Home > NAT Questions

NAT Questions

July 12th, 2017 in ROUTE 300-101 Go to comments

Question 1

Question 2

Explanation

First we will not mention about the effect of the “extendable” keyword. So the purpose of the command “ip nat inside source static tcp 192.168.1.50 80 209.165.201.1 8080” is to translate packets on the inside interface with a source IP address of 192.168.1.50 and port 80 to the IP address 209.165.201.1 with port 8080. This also implies that any packet received on the outside interface with a destination address of 209.165.201.1:8080 has the destination translated to 192.168.1.50:80. Therefore answer C is correct.

Answer A is not correct this command “allows host 192.168.1.50 to access external websites using TCP port 80”, not port 8080.

Answer B is not correct because it allows external clients to connect to a web server at 209.165.201.1. The IP addresses of clients should not be 209.165.201.1.

Answer D is not correct because the configuration is correct.

Now we will talk about the keyword “extendable”.

Usually, the “extendable” keyword should be added if the same Inside Local is mapped to different Inside Global Addresses (the IP address of an inside host as it appears to the outside network). An example of this case is when you have two connections to the Internet on two ISPs for redundancy. So you will need to map two Inside Global IP addresses into one inside local IP address. For example:

nat_extendable.jpg

NAT router:
ip nat inside source static 192.168.1.1 200.1.1.1 extendable
ip nat inside source static 192.168.1.1 200.2.2.2 extendable
//Inside Local: 192.168.1.1 ; Inside Global: 200.1.1.1 & 200.2.2.2

In this case, the traffic from ISP1 and ISP2 to the Server is straightforward as ISP1 will use 200.1.1.1 and ISP2 will use 200.2.2.2 to reach the Server. But how about the traffic from the Server to the ISPs? In other words, how does NAT router know which IP (200.1.1.1 or 200.2.2.2) it should use to send traffic to ISP1 & ISP2 (this is called “ambiguous from the inside”). We tested in GNS3 and it worked correctly! So we guess the NAT router compared the Inside Global addresses with all of IP addresses of the “ip nat outside” interfaces and chose the most suitable one to forward traffic.

This is what Cisco explained about “extendable” keyword:

“They might also want to define static mappings for a particular host using each provider’s address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as “extendable”. For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation”.

(Reference: http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html)

But it is unclear, what will happen if we don’t use a route-map?

Question 3

Explanation

The command “ip nat inside source list 1 int s0/0 overload” translates all source addresses that pass access list 1, which means all the IP addresses, into an address assigned to S0/0 interface. Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.

Question 4

Explanation

The command “ip nat inside source list 10 interface FastEthernet0/1 overload” configures NAT to overload on the address that is assigned to the Fa0/1 interface.

Question 5

Explanation

This is a static NAT command which translates all the packets received in the inside interface with a source IP address of 172.16.10.8:8080 to 172.16.10.8:80. The purpose of this NAT statement is to redirect TCP Traffic to Another TCP Port.

Question 6

Explanation

NAT64 provides communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). There are two different forms of NAT64, stateless and stateful:

+ Stateless NAT64: maps the IPv4 address into an IPv6 prefix. As the name implies, it keeps no state. It does not save any IP addresses since every v4 address maps to one v6 address. Stateless NAT64 does not conserve IP4 addresses.
+ Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation (1:N translation). It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. Stateful NAT64 converses IPv4 addresses.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

Question 7

Explanation

The “ip nat allow-static-host” command enables static IP address support. Dynamic Address Resolution Protocol (ARP) learning will be disabled on this interface, and NAT will control the creation and deletion of ARP entries for the static IP host.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/nat-12-4-book/iadnat-addr-consv.html

Question 8

Explanation

Network Address Translation-Protocol Translation (NAT-PT) has been deemed deprecated by IETF because of its tight coupling with Domain Name System (DNS) and its general limitations in translation. IETF proposed NAT64 as the viable successor to NAT-PT.

NAT64 technology facilitates communication between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously handling IPv4 address depletion. All viable translation scenarios are supported by NAT64, and therefore NAT64 is becoming the most sought translation technology.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

Question 9

Question 10

Explanation

The syntax should be: ipv6 nat prefix ipv6-prefix / prefix-length (for example: Router# ipv6 nat prefix 2001:DB8::/96)

Comments
  1. Jason
    April 30th, 2016

    Where can I find lab material of CCNP?
    I got books of ccnp 300 101 and others. But on these books there is no lab.

  2. Jarel
    July 7th, 2016

    For question 4 … C is correct as stated.

    Source list 10 specifies local addresses.

    interface FastEthernet0/1 specifies the global address.

    Therefore this is Natting Inside to outside.

  3. tezz
    July 27th, 2016

    Hi, Where are the questions?
    I am logged in but can only see the answers.

  4. Anonymous
    August 9th, 2016

    looking for nuggets at cheap price drop me an email at {email not allowed}..

  5. kk
    September 19th, 2016

    good

  6. what now?
    October 4th, 2016

    All, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  7. rezy
    November 6th, 2016

    can someone provide me the latest dumps?

    {email not allowed}
    Thanks in advance!!!!

  8. rezy
    November 6th, 2016

    can someone provide me the latest dumps?
    rezy_f at t-online.de
    Thanks in advance!!!!

  9. CCNP
    November 12th, 2016

    Hi
    referring to end of the q1 and q2. I thing the packet forwarding it not the job of the NAT this is routing process job “static or dynamic” whatever the roting process decision is the NAT process will translate the result. I mean the NAT translation job comes after the routing process function

  10. CCNP
    November 12th, 2016

    or in this case why not using the pool with PAD as we did with the dynamic NAT

  11. 300-101 Grades4sure
    November 14th, 2016

    Everything you require to get ready and quickly pass the tough Cisco Certified Design Professional 300-101exam with 100% pass guarantee in first attempt. http://www.grades4sure.com/300-101-exam-questions.html

  12. Nina
    November 17th, 2016

    Hey guys, I just wrote now in USA. I Passed 300-101 with 94%. This dumps http://www.testmayor.com/300-101-test.html is valid but a few answers are wrong. Although I don’t expect to pass with a full score, right? If your aim is just to pass the exam, only by memorizing the dumps is enough. But if you want to master skills, you really need to practice more.

  13. Anonymous
    December 2nd, 2016

    router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    Which statement about the command is true?????????

  14. Bad
    December 5th, 2016

    Hello It’s totally a different exam and the questions provided above is provided on the exam.
    and Anonymous i faced the same question today that which is not provided in any dumps questions.

  15. Aussie
    December 14th, 2016

    @digitaltut how can one get the questions to these answeres?

  16. Anonymous
    December 21st, 2016

    refer tot he following command router(config)#ip nat inside source static tcp 172.16.10.8 8080 172.16.1.8 80
    on this command is the 172.16.10.8 8080 going to be translated to 172.16.1.8 80 or vise versa

  17. MaxZero
    December 27th, 2016

    @Anonymous:

    This answer in the TAGWA – TAGELSIR DUMPS is WRONG.

    please have a look at this document:
    http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.pdf

    Any packet received in the inside interface with a source address of 172.16.10.8:8080 is translated to 172.16.10.8:80.
    This also implies that any packet received on the outside interface with a destination address of
    172.16.10.8:80 has the destination translated to 172.16.10.8:8080.

    So the answer is B.
    Make sure you understand the whole concept of NAT port redirection and do not just focus on memorizing the answer, as things may differ in the exam, e.g. they can replace ‘inside’ with ‘outside’ and the answer will then be different.

  18. Anonymous
    January 4th, 2017

    thank you Max

  19. dfdfds
    January 25th, 2017

    sfdsfdsfdsffffffffff

  20. Anonymous
    January 25th, 2017

    exam has been update 10 or 5 new Q

  21. Anonymous
    February 1st, 2017

    Is the 183q worth looking at, or stick to TAGWA and 149q????

  22. Anonymous
    February 2nd, 2017

    Anonymous i took a look at the 183 and now i’m confused buddy

  23. Anonymous
    February 10th, 2017

    Someone please explain this to me. In the 32q set of questions, they show this command:

    ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80

    The answer is “Any packet received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80”

    The other answer is almost identical, but it leaves a space between the IP and port#:

    “Any packet received in the inside interface with a source IP port address of 172.16.10.8 8080 is translated to 172.16.10.8 80”

    Why aren’t both technically correct? Why is the first answer correct and the other not correct???

  24. Anonymous
    May 8th, 2017

    when is the route 300-101 expiry ?

  25. Nik
    May 16th, 2017

    Passed today,
    Used the dumps shared by Anonymous on 4th of April.
    Can validate that this ones are good and they were recently updated

  26. KienNT
    May 17th, 2017

    Hi Nik,
    i will take exam tomorrow
    pls, you share dumps with me
    ngocthanhkien9200 @ gmail dot com
    Thanks

  27. Satoshi
    May 24th, 2017

    @Traian …please share with me the dumps mwasamuan @ gmail . com
    thank you in advance.

  28. AnyMaster
    July 9th, 2017

    router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    Which statement about the command is true?

    Ans: Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80.

    Expl.: you can test it yourself using packet tracer. This command does 2 things:
    (1) if it receives a packet at inside interface with SOURCE-ip=172.16.10.8 AND SRC-PORT=8080, it translates to SRC-IP=172.16.10.8 AND SRC-PORT=80.
    (2) if it receives a packet at outside interface with DST-IP=172.16.10.8 AND DST-port=80, it translates to DST-IP=172.16.10.8 AND DST-port=8080.

  29. nathi
    July 10th, 2017

    @Patrik can you share that dumps to {email not allowed}
    thanks.. writing in weeks time.

  30. nathi
    July 10th, 2017

    @Patrik can you share that dumps to h.bakada @ gmail . com
    thanks.. writing in weeks time.

  31. Pif
    July 13th, 2017

    Could you please explicit more the reponse for Question 4 please.

    I would said that the answer is D but I don’t understand why is A)

    Thanks by advance.

  32. ernie
    July 17th, 2017

    The correct answer in question 4 is D.

  33. Andros
    July 25th, 2017

    Please share lateast dumps with me alanandriulo at gmail dot com

  34. Jynx
    August 8th, 2017
  35. ali
    August 22nd, 2017

    The correct answer for q4 is A

  36. Steffy
    August 28th, 2017

    Hello friends, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com

  1. No trackbacks yet.