New CCNA – NAT PAT Questions

Note: If you are not sure about NAT PAT, please read our Network Address Translation NAT Tutorial.

Question 1

Which two statements about static NAT translations are true? (choose two)

A. They are always present in the NAT table.
B. They allow connection to be initiated from the outside.
C. They can be configured with access lists, to allow two or more connections to be initiated from the outside.
D. They require no inside or outside interface markings because addresses are statically defined.

Answer: A B

Explanation

With static NAT, translations exist in the NAT translation table as soon as you configure static NAT command(s), and they remain in the translation table until you delete the static NAT command(s).

With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. Dynamic translations have a timeout period after which they are purged from the translation table.

-> A is correct.

Because static NAT translations are always present in the NAT table so outside hosts can initiate the connection without being dropped -> B is correct.

Static translations can not be configured with access lists. To configure static NAT, we only need to specify source IP, NAT IP, inside interface & outside interface.

-> C is not correct.

We have to specify which is the inside and outside interface -> D is not correct.

For your information, below is an example of configuring static NAT:

R0(config)#int f0/0
R0(config-if)#ip nat inside

R0(config-if)#int f0/1
R0(config-if)#ip nat outside

R0(config)#ip nat inside source static 10.0.0.1 200.0.0.2

(Reference: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml)

Question 2

What are two benefits of using NAT? (choose two)

A. NAT protects network security because private networks are not advertised.
B. NAT accelerates the routing process because no modifications are made on the packets.
C. Dynamic NAT facilitates connections from the outside of the network.
D. NAT facilitates end-to-end communication when IPsec is enable.
E. NAT eliminates the need to re-address all host that require external access.
F. NAT conserves addresses through host MAC-level multiplexing.

Answer: A E

Explanation

By not reveal the internal IP addresses, NAT adds some security to the inside network -> A is correct.

NAT has to modify the source IP addresses in the packets -> B is not correct.

Connection from the outside to a network through “NAT” is more difficult than a normal network because IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication Header (AH) -> more complex -> D is not correct.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-address the inside hosts -> E is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves addresses by allowing many private IP addresses to use the same public IP address to go to the Internet -> F is not correct.

Question 3

Refer to the exhibit. What statement is true of the configuration for this network?

A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
C. The number 1 referred to in the ip nat inside source command references access-list number 1.
D. ExternalRouter must be configured with static routers to network 172.16.2.0/24

Answer: C

Explanation

The “list 1″ refers to the access-list number 1.