.
B. The packet was translated and fast-switched to the destination.
C. The packet attempted to be translated but failed.
D. The packet was translated but there was no response from the remote host.
B. Fast-switching is used on Cisco routers to create a type of route cache in order to quickly forward packets through a router without having to parse the routing table for every packet. As packets are processed-switched (looked up in the routing table), this information is stored in the cache for later use if needed for faster routing processing.
Which of the following are disadvantages of using NAT? (Choose three.)
A. Translation introduces switching path delays.
B. NAT conserves legally registered addresses.
C. NAT causes loss of end-to-end IP traceability.
D. NAT increases flexibility when connecting to the Interne
A, C, E. NAT is not perfect and can cause some issues in some networks, but most networks work just fine. NAT can cause delays and troubleshooting problems, and some applications just won’t work
Which of the following are advantages of using NAT? (Choose three.)
A. Translation introduces switching path delays.
B. NAT conserves legally registered addresses.
C. NAT causes loss of end-to-end IP traceability.
D. NAT increases flexibility when connecting to the Internet.
E. Certain applications will not function with NAT enabled.
F. NAT remedies address overlap occurrence
B, D, F. NAT is not perfect, but there are some advantages. It conserves global addresses, which allow us to add millions of hosts to the Internet without real IP addresses. This provides flexibility in our corporate networks. NAT can also allow you to use the same subnet more than once in the same network without overlapping networks.
Which command will allow you to see real-time translations on your router?
A. show ip nat translations
B. show ip nat statistics
C. debug ip nat
D. clear ip nat translations *
C. The command debug ip nat will show you in real time the translations occurring on your router.
Which command will show you all the translations active on your router?
A. show ip nat translations
B. show ip nat statistics
C. debug ip nat
D. clear ip nat translations *
A. The command show ip nat translations will show you the translation table containing all the active NAT entries.
Which command will show you the summary of the NAT configuration?
A. show ip nat translations
B. show ip nat statistics
C. debug ip nat
D. clear ip nat translations *
B. The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (causing an attempt to create a mapping), and expired translations.
Which command will create a dynamic pool named Todd that will provide you with 30 global addresses?
A. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.240
B. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224
C. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224
D. ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0
B. The command ip nat poolname creates the pool that hosts can use to get onto the global Internet. What makes option B correct is that the range 171.16.10.65 through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that mask is 255.255.255.224. Option C is wrong because there is a lowercase t in the pool name. Pool names are case sensitive.
Which of the following are methods of NAT? (Choose three.)
A. Static
B. IP NAT pool
C. Dynamic
D. NAT double-translation
E. Overload
A, C, E. You can configure NAT three ways on a Cisco router: static, dynamic, and NAT Overload (PAT).
When creating a pool of global addresses, which of the following can be used instead of the netmask command?
A. / (slash notation)
B. prefix-length
C. no mask
D. block-size
B. Instead of the netmask command, you can use the prefix-lengthlength statement.
Which of the following would be a good starting point for troubleshooting if your router is not translating?
A. Reboot
B. Call Cisco
C. Check your interfaces for the correct configuration
D. Run the debug all command
C. In order for NAT to provide translation services, you must have ip nat inside and ip nat outside configured on your routers interfaces.
Which of the following would be good reasons to run NAT? (Choose three.)
A. You need to connect to the Internet and your hosts dont have globally unique IP addresses.
B. You change to a new ISP that requires you to renumber your network.
C. You dont want any hosts connecting to the Internet.
D. You require two intranets with duplicate addresses to merge.
A, B, D. The most popular use of NAT is if you want to connect to the Internet and you don’t want hosts to have global (real) IP addresses, but options B and D are correct as well.
Which of the following is considered to be the inside hosts address after translation?
A. Inside local
B. Outside local
C. Inside global
D. Outside global
C. An inside global address is considered to be the IP address of the host on the private network after translation.
Which of the following is considered to be the inside hosts address before translation?
A. Inside local
B. Outside local
C. Inside global
D. Outside global
A. An inside local address is considered to be the IP address of the host on the private network before translation.
By looking at the following output, which of the following commands would allow dynamic translations?
Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 1.1.128.1 10.1.1.1 --- --- --- 1.1.130.178 10.1.1.2 --- --- --- 1.1.129.174 10.1.1.10 --- --- --- 1.1.130.101 10.1.1.89 --- --- --- 1.1.134.169 10.1.1.100 --- --- --- 1.1.135.174 10.1.1.200 --- --- A. ip nat inside source pool todd 1.1.128.1 1.1.135.254 prefix-length 19
B. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 19
C. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 18
D. ip nat pool todd 1.1.128.1 1.1.135.254 prefix-length 21
D. What we need to figure out for this question is only the inside global pool. Basically we start at 1.1.128.1 and end at 1.1.135.174; our block size is 8 in the third octet, or /21. Always look for your block size and the interesting octet and you can find your answer every time.
Your inside locals are not being translated to the inside global addresses. Which of the following commands will show you if your inside globals are allowed to use the NAT pool?
ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248
ip nat inside source list 100 int pool Corp overload
A. debug ip nat
B. show access-list
C. show ip nat translation
D. show ip nat statistics
B. Once you create your pool, the command ip nat inside source must be used to say which inside locals are allowed to use the pool. In this question we need to see if access-list 100 is configured correctly, if at all, so show access-list is the best answer
Which command would you place on the interface of a private network?
A. ip nat inside
B. ip nat outside
C. ip outside global
D. ip inside local
A. You must configure your interfaces before NAT will provide any translations. On the inside network interfaces, you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.
Which command would you place on an interface connected to the Internet?
A. ip nat inside
B. ip nat outside
C. ip outside global
D. ip inside local
A. You must configure your interfaces before NAT will provide any translations. On the inside network interfaces, you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.
Which command would you place on an interface connected to the Internet?
A. ip nat inside
B. ip nat outside
C. ip outside global
D. ip inside local
B. You must configure your interfaces before NAT will provide any translations. On the inside networks you would use the command ip nat inside. On the outside network interfaces, you will use the command ip nat outside.
Port Address Translation is also called what?
A. NAT Fast
B. NAT Static
C. NAT Overload
D. Overloading Static
C. Another term for Port Address Translation is NAT Overload because that is the keyword used to enable port address translation
What does the asterisk (*) represent in the following output?
NAT*: s=172.16.2.2, d=192.168.2.1->10.1.1.1 [1]
A. The packet was destined for a local interface on the router.
B. The packet was translated and fast-switched to the destination.
C. The packet attempted to be translated but failed.
D. The packet was translated but there was no response from the remote host.
B. Fast-switching is used on Cisco routers to create a type of route cache in order to quickly forward packets through a router without having to parse the routing table for every packet. As packets are processed-switched (looked up in the routing table), this information is stored in the cache for later use if needed for faster routing processing.
Which of the following needs to be added to the configuration to enable PAT?
ip nat pool Corp 198.18.41.129 198.18.41.134 netmask 255.255.255.248
access-list 1 permit 192.168.76.64 0.0.0.31
A. ip nat pool inside overload
B. ip nat inside source list 1 pool Corp overload
C. ip nat pool outside overload
D. ip nat pool Corp 198.41.129 net 255.255.255.0 overload
B. Once you create a pool for the inside locals to use to get out to the global Internet, you must configure the command to allow them access to the pool. The ip nat inside source listnumber pool-name overload command has the correct sequence for this question.
Typically, which network device would be used to perform NAT for a corporate environment?
DHCP server
host device
router
server
switch
router
When NAT is employed in a small office, which address type is typically used for hosts on the local LAN?
private IP addresses global public IP addresses Internet-routable addresses both private and public IP addresses
both private and public IP addresses
Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for connecting to the Internet?
PAT static NAT dynamic NAT port forwarding
PAT
Which type of NAT maps a single inside local address to a single inside global address?
dynamic static port address translation overloading
static
What is a disadvantage of NAT?
There is no end-to-end addressing.
The router does not need to alter the checksum of the IPv4 packets.
The internal hosts have to use a single public IPv4 address for external communication.
The costs of readdressing hosts can be significant for a publicly addressed network.
There is no end-to-end addressing.
How does NAT complicate the use of IPsec?
End-to-end IPv4 traceability is lost.
Troubleshooting is made impossible.
Network performance is degraded even more than with just NAT.
Header values are modified which causes issues with integrity checks.
Header values are modified which causes issues with integrity checks.
Which statement accurately describes dynamic NAT?
It always maps a private IP address to a public IP address.
It provides an automated mapping of inside local to inside global IP addresses.
It provides a mapping of internal host names to IP addresses.
It dynamically provides IP addressing to internal hosts.
It provides an automated mapping of inside local to inside global IP addresses.
A network administrator configures the border router with the command R1(config)# ip nat inside source list 4 pool corp. What is required to be configured in order for this particular command to be functional?
a NAT pool named corp that defines the starting and ending public IP addresses an access list named corp that defines the private addresses that are affected by NAT an access list numbered 4 that defines the starting and ending public IP addresses ip nat outside to be enabled on the interface that connects to the LAN affected by the NAT a VLAN named corp to be enabled and active and routed by R1
a NAT pool named corp that defines the starting and ending public IP addresses
When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool?
No users can access the server. The request to the server for the seventh user fails. All users can access the server. The first user gets disconnected when the seventh user makes the request.
The request to the server for the seventh user fails.
What is the purpose of port forwarding?
Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN.
Port forwarding allows users to reach servers on the Internet that are not using standard port numbers.
Port forwarding allows an internal user to reach a service on a public IPv4 address that is located outside a LAN.
Port forwarding allows for translating inside local IP addresses to outside local addresses.
Port forwarding allows an external user to reach a service on a private IPv4 address that is located inside a LAN.
What is a characteristic of unique local addresses?
They allow sites to be combined without creating any address conflicts.
They are designed to improve the security of IPv6 networks.
Their implementation depends on ISPs providing the service.
They are defined in RFC 3927
They allow sites to be combined without creating any address conflicts.
Which prefix is used for IPv6 ULAs?
2001:7F8::/29 2001:DB8:1:2::/64 FC00::/7 FF02::1:FF00:0/104
FC00::/7
Which technology would be used on a router that is running both IPv4 and IPv6?
dual stack NAT for IPv6 static NAT dynamic NAT
dual stack
Which configuration would be appropriate for a small business that has the public IP address of 209.165.200.225/30 assigned to the external interface on the router that connects to the Internet?
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat inside source list 1 interface serial 0/0/0 overload
access-list 1 permit 10.0.0.0 0.255.255.25
ip nat pool comp 192.168.2.1 192.168.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.168.2.1 192.168.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.168.2.1 192.168.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload
ip nat inside source static 10.0.0.5 209.165.200.225
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat inside source list 1 interface serial 0/0/0 overload
What are two of the required steps to configure PAT? (Choose two.)
Define a pool of global addresses to be used for overload translation.
Create a standard access list to define applications that should be translated.
Define the range of source ports to be used.
Identify the inside interface.
Define the hello and interval timers to match the adjacent neighbor router.
Define a pool of global addresses to be used for overload translation.
Identify the inside interface.
What is the group of public IPv4 addresses used on a NAT-enabled router known as?
outside local addresses inside local addresses inside global addresses outside global addresses
inside global addresses
NAT overload is also known as
Port Address Translation
