A network engineer is troubleshooting an issue where users on VLAN 10 cannot access the internet, but they can reach internal resources. The firewall is configured with a default route pointing to the ISP router. The engineer notices that NAT is configured but traffic is not being translated. Which configuration is most likely missing?
Trap 1: A NAT pool with available public IP addresses
A NAT pool is needed for dynamic NAT, but the immediate issue is the missing ACL to match traffic.
Trap 2: Port Address Translation (PAT) configuration
PAT is a type of NAT, but the missing element is the ACL to identify traffic for translation.
Trap 3: A route map to apply NAT based on destination
Route maps are optional for policy-based NAT; standard NAT requires an ACL first.
- A
An ACL to match the traffic to be translated
The ACL defines interesting traffic for NAT; without it, no packets are matched for translation.
- B
A NAT pool with available public IP addresses
Why wrong: A NAT pool is needed for dynamic NAT, but the immediate issue is the missing ACL to match traffic.
- C
Port Address Translation (PAT) configuration
Why wrong: PAT is a type of NAT, but the missing element is the ACL to identify traffic for translation.
- D
A route map to apply NAT based on destination
Why wrong: Route maps are optional for policy-based NAT; standard NAT requires an ACL first.