Home > NAT Questions

NAT Questions

January 17th, 2021 Go to comments

Note: If you are not sure about NAT PAT, please read our Network Address Translation NAT Tutorial.

Question 1

Question 2

Explanation

Maybe this question wanted to ask “which IP address is the source IP at the receiving side?” as there are two correct answers for inside local IP address (10.4.4.4 & 10.4.4.5) so they cannot be the correct answer.

NAT_terms_explained.jpg

Question 3

Explanation

By adding the keyword “overload” at the end of a NAT statement, NAT becomes PAT (Port Address Translation). This is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.

An example of using “overload” keyword is shown below:

R1(config)# ip nat inside source list 1 interface ethernet1 overload

Question 4

Explanation

NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
* Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

NAT_terms_explained.jpg

Question 5

Explanation

The “ip nat inside” command was wrongly configured with inside local address of 192.168.11.254 while it should be 192.168.11.11, which is the IP address of the web server.

Question 6

Explanation

The command “ip nat inside source list 1 pool mypool” (notice the keyword “inside”, not “outside”).

This command translates all source addresses that pass access list 1, which means a source address from 10.10.0.0/24, into an address from the pool named mypool (the pool contains addresses from 192.168.3.1 to 192.168.3.3).

Comments (23) Comments
  1. Tiji
    May 11th, 2020

    q2 why ans C ?

  2. Triple777
    July 11th, 2020

    Q2 Im not sure C is the correct answer. I think the correct answer is D

  3. guille
    July 15th, 2020

    i think the correct answer is D . it is beacuse when a nat has taken place the new source ip will be the inside global and the destined ip will be the outside global

  4. JD
    July 21st, 2020

    I think author of Q2 meant the “source IP from which the communication reaches the target”. This would be 172.23.104.4

  5. Yo
    October 6th, 2020

    Q4. Outside local ip is not global ip addres?

  6. casi
    November 26th, 2020

    The answer depends on the point of view.
    From the inside view it is the inside local,
    from the Nat router view it is the inside global.

    I think we look here from the nat-router view then the source address is the inside global.
    Answer D ist the correct Answer

  7. Anonymous
    January 21st, 2021

    @9tut could you please explain why option D is not the correct answer for question number 2?

  8. haji gul
    January 23rd, 2021

    in q#2 the source inside ip addrss is 172.23.104.4 i think the right answer is D

  9. Nena
    March 26th, 2021

    I would also confirm that answer for Q2 is D

  10. Otabek
    April 17th, 2021

    If you have any questions from Cisco, please leave them to me telegram link Otabek3633

  11. Anonymous
    May 12th, 2021

    Q2 – C & D both can be correct answer.
    When the engineer establishes telnet to the router source IP is 172.23.103.10 (outside local). But when an https connection is established source IP is 172.23.104.4 (inside global). I feel the question should have specified “from which connection point of view”.

  12. Patrick
    May 28th, 2021

    I understand NAT/PAT, but in a real world network how would a client from a branch office connect to a (server or specific host in a head office). How would the Packet find its way, what would you use.
    Thanks Patrick.

  13. Anonymous
    October 9th, 2021

    @9tut and @all: At Q2, 172.23.103.10 is the destination address, so I guess it’s not the correct answer. Please verify.

  14. Konradg
    June 15th, 2022

    Hi, could someone say where are qustions ? I’v got only Mar_2022.pdf and I don’t see question for this answers

  15. Anonymous
    July 13th, 2022

    Thank God Q2 answer is D. I was trying my best to understand and workout why it was C. Cheers for the input.

  16. tajamal
    September 6th, 2022

    no questions

  17. Trigger
    September 25th, 2022

    The question is misleading for#2. Prob D. But why would you use a private address for inside global

  18. Rictorres333
    September 27th, 2022

    More about Q2:

    Without NAT command and looking at translation:

    R1#show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    tcp 172.23.104.3:43268 10.4.4.4:43268 172.23.103.10:23 172.23.103.10:23
    tcp 172.23.104.4:45507 10.4.4.5:45507 172.23.103.10:80 172.23.103.10:80

    Asking for a source only have two posibility 172.23.104.3 and 4, because of ports at Outside global, the are wellknown ports, ports of services, destiny ports of traffic started on then inside global side, the real source, in command:
    ip nat inside source list (172.23.104.3,172.26.104.4,..) 172.23.103.10

  19. Homeless
    June 15th, 2024

    @9tut, why is that the correct answer of Q6 is “C” even if the wild card mask is incorrect?

    I think it should be “D” because the wild card mask is 0.0.0.254 which is matched with 10.10.0.0/24

  20. Homeless
    June 15th, 2024

    I stand corrected. The correct answer is “C” :)

  21. Anonymous
    July 11th, 2024

    Q1)

    Which statement about the nature of NAT overload is true?
    A. applies a one-to-many relationship to internal IP addresses
    B. applies a one-to-one relationship to internal IP addresses
    C. applies a many-to-many relationship to internal IP addresses
    D. can be configured only on Gigabit interface

    PAT (NAT Overloading): is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports.

    A is the best answer from the choices given, but why do we continue to see questions and answer sets that seem to be intentionally misleading?

    Why not just make the answer choice exactly what YOU put in your notes and material? I understand that you are trying to teach and challenge the information, but sometimes that challenge obfuscates the overall concept that you are trying to teach here.

    Folks don’t need to be spending a ridiculous amount of time studying a very basic concept of NAT, but the way you craft your questions makes me question even my most basic understanding of something. It’s just not necessary for CCNA.

    Cisco should be encouraging folks to take these exams so they can move on and learn much harder concepts, but instead trying to solve these riddles.  

  22. Anonymous
    July 29th, 2024

    Q2
    I copy and paste the whole question to chatgpt. The ans is same with mine, and chatgpt very sure on his ans.

  23. umi_aussi
    September 8th, 2024

    unable to see the questions ..why is that so

Add a Comment