What the benefit of using NAT ? - NAT Protect network secuity because private network are not advertised - NAT eliminated the need to re-address all hot that require external access

Which two statement about static NAT transtlation are true ? - there are always present in the NAT table - they are allow the connection from the outside

NAT addresses can be divided into two categories: inside network and outside network which are defined based on the NAT functions. The device that has NAT functions connects the inside and the outside network like a bridge, the NIC connected to the inside network is called "inside" , the NIC connected to the outside network is calle d "outside", that is to say, the inside addresses are used by the inside network devices, while the outside addresses are used by the outside network devices

Addresses can also be divided into local and global addresses. Local address refers to the address that can be seen and used by the inside network devices; while global address refers to the address that can be seen and used by the outside network devices.

These four addresses are:Inside local address is the IP address used by the inside network devices, which is often a private address.

Inside global address is a public address provided by ISP. It is often used when the inside network devices communicate with the outside network devices.

Outside local address is the address used by the outside network device as it appears to the inside network device. It is not necessarily a public network address.

Outside global address is the real address used by the outside network devices.

IP packets sent from the inside network devices regard "inside local address" as the source address and "outside local address" as the destination address. When the packets reach the "inside" interface of the NAT equipment, the addresses will be translated into "inside global address" and "outside global address" , the packets will be out from the "outside" interface .

In the same way, IP packets sent from the outside network devices regard "outside global address" as the source address and "inside global address" as the destination address. When the packets reach the "outside" interface of the NAT equipment, the addresses will be translated into "outside local address" and "inside local address", the packets will be out from the "inside" interface.

You need to configure NAT on a TestKing router that is connected to the Internet. To do so, you must determine what the Inside Global IP addresses will be. What does the "Inside Global" address represent in the configuration of NAT

- A registered address that represents an inside host to an outside network

Explanation : With NAT, Cisco defines 4 different types of addresses as follows:* Inside local address : The IP address assigned to a host on the inside network. This is the address

configured as a parameter of the computer's OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.

* Inside global address : A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.

* Outside local address : The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.

* Outside global address : The IP address assigned to a host on the outside network by the host's owner. The address is allocated from a globally routable address or network space.

The above definitions still leave a lot to be interpreted. For this example, this document redefines these terms by first defining "local address" and "global address." Keep in mind that the terms "inside" and "outside" are NAT definitions. Interfaces on a NAT router are defined as "inside" or "outside" with the NAT configuration commands, ip nat inside and ip nat outside. Networks to which these interfaces connect can then be thought of as "inside" networks or "outside" networks, respectively.

* Local address : A local address is any address that appears on the "inside" portion of the network.* Global address : A global address is any address that appears on the "outside" portion of the network.

The router has been configured with these commands:

hostname Gatewayinterface FastEthernet 0/0ip address 198.133.219.14 255.255.255.248no shutdowninterface FastEthernet 0/1ip address 192.168.10.254 255.255.255.0no shutdowninterface Serial 0/0ip address 64.100.0.2 255.255.255.252no shutdownip route 0.0.0.0 0.0.0.0 64.100.0.1

What are the two results of this configuration? (Choose two.)- The addressing scheme allows users on the Internet

to access the WWW server.- Hosts on the LAN that is connected to FastEthernet

0/1 will not be able to access the Internet without address translation.

Which one of the following varieties of NAT utilizes different ports to map multiple IP addresses to a single globally registered IP address? NAT Overloading

Question TestKing has 25 computers and decides to connect the network to the Internet. TestKing would like for all of the computers to have access to the Internet at the same time, but TestKing only has four usable

publicly routable IP addresses. What should be configured on the router so that all computers can connect to the Internet simultaneously?

Dynamic NAT with overload

Explanation:NAT overload, also called many to one NAT or Port Address Translation (PAT) allows for many IP hosts to share a single IP address when connecting to the outside. In this case, the use of dynamic NAT with overloading will allow for the 25 hosts to use an IP address from the NAT pool, which will contain the 4 public IP addresses.

The network at the Testking has just been configured for NAT as shown. Initial tests indicate that everything is functioning as intended. However, it is found that a number of hosts cannot access the Internet. What is the problem?

- There are not enough IP addresses available in the NAT address pool.

Explanation :According to the configuration shown above, the NAT pool only specifies 5 IP addresses (192.0.2.161-165) while there are 16 hosts on the network that need to be translated. This explains why everything functions well for the first hosts, but not for the rest. To fix this issue, more IP addresses need to be specified in the NAT pool named SOS, or alternatively the "overload" keyword could be used to specify many to one address translation, or PAT.

Several internal addresses can be NATed to only one or a few external addresses by using a feature called Port Address Translation (PAT) which is also referred to as "overload", a subset of NAT functionality.PAT uses unique source port numbers on the Inside Global IP address to distinguish between translations. Because the port number is encoded in 16 bits, the total number could theoretically be as high as 65,536 per IP address. PAT will attempt to preserve the original source port, if this source port is already allocated PAT will attempt to find the first available port number starting from the beginning ofthe appropriate port group 0-5111, 512-1023 or 1024-65535. If there is still no port available from the appropriate group and more than one IP address is configured, PAT will move to the next IP address and try to allocate the original source port again. This continues until it runs out of available ports and IP addresses.Alternatively, we could have configured port address translation, or NAT overload, to provide Internet access to the given number of hosts.

The ip subnet-zero configuration command is also in effect on router TK1. After this router performs network address translation, which address is a valid "inside global address"? 199.99.9.47

ExplanationUsing NAT we can translate the Source or Destination Address. In our example all source address from the 10.10.00 0.0.0.255 network will be translated to an IP address form the 199.99.9.40-62 pool.

Study the exhibit carefully. You are required to perform configurations to enable internet access. The TestKing ISP has given you six public IP addresses in the 198.18.227.25 198.18.227.30 range. TestKing.com has 30 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.107.33 - 192.168.107.62 range.

You need to configure Router TestKing1 using the TestKingA console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.

Testking1# enableTestking1# config tTestking1(Config)# access-list 1 permit 192.168.107.33 0.0.0.30Testking1(Config)# access-list 1 deny anyTestking1(Config)# interface fa0/0Testking1(Config-if)# ip nat insideTestking1(Config-if)# exitTestking1(Config)#interface s0/0Testking1(Config-if)#ip nat outsideTestking1(Config-if)#exitTestking1(Config)#ip nat pool test_nat 198.18.227.25 198.18.227.30 prefix-length 24 Testking1(Config)#ip nat inside source list 1 pool test_nat overload

Verify using: Testking1#show ip nat translations

You are required to perform configurations to enable internet access. The TestKing ISP has given you six public IP addresses in the 198.18.184.105 198.18.184.110/29 range. TestKing.com has 14 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.100.17 - 192.168.100.30/28 range.

You need to configure Router TestKing1 using the TestKingA console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.

interface FastEthernet0/0no ip addressno ip directed-broadcastip nat inside!interface Serial0/0no ip directed-broadcastip nat outside!ip nat pool nat_test 198.18.184.105 198.18.184.110 netmask 255.255.255.248ip nat inside source list 1 pool nat_test overloadip classlessno ip http server!!access-list 1 permit 192.168.100.16 0.0.0.15

Refer to the exhibit. Addresses within the range 10.10.10.0/24 are not being translated to the 1.1.128.0/16 range. Which command shows if 10.10.10.0/24 are allowed inside addresses?

Show access-list

The administrator of the TestKing network needs to ensure that a web server in their network is accessible from the Internet. Since the network uses private addressing, this requires an IP-to-registered-address mapping. The following command is entered on the router:

TestKing1(config)# ip nat inside source static 192.168.2.1 198.18.1.254

After unsuccessful results from a ping to the Internet, the administrator issues the show ip nat translations command and the output is blank. What could be the problem with the NAT configuration for this mapping?

- The interfaces need to be configured for NAT.

What two statements are true of the planned configuration for interface fa0/1? (Choose two)

- Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown.

- Address translation on fa0/1 is not required for DMZ Devices to access the Internet.

Explanation :Fa0/1 address already routeable IP address, no need to be translate to reach internet

You work as a network administrator at TestKing.com. You study the exhibits carefully. TestKing4 can ping TestKing5 (172.16.6.5), but not TestKing7 (172.16.11.7). There are no routing protocols running in any of the routers. TestKing4 has TestKing6 as its default gateway. What can be done to address this problem?

- Add a static route in TestKing7 back to TestKing4.

Explanation :

In this example NAT is translating the 10.10.10.4 (TestKing4 router IP) statically to 172.16.6.14. However, we can see that TestKing7 does not have any route to the 172.16.6.0/24 network so there is no way for TestKing7 to return the ping traffic back to TestKing4. Configuring a static route to the 172.16.6.0 network will fix this problem. Note: The reason that pings to TestKing5 work is because it knows how to get back to the 172.16.6.0/24 network, since this network resides on its directly connected interface.

Refer to the exhibit. What does the (*) represent in the output?

Packet was translated and fast switched to the destination.

Need Explanation :

Refer to the exhibit. What command sequence will enable PAT from the inside to outside network?

R1(config) ip nat inside source list 1 interface ethernet1 overload

Refer to the exhibit. Which command would allow the translations to be created on the router?

ip nat pool mynats 1.1.128.1 1.1.135.254 prefix-length 19

explanation ; Refer to the exhibit. A junior network engineer has prepared the exhibited configuration file. What two statements are true of the planned configuration for interface fa0/1? (Choose two.)

Question:

You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range.9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range.You need to configure Router1 using the PC1 console.You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.Now you are required to finish the configuration of Router1.

Solution

The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)

Double click on PC1 to access Router1′s command line interface

Router1>enableRouter1#configure terminal

Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)

Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Establish dynamic source translation, specifying the access list that was defined in the prior step

Router1(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Router1(config)#interface fa0/0Router1(config-if)#ip nat inside

Router1(config-if)#exit

Router1(config)#interface s0/0Router1(config-if)#ip nat outside

Before leaving Router1, you should save the configuration:

Router1(config)#end (or Router1(config-if)#end)Router1#copy running-config startup-config

Check your configuration by going to PC2 and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

Question

A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.

The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.

Configuration informationrouter name – Weaverinside global addresses – 198.18.184.105 198.18.184.110/29 inside local addresses – 192.168.100.17 – 192.168.100.30/28 

number of inside hosts – 14

The following have already been configured on the router：

- The basic router configuration

- The appropriate interfaces have been configured for NAT inside and NAT outside

- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)

- All passwords have been temporarily set to “cisco”

The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)

Double click on the Weaver router to open it

Router>enableRouter#configure terminal

First you should change the router’s name to Weaver

Router(config)#hostname Weaver

Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reports that the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step

Weaver(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Weaver(config)#interface fa0/0Weaver(config-if)#ip nat inside

Weaver(config-if)#exit

Weaver(config)#interface s0/0Weaver(config-if)#ip nat outsideWeaver(config-if)#end

Finally, we should save all your work with the following command:

Weaver#copy running-config startup-config

Check your configuration by going to “Host for testing” and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

Refer to the exhibit. Addresses within the range 10.10.10.0/24 are not being translated to the 1.128.0/16 range. Which command shows if 10.10.10.0/24 are allowed inside addresses?

show ip nat statistics

NAT has been used to converting all IP address on the internal network to the single address 128.107.1.1 as traffic is routed forward the internet. Which of these statement accurately describe what will happen when IP traffic return from the internet destined for host on the internal network.

P4S-ER can use the directly connected interface on the 128.107.1.0 network to route return traffic to its originators

Refer to the exhibit. Router4 can ping Router5 (172.16.6.5), but not Router7 (172.16.11.7). There are no routing protocols running in any of the routers, and Router4 has Router6 as its default gateway. What can be done to address this problem?

Add a static route in Router7 back to Router4.

in this example NAT is translating the 10.10.10.4 (Router4 IP) statically to 172.16.6.14. However, we can see that Router7 does not have any route to the 172.16.6.0/24 network so there is no way for Router7 to return the ping traffic back to Router4. Configuring a static route to the 172.16.6.0 network will fix this problem. Note: The reason that pings to Router5 work is because it knows how to get back to the 172.16.6.0/24 network, since this network resides on its directly connected interface.