A network engineer is configuring a Cisco router to provide internet access to a small office using a single public IP address assigned by the ISP. The engineer wants to allow internal hosts to initiate connections to the internet, but also needs to make a web server on the internal network reachable from the internet. The engineer configures a standard access list for NAT and an ip nat inside source list command. However, external users cannot reach the internal web server. What is the most likely cause?
Trap 1: The access list used for NAT does not permit the web server's IP…
Incorrect because the access list is used to identify which inside local addresses are eligible for translation; it does not affect static mappings.
Trap 2: The ip nat inside and ip nat outside commands are applied on the…
Incorrect because the scenario does not indicate an interface misapplication; the issue is the lack of a static mapping.
Trap 3: The global configuration mode is missing the ip nat pool command.
Incorrect because a pool is not required for static NAT; it is used for dynamic NAT with multiple addresses.
- A
The access list used for NAT does not permit the web server's IP address.
Why wrong: Incorrect because the access list is used to identify which inside local addresses are eligible for translation; it does not affect static mappings.
- B
The engineer forgot to add the ip nat inside source static command for the web server.
Correct because a static NAT entry is required to map the public IP to the internal web server's private IP, allowing inbound connections.
- C
The ip nat inside and ip nat outside commands are applied on the wrong interfaces.
Why wrong: Incorrect because the scenario does not indicate an interface misapplication; the issue is the lack of a static mapping.
- D
The global configuration mode is missing the ip nat pool command.
Why wrong: Incorrect because a pool is not required for static NAT; it is used for dynamic NAT with multiple addresses.