Home > NAT/PAT Questions

NAT/PAT Questions

February 6th, 2017 Go to comments

Question 1

Question 2

Explanation

By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.

Question 3

Explanation

NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

NAT_terms_explained.jpg

Question 4

Question 5

Explanation

NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world -> This is the public IP address of a NAT device.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

NAT_terms_explained.jpg

Question 6

Explanation

An example of the output of the “show ip nat statistics” is shown below. As we can see, the “Hits” counter is displayed.

show_ip_nat_statistics.jpg

Question 7

Explanation

By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

Question 8

Explanation

In NAT configuration we should specify the inside and outside interfaces first with the command “ip nat inside” and “ip nat outside” under interface mode.

Question 9

Question 10

Explanation

When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses.

For example the command:

Router(config)# ip nat inside source list 1 pool PoolforNAT

after the keyword “source” we need to specify one of the three keywords:

+ list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping

Question 11

Explanation

There are two types of NAT translation: dynamic and static.

Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.

In this question we only want to translate a single inside address to a single outside address so static NAT should be used.

Question 12

Explanation

By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct.

NAT has to modify the source IP addresses in the packets -> B is not correct.

Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

Comments (10) Comments
  1. Tepi
    February 8th, 2017

    Q9 .. the term “one-way” NAT is confusing (and could refer to answer B or D). However if the wording was “one-to-one” NAT then answer B (as suggested) makes sense ?

  2. AShi
    February 28th, 2017

    Q8 .. Refer to NAT ( Dynamic ) configuration , first step is define the pool of addresses that will be used for translation using the ip nat pool command.

    ” R#(config): ip nat pool (pool name) start ip end ip {Netmask | Prefix length } ”

    i guess “C” is correct answer .

  3. joetheplummer
    March 18th, 2017

    ^^^ AGREE WITH AShi^^^

    source: CCNA R&S Portable Command Guide 4th ed. pg. 207 step #2.

  4. joetheplummer
    March 19th, 2017

    *** DISAGREE WITH AShi:***

    source URL: http://www.ciscopress.com/articles/article.asp?p=25273&seqNum=4

    Configuring NAT

    The first step in configuring NAT is to designate the inside and outside interfaces.

    This book was published in 2002; may be out of date…

  5. vla
    April 4th, 2017

    please assist
    Which two command can you enter to display the current time sources statistics on devices ? (Choose two)

    A. Show ntp associations.
    B. Show clock details
    C. Show clock.
    D. Show time.
    E. Show ntp status

  6. vla
    April 4th, 2017

    When troubleshooting client DNS issues, which two task must you perform? (Choose two)

    A. Ping a public website IP address.
    B. Ping the DNS Server.
    C. Determine whether the name servers have been configured.
    D. Determine whether a DHCP address has been assigned.
    E. Determine whether the hardware address is correct.

    ANSWER: B, C?

  7. vla
    April 4th, 2017

    78. Which two statements about using leased lines for your WAN infrastructure are true? (Choose two.) A. Leased lines provide inexpensive WAN access
    B. Leased lines with sufficient bandwidth can avoid latency between endpoints
    C. Leased lines require little installation and maintenance expertise
    D. Leased lines provide highly flexible bandwidth scaling
    E. Multiple leased lines can share a router interface F. Leased lines support up to T1 link speeds

    ANSWER: C,D?

  8. vla
    April 4th, 2017

    which two steps must you perform to enable router-on-stick on a switch ?
    A. connect the router to a trunk port
    B. configure the subnet number exactly the same as the matching VLAN
    C. configure full duplex
    D. configure an ip route to the vlan destination network
    E. assign the access port to the vlan

    ANSWER: A,B?

  9. KACS
    April 27th, 2017

    Which two command can you enter to display the current time sources statistics on devices ?
    Answers: 1-Show ntp associations. 2-Show ntp status

    When troubleshooting client DNS issues, which two task must you perform?
    Answers: 1-Ping the DNS Server. 2-Determine whether the name servers have been configured.

    Which two statements about using leased lines for your WAN infrastructure are true?
    Answers: 1-Leased lines require little installation and maintenance expertise. 2-Leased lines provide highly flexible bandwidth scaling.

    Which two steps must you perform to enable router-on-stick on a switch ?
    Answers: 1-Connect the router to a trunk port. 2-Configure the subnet number exactly the same as the matching VLAN

  10. Muhammad Mohyuddin
    May 16th, 2017

    Which two command can you enter to display the current time sources statistics on devices ? (Choose two)
    A. Show ntp associations.
    B. Show clock details
    C. Show clock.
    D. Show time.
    E. Show ntp status

    Answer: A, E