Home > NAT Questions

NAT Questions

July 12th, 2019 in ROUTE 300-101 Go to comments

Question 1

Question 2

Explanation

First we will not mention about the effect of the “extendable” keyword. So the purpose of the command “ip nat inside source static tcp 192.168.1.50 80 209.165.201.1 8080” is to translate packets on the inside interface with a source IP address of 192.168.1.50 and port 80 to the IP address 209.165.201.1 with port 8080. This also implies that any packet received on the outside interface with a destination address of 209.165.201.1:8080 has the destination translated to 192.168.1.50:80. Therefore answer C is correct.

Answer A is not correct this command “allows host 192.168.1.50 to access external websites using TCP port 80”, not port 8080.

Answer B is not correct because it allows external clients to connect to a web server at 209.165.201.1. The IP addresses of clients should not be 209.165.201.1.

Answer D is not correct because the configuration is correct.

Now we will talk about the keyword “extendable”.

Usually, the “extendable” keyword should be added if the same Inside Local is mapped to different Inside Global Addresses (the IP address of an inside host as it appears to the outside network). An example of this case is when you have two connections to the Internet on two ISPs for redundancy. So you will need to map two Inside Global IP addresses into one inside local IP address. For example:

nat_extendable.jpg

NAT router:
ip nat inside source static 192.168.1.1 200.1.1.1 extendable
ip nat inside source static 192.168.1.1 200.2.2.2 extendable
//Inside Local: 192.168.1.1 ; Inside Global: 200.1.1.1 & 200.2.2.2

In this case, the traffic from ISP1 and ISP2 to the Server is straightforward as ISP1 will use 200.1.1.1 and ISP2 will use 200.2.2.2 to reach the Server. But how about the traffic from the Server to the ISPs? In other words, how does NAT router know which IP (200.1.1.1 or 200.2.2.2) it should use to send traffic to ISP1 & ISP2 (this is called “ambiguous from the inside”). We tested in GNS3 and it worked correctly! So we guess the NAT router compared the Inside Global addresses with all of IP addresses of the “ip nat outside” interfaces and chose the most suitable one to forward traffic.

This is what Cisco explained about “extendable” keyword:

“They might also want to define static mappings for a particular host using each provider’s address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as “extendable”. For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation”.

(Reference: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html)

But it is unclear, what will happen if we don’t use a route-map?

Question 3

Explanation

The command “ip nat inside source list 1 int s0/0 overload” translates all source addresses that pass access list 1, which means all the IP addresses, into an address assigned to S0/0 interface. Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.

Question 4

Explanation

The command “ip nat inside source list 10 interface FastEthernet0/1 overload” configures NAT to overload on the address that is assigned to the Fa0/1 interface.

Question 5

Explanation

This is a static NAT command which translates all the packets received in the inside interface with a source IP address of 172.16.10.8:8080 to 172.16.10.8:80. The purpose of this NAT statement is to redirect TCP Traffic to Another TCP Port.

Question 6

Explanation

NAT64 provides communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). There are two different forms of NAT64, stateless and stateful:

+ Stateless NAT64: maps the IPv4 address into an IPv6 prefix. As the name implies, it keeps no state. It does not save any IP addresses since every v4 address maps to one v6 address. Stateless NAT64 does not conserve IP4 addresses.
+ Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation (1:N translation). It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. Stateful NAT64 converses IPv4 addresses.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

Question 7

Explanation

The “ip nat allow-static-host” command enables static IP address support. Dynamic Address Resolution Protocol (ARP) learning will be disabled on this interface, and NAT will control the creation and deletion of ARP entries for the static IP host.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/nat-12-4-book/iadnat-addr-consv.html

Question 8

Explanation

Network Address Translation-Protocol Translation (NAT-PT) has been deemed deprecated by IETF because of its tight coupling with Domain Name System (DNS) and its general limitations in translation. IETF proposed NAT64 as the viable successor to NAT-PT.

NAT64 technology facilitates communication between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously handling IPv4 address depletion. All viable translation scenarios are supported by NAT64, and therefore NAT64 is becoming the most sought translation technology.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

Question 9

Question 10

Explanation

The syntax should be: ipv6 nat prefix ipv6-prefix / prefix-length (for example: Router# ipv6 nat prefix 2001:DB8::/96)

Question 11

Explanation

From the link: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat64-stateful.pdf

Restrictions for configuring Stateful Network Address:

+ Virtual routing and forwarding (VRF)-aware NAT64 is not supported -> Answer A is correct.
+ IP Multicast is not supported -> Answer B is correct.
+ Application-level gateways (ALGs) FTP and ICMP are not supported -> Answer C is not correct.
+ Only TCP and UDP Layer 4 protocols are supported for header translation -> Answer E is not correct.
+ For Domain Name System (DNS) traffic to work, you must have a separate working installation of DNS64 -> This statement means stateful NAT64 supports DNS64 but we cannot conclude it is the only one supported by NAT64. We are not sure but maybe stateful NAT64 also supports DNS ALG.

Question 12

Explanation

NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

NAT_terms_explained.jpg

Question 13

Question 14

Comments
  1. dfdfds
    January 25th, 2017

    sfdsfdsfdsffffffffff

  2. Anonymous
    January 25th, 2017

    exam has been update 10 or 5 new Q

  3. Anonymous
    February 1st, 2017

    Is the 183q worth looking at, or stick to TAGWA and 149q????

  4. Anonymous
    February 2nd, 2017

    Anonymous i took a look at the 183 and now i’m confused buddy

  5. Anonymous
    February 10th, 2017

    Someone please explain this to me. In the 32q set of questions, they show this command:

    ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80

    The answer is “Any packet received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80”

    The other answer is almost identical, but it leaves a space between the IP and port#:

    “Any packet received in the inside interface with a source IP port address of 172.16.10.8 8080 is translated to 172.16.10.8 80”

    Why aren’t both technically correct? Why is the first answer correct and the other not correct???

  6. Anonymous
    May 8th, 2017

    when is the route 300-101 expiry ?

  7. Nik
    May 16th, 2017

    Passed today,
    Used the dumps shared by Anonymous on 4th of April.
    Can validate that this ones are good and they were recently updated

  8. KienNT
    May 17th, 2017

    Hi Nik,
    i will take exam tomorrow
    pls, you share dumps with me
    ngocthanhkien9200 @ gmail dot com
    Thanks

  9. Satoshi
    May 24th, 2017

    @Traian …please share with me the dumps mwasamuan @ gmail . com
    thank you in advance.

  10. AnyMaster
    July 9th, 2017

    router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    Which statement about the command is true?

    Ans: Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80.

    Expl.: you can test it yourself using packet tracer. This command does 2 things:
    (1) if it receives a packet at inside interface with SOURCE-ip=172.16.10.8 AND SRC-PORT=8080, it translates to SRC-IP=172.16.10.8 AND SRC-PORT=80.
    (2) if it receives a packet at outside interface with DST-IP=172.16.10.8 AND DST-port=80, it translates to DST-IP=172.16.10.8 AND DST-port=8080.

  11. nathi
    July 10th, 2017

    @Patrik can you share that dumps to {email not allowed}
    thanks.. writing in weeks time.

  12. nathi
    July 10th, 2017

    @Patrik can you share that dumps to h.bakada @ gmail . com
    thanks.. writing in weeks time.

  13. Pif
    July 13th, 2017

    Could you please explicit more the reponse for Question 4 please.

    I would said that the answer is D but I don’t understand why is A)

    Thanks by advance.

  14. ernie
    July 17th, 2017

    The correct answer in question 4 is D.

  15. Andros
    July 25th, 2017

    Please share lateast dumps with me alanandriulo at gmail dot com

  16. Jynx
    August 8th, 2017
  17. ali
    August 22nd, 2017

    The correct answer for q4 is A

  18. Steffy
    August 28th, 2017

    Hello friends, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com

  19. first of his name
    November 7th, 2017

    Q7)Which NAT command to disable dynamic ARP learning on an interface?
    A. R(config-if)# ip nat enable
    B. R(config-if)# ip nat inside
    C. R(config-if)# ip nat outside
    D. R(config)# ip nat service
    E. R(config)# ip nat allow-static-host
    Answer: E

    OK, I’ll take your word for it. I cannot find a Cisco doc to back this up, it’s not in the official cert guide, not in Chris Bryant’s book, and not present in the IOS I’m using in GSN3. Also, the few references I did find to this command on the interwebs show it as an interface config item, not a global config item and the question also states “on an interface”. It is at least fairly intuitive to guess this answer. Shame they would test on such a thing, I guess???

    R2(config)#do sh ver | i IOS
    Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S7, RELEASE SOFTWARE (fc4)
    R2(config)#ip nat ?
    create Create flow entries
    inside Inside address translation
    log NAT Logging
    outside Outside address translation
    pool Define pool of addresses
    service Special translation for application using non-standard port
    translation NAT translation entry configuration

    R2(config)#int gi 0/0
    R2(config-if)#ip nat ?
    inside Inside interface for address translation
    outside Outside interface for address translation

    R2(config-if)#ip nat

  20. Bennie
    November 9th, 2017

    Passed with the 21q dumps, all questions were from there.

  21. Alexis
    November 9th, 2017

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  22. durshen
    November 11th, 2017

    Hello everyone, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  23. conip
    November 11th, 2017

    ip nat allow-static-host

    its int command but even cisco doc is wront and says its global global
    here is the reference
    https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-addr-consv.html

    tried and it is present under the specific int

  24. Nickolas
    November 21st, 2017

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  25. Kent
    November 28th, 2017

    Scored 9xx, used dumps from IT-Libraries. You can find them on the net for free or in the comments here.

  26. Nick
    November 29th, 2017

    DO NOT USE http://www.myexamcollection.com/ ITS A FAKE

  27. durshen
    December 13th, 2017

    Hi guys, I’m willing to share valid dumps that guarantee you pass. Please contact me via durshen81 @ gmail .com

  28. buttmunch
    December 20th, 2017

    Q7, answer E should show R(config-if)# as the prompt

  29. abnormaldehyde
    January 22nd, 2018

    Q4 –> Either the answer is wrong or the question should be,

    “Which command allows hosts that are connected to FastEthernet0/1 to access the Internet?” (not FastEthernet0/2)

  30. Cornell
    January 22nd, 2018

    Passed, if you go the exam study the 440q dumps.

  31. salman
    March 14th, 2018

    for Question 7, the command at answer E can be called at Interface not in Global Config Mode
    R2(config-if)#ip nat ?
    allow-static-host Allow static-ip clients
    enable Enable Address Translation (NVI)
    inside Inside interface for address translation
    outside Outside interface for address translation

  32. Dany1
    June 25th, 2018

    Q12: Answer: inside local/inside global

  33. ShutNoShut
    August 13th, 2018

    WTF? How come Q14 is PAT???? there’s no port mentioned in the question and command. Should be Dynamic NAT

  34. Anonyme
    August 18th, 2018

    Q14

    access-list 1 permit 172.16.1.0 0.0.0.255
    ip nat inside source list 1 interface gigabitethernet0/0 overload

    Gigabitethernet0/0 overload. ( This is a port adress translation ) pat

  35. tuyuu
    October 12th, 2018

    After the 28th change, the previous question bank is useless. It depends on the latest 29th, and now if you want to prepare for the exam, you must find the question bank after the 29th.
    W w w .

    cciedumps.xyz/ccie_rs.php?utm_source=bbs&utm_medium=bbs

  36. Sorlags
    November 15th, 2018

    I try the exam today. I have 2 questions and 1 Drag&Drop with NAT Stateful/Stateless. The question was not on digitut actually but the answer is allway the explanation. you need know all benefit and feature for NAT stateful/Stateless …

    I’m sorry but I don’t rember anything

    Just a tip if you pass the exam in the next week. Learn a lot about NAT

  37. Sorlags
    February 3rd, 2019

    @all

    The new question of NAT are all in NUQ part 5 !!

    Enjoy ;-)

  38. Reikidude
    September 18th, 2019

    ehmm what is NUQ?

  39. T*r*ng
    September 29th, 2019
  1. No trackbacks yet.