NAT and PAT questions cover static NAT (one-to-one), dynamic NAT (pool-based), and PAT/overload (many-to-one using port numbers). The CCNA asks you to read NAT table output, fix misconfigured NAT, and match the right NAT type to a scenario.
Start Scenario PracticeDrag and drop the steps of VRF-aware NAT configuration for path isolation into the correct order, from first to last.
Explanation: First, you create the VRF and assign an RD. Then, you configure the NAT inside and outside interfaces under the VRF. Next, you define the NAT pool and access list for translation. After that, you apply the NAT rules with 'ip nat inside source' referencing the VRF. Finally, you verify NAT translations using 'show ip nat translations vrf'.
A network engineer issues the following command on Router R6: R6# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.1.100 10.0.0.10 --- --- --- 192.168.1.101 10.0.0.11 --- --- udp 192.168.1.100:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.168.1.101:80 10.0.0.11:80 198.51.100.2:443 198.51.100.2:443 Based on this output, what is true about the NAT translations?
Explanation: The output shows dynamic NAT translations with inside local and inside global addresses. The presence of protocol-specific translations (udp, tcp) indicates PAT (NAT overload) is in use for some traffic.
interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat outside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ! access-list 1 permit 192.168.1.0 0.0.0.255 ! ip nat inside source list 1 interface GigabitEthernet0/0 overload What is the effect of this configuration?
Explanation: This is a standard NAT overload (PAT) configuration. The inside network 192.168.1.0/24 is translated to the IP address of the outside interface (GigabitEthernet0/0) using port address translation. All inside hosts share the outside interface IP address.
A network engineer is configuring a Cisco router to provide internet access to a small office using a single public IP address assigned by the ISP. The engineer wants to allow internal hosts to initiate connections to the internet, but also needs to make a web server on the internal network reachable from the internet. The engineer configures a standard access list for NAT and an ip nat inside source list command. However, external users cannot reach the internal web server. What is the most likely cause?
Explanation: The scenario requires both dynamic NAT (for outbound traffic) and static NAT (for inbound access to the web server). Using only a dynamic NAT configuration with an access list will not provide a permanent mapping for the web server.
A network engineer is troubleshooting a NAT issue where an internal host cannot establish an SSH session to a remote server on the internet. The engineer checks the NAT translations on the border router and sees that the translation for the host's source IP is present. However, the SSH session times out. The engineer also notices that the remote server's IP is not in the NAT translation table. What is the most likely cause?
Explanation: For a successful NAT session, both the outbound and inbound translations must be present. If only the outbound translation exists, the return traffic is not being translated back correctly, possibly due to asymmetric routing or a missing route.
+10 more scenario questions available
Practice all NAT and PAT Configuration ScenariosNAT and PAT questions cover static NAT (one-to-one), dynamic NAT (pool-based), and PAT/overload (many-to-one using port numbers). The CCNA asks you to read NAT table output, fix misconfigured NAT, and match the right NAT type to a scenario. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.
Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.
Launch a full NAT and PAT Configuration Scenarios session with instant scoring and detailed explanations.
Start Scenario Practice →