NAT Questions
Question 1
Question 2
Explanation
First we will not mention about the effect of the “extendable” keyword. So the purpose of the command “ip nat inside source static tcp 192.168.1.50 80 209.165.201.1 8080” is to translate packets on the inside interface with a source IP address of 192.168.1.50 and port 80 to the IP address 209.165.201.1 with port 8080. This also implies that any packet received on the outside interface with a destination address of 209.165.201.1:8080 has the destination translated to 192.168.1.50:80. Therefore answer C is correct.
Answer A is not correct this command “allows host 192.168.1.50 to access external websites using TCP port 80”, not port 8080.
Answer B is not correct because it allows external clients to connect to a web server at 209.165.201.1. The IP addresses of clients should not be 209.165.201.1.
Answer D is not correct because the configuration is correct.
Now we will talk about the keyword “extendable”.
Usually, the “extendable” keyword should be added if the same Inside Local is mapped to different Inside Global Addresses (the IP address of an inside host as it appears to the outside network). An example of this case is when you have two connections to the Internet on two ISPs for redundancy. So you will need to map two Inside Global IP addresses into one inside local IP address. For example:
| NAT router: ip nat inside source static 192.168.1.1 200.1.1.1 extendable ip nat inside source static 192.168.1.1 200.2.2.2 extendable //Inside Local: 192.168.1.1 ; Inside Global: 200.1.1.1 & 200.2.2.2 |
In this case, the traffic from ISP1 and ISP2 to the Server is straightforward as ISP1 will use 200.1.1.1 and ISP2 will use 200.2.2.2 to reach the Server. But how about the traffic from the Server to the ISPs? In other words, how does NAT router know which IP (200.1.1.1 or 200.2.2.2) it should use to send traffic to ISP1 & ISP2 (this is called “ambiguous from the inside”). We tested in GNS3 and it worked correctly! So we guess the NAT router compared the Inside Global addresses with all of IP addresses of the “ip nat outside” interfaces and chose the most suitable one to forward traffic.
This is what Cisco explained about “extendable” keyword:
“They might also want to define static mappings for a particular host using each provider’s address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as “extendable”. For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation”.
(Reference: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html)
But it is unclear, what will happen if we don’t use a route-map?
Question 3
Explanation
The command “ip nat inside source list 1 int s0/0 overload” translates all source addresses that pass access list 1, which means all the IP addresses, into an address assigned to S0/0 interface. Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.
Question 4
Explanation
The command “ip nat inside source list 10 interface FastEthernet0/1 overload” configures NAT to overload on the address that is assigned to the Fa0/1 interface.
Question 5
Explanation
This is a static NAT command which translates all the packets received in the inside interface with a source IP address of 172.16.10.8:8080 to 172.16.10.8:80. The purpose of this NAT statement is to redirect TCP Traffic to Another TCP Port.
Question 6
Explanation
NAT64 provides communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). There are two different forms of NAT64, stateless and stateful:
+ Stateless NAT64: maps the IPv4 address into an IPv6 prefix. As the name implies, it keeps no state. It does not save any IP addresses since every v4 address maps to one v6 address. Stateless NAT64 does not conserve IP4 addresses.
+ Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation (1:N translation). It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. Stateful NAT64 converses IPv4 addresses.
Question 7
Explanation
The “ip nat allow-static-host” command enables static IP address support. Dynamic Address Resolution Protocol (ARP) learning will be disabled on this interface, and NAT will control the creation and deletion of ARP entries for the static IP host.
Question 8
Explanation
Network Address Translation-Protocol Translation (NAT-PT) has been deemed deprecated by IETF because of its tight coupling with Domain Name System (DNS) and its general limitations in translation. IETF proposed NAT64 as the viable successor to NAT-PT.
NAT64 technology facilitates communication between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously handling IPv4 address depletion. All viable translation scenarios are supported by NAT64, and therefore NAT64 is becoming the most sought translation technology.
Question 9
Question 10
Explanation
The syntax should be: ipv6 nat prefix ipv6-prefix / prefix-length (for example: Router# ipv6 nat prefix 2001:DB8::/96)
Question 11
Explanation
From the link: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat64-stateful.pdf
Restrictions for configuring Stateful Network Address:
+ Virtual routing and forwarding (VRF)-aware NAT64 is not supported -> Answer A is correct.
+ IP Multicast is not supported -> Answer B is correct.
+ Application-level gateways (ALGs) FTP and ICMP are not supported -> Answer C is not correct.
+ Only TCP and UDP Layer 4 protocols are supported for header translation -> Answer E is not correct.
+ For Domain Name System (DNS) traffic to work, you must have a separate working installation of DNS64 -> This statement means stateful NAT64 supports DNS64 but we cannot conclude it is the only one supported by NAT64. We are not sure but maybe stateful NAT64 also supports DNS ALG.
Question 12
Explanation
NAT use four types of addresses:
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Question 13
Question 14
sfdsfdsfdsffffffffff
exam has been update 10 or 5 new Q
Is the 183q worth looking at, or stick to TAGWA and 149q????
Anonymous i took a look at the 183 and now i’m confused buddy
Someone please explain this to me. In the 32q set of questions, they show this command:
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
The answer is “Any packet received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80”
The other answer is almost identical, but it leaves a space between the IP and port#:
“Any packet received in the inside interface with a source IP port address of 172.16.10.8 8080 is translated to 172.16.10.8 80”
Why aren’t both technically correct? Why is the first answer correct and the other not correct???
Here are latest dumps:
https://drive.google.com/drive/folders/0B21TuNHP-x2dc2U5MUlNOXFkd2c?usp=drive_web&ddrp=1
when is the route 300-101 expiry ?
Passed today,
Used the dumps shared by Anonymous on 4th of April.
Can validate that this ones are good and they were recently updated
Hi Nik,
i will take exam tomorrow
pls, you share dumps with me
ngocthanhkien9200 @ gmail dot com
Thanks
@Traian …please share with me the dumps mwasamuan @ gmail . com
thank you in advance.
router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
Which statement about the command is true?
Ans: Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80.
Expl.: you can test it yourself using packet tracer. This command does 2 things:
(1) if it receives a packet at inside interface with SOURCE-ip=172.16.10.8 AND SRC-PORT=8080, it translates to SRC-IP=172.16.10.8 AND SRC-PORT=80.
(2) if it receives a packet at outside interface with DST-IP=172.16.10.8 AND DST-port=80, it translates to DST-IP=172.16.10.8 AND DST-port=8080.
@Patrik can you share that dumps to {email not allowed}
thanks.. writing in weeks time.
@Patrik can you share that dumps to h.bakada @ gmail . com
thanks.. writing in weeks time.
Could you please explicit more the reponse for Question 4 please.
I would said that the answer is D but I don’t understand why is A)
Thanks by advance.
The correct answer in question 4 is D.
Please share lateast dumps with me alanandriulo at gmail dot com
Latest ^_^
http://www.ccnatesting.com/tag/cisco-300-101-pdf
The correct answer for q4 is A
Hello friends, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com
Q7)Which NAT command to disable dynamic ARP learning on an interface?
A. R(config-if)# ip nat enable
B. R(config-if)# ip nat inside
C. R(config-if)# ip nat outside
D. R(config)# ip nat service
E. R(config)# ip nat allow-static-host
Answer: E
OK, I’ll take your word for it. I cannot find a Cisco doc to back this up, it’s not in the official cert guide, not in Chris Bryant’s book, and not present in the IOS I’m using in GSN3. Also, the few references I did find to this command on the interwebs show it as an interface config item, not a global config item and the question also states “on an interface”. It is at least fairly intuitive to guess this answer. Shame they would test on such a thing, I guess???
R2(config)#do sh ver | i IOS
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S7, RELEASE SOFTWARE (fc4)
R2(config)#ip nat ?
create Create flow entries
inside Inside address translation
log NAT Logging
outside Outside address translation
pool Define pool of addresses
service Special translation for application using non-standard port
translation NAT translation entry configuration
R2(config)#int gi 0/0
R2(config-if)#ip nat ?
inside Inside interface for address translation
outside Outside interface for address translation
R2(config-if)#ip nat
Passed with the 21q dumps, all questions were from there.
Smashed my route exam today, 9xx used the dumps from it libraries and tut.
Hello everyone, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com
ip nat allow-static-host
its int command but even cisco doc is wront and says its global global
here is the reference
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-addr-consv.html
tried and it is present under the specific int
Smashed my route exam today, 9xx used the dumps from it libraries and tut.
Scored 9xx, used dumps from IT-Libraries. You can find them on the net for free or in the comments here.
DO NOT USE http://www.myexamcollection.com/ ITS A FAKE
Hi guys, I’m willing to share valid dumps that guarantee you pass. Please contact me via durshen81 @ gmail .com
Q7, answer E should show R(config-if)# as the prompt
Q4 –> Either the answer is wrong or the question should be,
“Which command allows hosts that are connected to FastEthernet0/1 to access the Internet?” (not FastEthernet0/2)
Passed, if you go the exam study the 440q dumps.
for Question 7, the command at answer E can be called at Interface not in Global Config Mode
R2(config-if)#ip nat ?
allow-static-host Allow static-ip clients
enable Enable Address Translation (NVI)
inside Inside interface for address translation
outside Outside interface for address translation
Q12: Answer: inside local/inside global
WTF? How come Q14 is PAT???? there’s no port mentioned in the question and command. Should be Dynamic NAT
Q14
access-list 1 permit 172.16.1.0 0.0.0.255
ip nat inside source list 1 interface gigabitethernet0/0 overload
Gigabitethernet0/0 overload. ( This is a port adress translation ) pat
After the 28th change, the previous question bank is useless. It depends on the latest 29th, and now if you want to prepare for the exam, you must find the question bank after the 29th.
W w w .
cciedumps.xyz/ccie_rs.php?utm_source=bbs&utm_medium=bbs
I try the exam today. I have 2 questions and 1 Drag&Drop with NAT Stateful/Stateless. The question was not on digitut actually but the answer is allway the explanation. you need know all benefit and feature for NAT stateful/Stateless …
I’m sorry but I don’t rember anything
Just a tip if you pass the exam in the next week. Learn a lot about NAT
@all
The new question of NAT are all in NUQ part 5 !!
Enjoy ;-)
ehmm what is NUQ?
Q10 the correct anwser should be A (ipv6 nat) .
Refer below link from Cisco:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html#GUID-B2222AC6-1CBF-4DFC-BBF4-2C1FF21CAEE6