NAT/PAT Questions
Note: If you are not sure about NAT PAT, please read our Network Address Translation NAT Tutorial.
Question 1
Question 2
Explanation
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.
Question 3
Explanation
NAT use four types of addresses:
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Question 4
Question 5
Explanation
NAT use four types of addresses:
* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world -> This is the public IP address of a NAT device.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.
Question 6
Explanation
An example of the output of the “show ip nat statistics” is shown below. As we can see, the “Hits” counter is displayed.
Question 7
Explanation
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.
Question 8
Explanation
In NAT configuration we should specify the inside and outside interfaces first with the command “ip nat inside” and “ip nat outside” under interface mode.
Question 9
Question 10
Explanation
When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses.
For example the command:
Router(config)# ip nat inside source list 1 pool PoolforNAT
after the keyword “source” we need to specify one of the three keywords:
+ list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping
Question 11
Explanation
There are two types of NAT translation: dynamic and static.
Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network
Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.
In this question we only want to translate a single inside address to a single outside address so static NAT should be used.
Question 12
Explanation
By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct.
NAT has to modify the source IP addresses in the packets -> B is not correct.
Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.
In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.
By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.
NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.
Question 13
Explanation
The syntax to create a NAT pool is:
Router(config)#ip nat pool pool_name start_ip end_ip { netmask netmask | prefix-length prefix-length }
Therefore answer A is surely correct. Answer B is not correct as it creates many addresses (from 12.69 to 12.255 then to 13.74).
Answer C and D are not correct as we cannot use prefix-length of 8 (/8) for a class B subnet.
Question 14
Explanation
By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.
Question 15
Explanation
Using permit any can result in NAT consuming too many router resources, which can cause network problems. You should only limit the NAT access list to a specific range of IP addresses.
Question 16
Question 17
Q9 .. the term “one-way” NAT is confusing (and could refer to answer B or D). However if the wording was “one-to-one” NAT then answer B (as suggested) makes sense ?
Q8 .. Refer to NAT ( Dynamic ) configuration , first step is define the pool of addresses that will be used for translation using the ip nat pool command.
” R#(config): ip nat pool (pool name) start ip end ip {Netmask | Prefix length } ”
i guess “C” is correct answer .
^^^ AGREE WITH AShi^^^
source: CCNA R&S Portable Command Guide 4th ed. pg. 207 step #2.
*** DISAGREE WITH AShi:***
source URL: http://www.ciscopress.com/articles/article.asp?p=25273&seqNum=4
Configuring NAT
The first step in configuring NAT is to designate the inside and outside interfaces.
This book was published in 2002; may be out of date…
please assist
Which two command can you enter to display the current time sources statistics on devices ? (Choose two)
A. Show ntp associations.
B. Show clock details
C. Show clock.
D. Show time.
E. Show ntp status
When troubleshooting client DNS issues, which two task must you perform? (Choose two)
A. Ping a public website IP address.
B. Ping the DNS Server.
C. Determine whether the name servers have been configured.
D. Determine whether a DHCP address has been assigned.
E. Determine whether the hardware address is correct.
ANSWER: B, C?
78. Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.) A. Leased lines provide inexpensive WAN access
B. Leased lines with sufficient bandwidth can avoid latency between endpoints
C. Leased lines require little installation and maintenance expertise
D. Leased lines provide highly flexible bandwidth scaling
E. Multiple leased lines can share a router interface F. Leased lines support up to T1 link speeds
ANSWER: C,D?
which two steps must you perform to enable router-on-stick on a switch ?
A. connect the router to a trunk port
B. configure the subnet number exactly the same as the matching VLAN
C. configure full duplex
D. configure an ip route to the vlan destination network
E. assign the access port to the vlan
ANSWER: A,B?
Which two command can you enter to display the current time sources statistics on devices ?
Answers: 1-Show ntp associations. 2-Show ntp status
When troubleshooting client DNS issues, which two task must you perform?
Answers: 1-Ping the DNS Server. 2-Determine whether the name servers have been configured.
Which two statements about using leased lines for your WAN infrastructure are true?
Answers: 1-Leased lines require little installation and maintenance expertise. 2-Leased lines provide highly flexible bandwidth scaling.
Which two steps must you perform to enable router-on-stick on a switch ?
Answers: 1-Connect the router to a trunk port. 2-Configure the subnet number exactly the same as the matching VLAN
Which two command can you enter to display the current time sources statistics on devices ? (Choose two)
A. Show ntp associations.
B. Show clock details
C. Show clock.
D. Show time.
E. Show ntp status
Answer: A, E
what is a correct answer of
Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.) A. Leased lines provide inexpensive WAN access
B. Leased lines with sufficient bandwidth can avoid latency between endpoints
C. Leased lines require little installation and maintenance expertise
D. Leased lines provide highly flexible bandwidth scaling
E. Multiple leased lines can share a router interface F. Leased lines support up to T1 link speeds
B, C OR C, D ?
what is a correct answer of
Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.) A. Leased lines provide inexpensive WAN access
B. Leased lines with sufficient bandwidth can avoid latency between endpoints
C. Leased lines require little installation and maintenance expertise
D. Leased lines provide highly flexible bandwidth scaling
E. Multiple leased lines can share a router interface F. Leased lines support up to T1 link speeds
Ans B, C
Passed today, used the 747q dumps. you can find them on https://drive.google.com/open?id=0B5mAFqgydmCzc3BmR214LWFuTDg
Guy congrants!!! I how many simlet you got? it was OSPF or RIP or EIGRP.. please tell us. Thanks
Question 8
What is the first step in the NAT configuration process?
A. Define inside and outside interfaces.
B. Define public and private IP addresses.
C. Define IP address pools.
D. Define global and local interfaces.
So the answer is A, 9tut?? I don’t think so.
You must first create the NAT, then apply it to the interfaces. The first step in creating the NAT is C, defining IP address pools.
The last step is A, which involves applying the NAT to interfaces that are then specified to be inside or outside.
Also, seems like Q9 should be D, not B…
Question 9
Under which circumstance should a network administrator implement one-way NAT?
A. when the network must route UDP traffic
B. when traffic that originates outside the network must be routed to internal hosts
C. when traffic that originates inside the network must be routed to internal hosts
D. when the network has few public IP addresses and many private IP addresses require outside access
9tut dump has B, but D seems more correct, doesn’t it?
Ref Q8.
Answere A is correct, Source 100-105 Offcial Cert Guide
This configuration is for dynamic nat (if you consider about pool), for static nat step 1 and step 2 is same
Step 1: Confgure ip nat inside command
Step 2: Confgure ip nat outside command
Step 3: Configure ACL
Step 4: Create nat pool
Step 5: Apply nat
to VLA
Which two command can you enter to display the current time sources statistics on devices ? (Choose two)
A. Show ntp associations.
B. Show clock details
C. Show clock.
D. Show time.
E. Show ntp status
Answer: A E
Which two command can you enter to display the current time sources statistics on devices ?(any two)
Answer: Show ntp status
Show ntp associations
Explanation : Its a time protocol which synchronize the time from the PC ,means copy the PC time and move to router , so that correct logging or other security issues can be determined
this was not helpfull
I can’t find the questions!!!
Q1 RFC1631 is “The IP Network Address Translator (NAT)”, so RFC1631 also correct ?
To understand NAT, here is the below link
http://www.ttlbits.com/2017/09/nat-network-address-translation-types.html
For PAT, you can go with the below mentioned link as well
http://www.ttlbits.com/2017/10/introduction-to-pat-port-address.html
Guys Great thanks to you. All the questions from here only passed with 905!! Thank you very much. Who ever searching for dumbs no need to go any where. Stuffs in this site is more than enough for a pass. All the best!!
nakajims, I agree! This is the kind of question that drives me nuts about CCNA. I assume this is why it’s “A”. The question is “Which TECHNOLOGY…” blah blah blah. RFC1631 IS the RFC for NAT. But it’s an RFC. The TECHNOLOGY is NAT. So the correct answer is “A”.
Question 8 – In my opinion, Answer A is currect.
refer to the following document:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-addr-consv.html
Under “NAT Requirements”, there’s the following declaration:
“Before configuring NAT in your network, you should know the interfaces on which NAT will be configured and for what purposes”
Q13. Which command can you enter to create a NAT pool of 6 addresses?
A. Router(config)#ip nat pool test 175.17.12.69 175.17.12.74 prefix-length 24 Incorrect. This command allows a range of 5 IPs to be translated.
B. Router(config)#ip nat pool test 175.17.12.69 175.17.13.74 prefix-length 16 – Incorrect. This command allows a range of +100 IPs to be translated.
C. Router(config)#ip nat pool test 175.17.12.66 175.17.12.72 prefix-length 8 – CORRECT. This command allows a range of 6 IPs to be translated.
D. Router(config)#ip nat pool test 175.17.12.69 175.17.12.76 prefix-length 8 – Incorrect. This command allows a range of 7 IPs to be translated.
As you can see, the correct answer is C, not A. The mask in these options here is not a factor, the pool range is.
175.17.12.66 to 175.17.12.72 is 7 IP addresses…
Natnat
No way dude.
175.17.12.66 to 175.17.12.72
72-66=6
The answer is 6.
To be 7, it would have to be like this:
175.17.12.65 to 175.17.12.72
72-65=7
@ Sinix, @ Natnat
when counting you must include the start and end addresses if we consider your view: 66,67,68,69,70,71,72 = 7
then again 7 is also wrong
notice the prefix length 8 gives a lot more than your answer 6 and mine of 7
on the other hand, 69,70,71,72,73,74 = 6 with a prefix of 24
WER ARE THE QUESTIONS HERE
@ Natnat
Sorry, I did not count the first ip. So, A is indeed correct.
SUMA
you will not find them, its a secret. No one will tell you, I tried allredy :)
Can someone explain the answer of the question 4?, thank u
Q9. The answer for this question is wrong.
One-way NAT is also referred as PAT (port address translation) where many internal IP addresses are translated to a single public IP address such as the one on the interface. This is one-way NAT because you can only initiate communication from inside of your network to the outside, but the outside CANNOT initiate communication to you.
So D is definitely the wrong choice, the answer for this question is B.
I’m sorry, B is wrong, D is correct.
D. When the network has few public IP addresses and many private IP addresses require outside access.
you will not find them
Hey whats up anyone can help me or point me in the right direction to the 200-125.. Im poor trying to get certified to support my family. thanks fedsoo@yahoo
Erik, I think the question 9 wants to tell us, when we are sending traffict to a server (for example) back to wan. So in this case one-way means the traffic from host or another device (external for this question) to our server (internal), we need to implement PAT, but in this case the answer B is most appropriate for that perspective. Cisco has stranger questions.
What is the danger of the “permit any” entry in a NAT access list?
A. It can lead to overloaded resources on the router.
B. It can cause too many addresses to be assigned to the same interface.
C. It can disable the overload command.
D. It prevents the correct translation of IP addresses on the inside network.
The point of the NAT access list – The Inside local (Private)Addresses allowed to be translated.
If you were to bypass the implicit deny by putting “permit any” you would allow more than the allowed addresses to be translated. That would make B the correct answer.