300-410 NAT and PAT • Complete Question Bank
Complete 300-410 NAT and PAT question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- ---
R1# show ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 45 Misses: 0 CEF Translated packets: 45, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 3 map-id 1 overload
[Id] ip nat inside source list ACL1 pool POOL1 overload
refcount 3
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.0.2.10:5678 10.0.0.10:5678 198.51.100.20:80 198.51.100.20:80 --- 192.0.2.11 10.0.0.11 --- ---
R1# show ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 100 Misses: 0 CEF Translated packets: 100, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 3 map-id 1 overload
[Id] ip nat inside source list ACL1 pool POOL1 overload
refcount 3
Based on this output, what is the problem?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 203.0.113.5 203.0.113.5 --- 192.0.2.11 10.0.0.11 203.0.113.5 203.0.113.5
R1# show ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 20 Misses: 0 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 2 map-id 1
[Id] ip nat inside source list ACL1 pool POOL1
refcount 2
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- ---
R1# show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 5 Misses: 0 CEF Translated packets: 5, CEF Punted packets: 0 Expired translations: 0
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global tcp 192.0.2.10:80 10.0.0.10:80 203.0.113.5:12345 203.0.113.5:12345 tcp 192.0.2.10:80 10.0.0.11:80 203.0.113.5:67890 203.0.113.5:67890
R1# show ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 2 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50 Misses: 0 CEF Translated packets: 50, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload
refcount 2
Based on this output, what is the problem?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- ---
R1# show ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 10 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 2 map-id 1
[Id] ip nat inside source list ACL1 pool POOL1
refcount 2
Based on this output, what is the problem?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- --- 192.0.2.13 10.0.0.13 --- --- --- 192.0.2.14 10.0.0.14 --- --- --- 192.0.2.15 10.0.0.15 --- --- --- 192.0.2.16 10.0.0.16 --- --- --- 192.0.2.17 10.0.0.17 --- --- --- 192.0.2.18 10.0.0.18 --- --- --- 192.0.2.19 10.0.0.19 --- --- --- 192.0.2.20 10.0.0.20 --- ---
R1# show ip nat statistics
Total active translations: 11 (0 static, 11 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 200 Misses: 0 CEF Translated packets: 200, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 11 map-id 1
[Id] ip nat inside source list ACL1 pool POOL1
refcount 11
Based on this output, what is the problem?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- ---
R1# show ip nat statistics
Total active translations: 1 (0 static, 1 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240
refcount 1 map-id 1
[Id] ip nat inside source list ACL1 pool POOL1
refcount 1
Based on this output, what is the problem?
A network engineer runs the following command on Router R1:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:10000 10.0.0.10:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10001 10.0.0.11:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10002 10.0.0.12:10000 203.0.113.5:53 203.0.113.5:53
R1# show ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 150 Misses: 0 CEF Translated packets: 150, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source
[Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload
refcount 3
Based on this output, which statement is correct?
Consider the following partial configuration on a Cisco IOS-XE router:
interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside
!
interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255
What is the effect of this configuration?
Given this partial configuration:
ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0 ip nat inside source list 1 pool MYPOOL access-list 1 permit 192.168.1.0 0.0.0.255
What is the effect?
Examine this configuration:
interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside
!
interface GigabitEthernet0/1 ip address 198.51.100.1 255.255.255.0 ip nat outside
!
ip nat inside source static tcp 10.0.0.10 80 198.51.100.10 8080 extendable
Which statement is true?
What is the problem with this NAT configuration?
interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside
!
interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255
Given this configuration:
ip nat pool GLOBAL 203.0.113.1 203.0.113.10 prefix-length 28 ip nat inside source list 10 pool GLOBAL overload access-list 10 permit 10.0.0.0 0.255.255.255
What is the effect?
Consider this partial configuration:
ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255
!
interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside
!
interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside
!
interface GigabitEthernet0/2 ip address 172.16.0.1 255.255.255.0 ip nat inside
What is true about traffic from the 172.16.0.0/24 network?
A network engineer runs the following command to troubleshoot a NAT issue:
R1# debug ip nat detailed
NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [45] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [46] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [47] NAT*: s=192.168.1.1, d=10.2.2.2->10.1.1.1 [48] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [49]
What does this output indicate?
A network engineer runs the following command to verify NAT translations:
R1# show ip nat translations verbose
Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1 create 00:00:15, use 00:00:05, flags: extended, timing-out
What does the 'extended' flag indicate?
A network engineer runs the following command to troubleshoot PAT exhaustion:
R1# show ip nat statistics
Total active translations: 1024 (0 static, 1024 dynamic; 1024 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50000 Misses: 10 CEF Translated packets: 45000, CEF Punted packets: 5000 Expired translations: 2000 Dynamic mappings: -- Inside Source
[Id: 1] access-list NAT permit ip 10.0.0.0 0.255.255.255 any
refcount 1024, pool MyPool pool MyPool: netmask 255.255.255.240 start 203.0.113.1 end 203.0.113.14 type generic, total addresses 14, allocated 14 (100%), misses 0
What is the most likely issue?
A network engineer runs the following command to debug NAT with access lists:
R1# debug ip nat access-list 100
NAT: access list 100 matched ip 10.1.1.1 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.2 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.3 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.4 -> 192.168.1.1
What does this output indicate?
A network engineer runs the following command to verify NAT on a VRF:
R1# show ip nat translations vrf CUSTOMER
Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1
What is the purpose of the 'vrf CUSTOMER' parameter?
A network engineer runs the following command to debug NAT with overload:
R1# debug ip nat overload
NAT: overload: s=10.1.1.1:1234->203.0.113.1:5678, d=192.168.1.1:80 [50] NAT: overload: s=10.1.1.1:1235->203.0.113.1:5679, d=192.168.1.1:80 [51] NAT: overload: s=10.1.1.2:80->203.0.113.1:5680, d=192.168.1.1:1024 [52]
What does this output indicate?
A network engineer runs the following command to verify NAT after a fix:
R1# show ip nat translations
Pro Inside global Inside local Outside local Outside global --- 203.0.113.1 10.1.1.1 192.168.1.1 192.168.1.1 --- 203.0.113.2 10.1.1.2 192.168.1.2 192.168.1.2
What is the most likely configuration?
A network engineer runs the following command to debug NAT with route maps:
R1# debug ip nat policy
NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: route-map RM-NAT permit 10 match ip address 100 set ip next-hop 10.0.0.1
What does this output indicate?
A network engineer runs the following command to verify NAT on an interface:
R1# show ip nat interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up NAT: inside, active NAT: outside, active NAT: overload, active
What is the issue with this configuration?