Back to CCNA 200-301 v2 questions

Scenario-based practice

NAT and PAT Configuration Scenarios

Practise 200-301 NAT and PAT questions covering address translation types, inside/outside interface roles, static vs dynamic vs PAT, and troubleshooting missing or incorrect translations.

15
scenario questions
200-301
exam code
Cisco
vendor

Scenario guide

How to approach nat and pat configuration scenarios

NAT and PAT questions cover static NAT (one-to-one), dynamic NAT (pool-based), and PAT/overload (many-to-one using port numbers). The CCNA asks you to read NAT table output, fix misconfigured NAT, and match the right NAT type to a scenario.

Quick answer

NAT questions usually test how private addresses are translated, when to use static NAT, dynamic NAT or PAT, and how inside/outside interfaces affect traffic flow.

Static NAT, dynamic NAT and PAT behaviour.

Inside local, inside global, outside local and outside global address meanings.

How NAT affects connectivity between private networks and public destinations.

How to troubleshoot NAT rules, ACL matches and interface direction.

Related practice questions

Related 200-301 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

A small office uses PAT for user Internet access. What mechanism does PAT use to allow many users to share one public address while keeping their sessions distinct?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

Exhibit: Users report no internet access after PAT was configured. The inside and outside interfaces are marked correctly. Which missing configuration is the most likely cause?

Exhibit

Configured:
interface G0/0
 ip nat inside
interface G0/1
 ip nat outside
No translations appear in 'show ip nat translations'.

You are connected to R1 in a small office network. Configure PAT (NAT overload) so that hosts on the 192.168.1.0/24 LAN can access the Internet via the public IP 203.0.113.1 (the IP assigned to interface G0/0). Also configure a static NAT for the internal web server at 192.168.1.10 to the public IP 203.0.113.6. The current configuration has errors: the inside/outside interface assignments are swapped, the ACL for PAT does not match the inside subnet, and the PAT rule points to the wrong ACL. Fix all issues so that both PAT and static NAT work correctly.

Exhibit

R1# show running-config | section ip nat
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.10 80 203.0.113.6 80
!
ip nat inside source list 2 interface GigabitEthernet0/0 overload
!
interface GigabitEthernet0/0
 ip address 203.0.113.1 255.255.255.248
 ip nat inside
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat outside
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
Question 4hardmultiple choice
Read the full NAT/PAT explanation →

A network administrator has configured dynamic NAT on a Cisco router to allow internal hosts to access the Internet. Internal hosts can ping external servers, but external hosts cannot initiate connections to any internal host. The administrator checks the NAT translations. What is the most likely cause of this behavior?

Exhibit

R1# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 203.0.113.10       192.168.1.10       ---                ---
--- 203.0.113.11       192.168.1.11       ---                ---
--- 203.0.113.12       192.168.1.12       ---                ---
--- 203.0.113.13       192.168.1.13       ---                ---
--- 203.0.113.14       192.168.1.14       ---                ---
--- 203.0.113.15       192.168.1.15       ---                ---
--- 203.0.113.16       192.168.1.16       ---                ---
--- 203.0.113.17       192.168.1.17       ---                ---
--- 203.0.113.18       192.168.1.18       ---                ---
--- 203.0.113.19       192.168.1.19       ---                ---
--- 203.0.113.20       192.168.1.20       ---                ---
--- 203.0.113.21       192.168.1.21       ---                ---
--- 203.0.113.22       192.168.1.22       ---                ---
--- 203.0.113.23       192.168.1.23       ---                ---
--- 203.0.113.24       192.168.1.24       ---                ---
--- 203.0.113.25       192.168.1.25       ---                ---
--- 203.0.113.26       192.168.1.26       ---                ---
--- 203.0.113.27       192.168.1.27       ---                ---
--- 203.0.113.28       192.168.1.28       ---                ---
--- 203.0.113.29       192.168.1.29       ---                ---
--- 203.0.113.30       192.168.1.30       ---                ---
Question 5hardmultiple choice
Read the full NAT/PAT explanation →

A network administrator configured dynamic NAT on a Cisco router to allow internal hosts to access the internet. After the configuration, users report that they can access some websites but not others. The administrator checks the router and discovers that the NAT translation table is full, and new connection attempts are being dropped. What is the most likely cause of this issue?

Exhibit

R1# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 192.0.2.10         10.0.0.10          ---                ---
--- 192.0.2.11         10.0.0.11          ---                ---
--- 192.0.2.12         10.0.0.12          ---                ---
--- 192.0.2.13         10.0.0.13          ---                ---
--- 192.0.2.14         10.0.0.14          ---                ---
--- 192.0.2.15         10.0.0.15          ---                ---
--- 192.0.2.16         10.0.0.16          ---                ---
--- 192.0.2.17         10.0.0.17          ---                ---
--- 192.0.2.18         10.0.0.18          ---                ---
--- 192.0.2.19         10.0.0.19          ---                ---

R1# show running-config | include ip nat
ip nat pool MYPOOL 192.0.2.10 192.0.2.19 netmask 255.255.255.240
ip nat inside source list 1 pool MYPOOL

You are connected to R1 via the console. R1's GigabitEthernet0/0 (10.0.0.1/30) connects to an ISP router at 10.0.0.2/30. The internal network has a web server at 192.168.1.10 and a mail server at 192.168.1.20. You need to configure NAT so that internal hosts can access the internet (PAT overload) and external users can reach the web server via public IP 203.0.113.10 and the mail server via public IP 203.0.113.11. The inside interface is GigabitEthernet0/1 (192.168.1.1/24) and the outside interface is GigabitEthernet0/0.

Question 7mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure PAT (overload) on a Cisco router using a single public IP address on the outside interface.

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A branch router is configured for NAT overload. The inside interface Gi0/0 is correctly marked ip nat inside, and the outside interface Gi0/1 is ip nat outside. The NAT statement uses access-list 1 permit 10.1.1.0 0.0.0.255 with ip nat inside source list 1 interface Gi0/1 overload. Inside hosts are in the 192.168.1.0/24 subnet and still reach the ISP with their private addresses. What is the most likely reason?

Exhibit

access-list 1 permit 10.10.20.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload

interface GigabitEthernet0/0
 ip address 198.51.100.2 255.255.255.252
 ip nat outside

interface GigabitEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside

Users are in 10.10.10.0/24.
Question 9mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure PAT (Port Address Translation) on a Cisco IOS-XE router and describe the translation process for an outbound packet.

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. Users on the inside network can browse the web, but return traffic is failing for some sessions. A partial configuration shows:

interface GigabitEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat outside

!

interface GigabitEthernet0/1
 ip address 203.0.113.10 255.255.255.0
 ip nat inside

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.10.0 0.0.0.255

Based on this configuration, which change is required to make PAT work correctly?

Exhibit

interface GigabitEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat outside
!
interface GigabitEthernet0/1
 ip address 203.0.113.10 255.255.255.252
 ip nat inside
!
access-list 1 permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/1 overload
Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A router is configured for NAT overload, but translations never appear when inside users browse the internet. Which issue is most likely?

Exhibit

ip nat inside source list 10 interface g0/0 overload
access-list 10 permit 192.168.10.0 0.0.0.255
!
interface g0/0
 ip address 203.0.113.2 255.255.255.252
!
interface g0/1
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
Question 12hardmultiple choice
Read the full NAT/PAT explanation →

A network administrator is troubleshooting an issue where hosts in the 192.168.20.0/24 subnet cannot reach the Internet, while hosts in 192.168.10.0/24 can. The router is configured for PAT overload using a dynamic pool on the outside interface. The administrator collects the configuration shown in the exhibit. What is the most likely cause of the connectivity problem for the 192.168.20.0/24 subnet?

Exhibit

R1#show running-config | section access-list|ip nat|interface GigabitEthernet0/1|interface GigabitEthernet0/2|interface GigabitEthernet0/0
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 20 permit 192.168.20.0 0.0.0.0
ip nat pool NAT-POOL 200.1.1.1 200.1.1.2 netmask 255.255.255.252
ip nat inside source list 10 pool NAT-POOL overload
ip nat inside source list 20 pool NAT-POOL overload
interface GigabitEthernet0/0
 ip address 200.1.1.1 255.255.255.252
 ip nat outside
interface GigabitEthernet0/1
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
interface GigabitEthernet0/2
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
Question 13hardmultiple choice
Read the full NAT/PAT explanation →

A router is performing PAT for inside users. Which detail allows multiple inside sessions to share one public IPv4 address at the same time?

Question 14mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure dynamic NAT with overload (PAT) using a pool of public IP addresses.

You are connected to R1. The inside network 192.168.1.0/24 must be able to reach the internet via PAT (overload) using the public IP 203.0.113.1 on interface GigabitEthernet0/1. Additionally, a web server at 192.168.1.10 must be reachable from the internet via static NAT to 203.0.113.10. The current configuration is not working. Identify and fix all issues.

Exhibit

R1# show running-config | section ip nat
ip nat inside source list 100 interface GigabitEthernet0/1
ip nat inside source static 192.168.1.10 203.0.113.10
!
R1# show running-config | section interface
interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1
 ip address 203.0.113.1 255.255.255.0
 ip nat outside
!
R1# show access-lists 100
Standard IP access list 100
    10 permit 192.168.2.0 0.0.0.255

These 200-301 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 200-301 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.