Network Address Translation allows you to use private or unregistered IP addresses on your
private network, and translate these addresses to public or registered addresses for connection to
the Internet.
NAT is an IP translation and mapping protocol that works at the network layer. It is sometimes
referred to as a routing protocol because it allows packets from a private network to be globally
routed to the Internet.
Flavours of NAT
A local address is mapped to a real global address on a one-to-one basis this is useful for hosts
such as severs which must have a consistent address that is accessible from the internet.
Static NAT
For example, a computer with an ip of 192.168.32.10 will translate to the first available address in
the range 213.18.123.100 - 213.18.123.150
Dynamic NAT
Port Address Translation a form of dynamic NAT, it maps multiple unregistered private IP
addresses to a single public registered IP address, by using different ports.
For example, each pc on the private network is translated to the same IP address
213.18.123.100:port_number (213.18.123.100:1080). Using PAT thousands of users connect to
the internet using only one real global IP address.
Port Address Translation (Overloading)
This example uses only one public ip address provided by the ISP and assigned to the outside
interface.
Overlapping
This when addresses in the inside network overlap with addresses in the outside network - the IP
addresses are registered on another network too. The router must maintain a lookup table of
these addresses so that it can intercept them and replace them with registered unique IP
addresses.
The internal IP range (237.16.32.xx) is also a registered range used by another network.
Therefore, the router is translating the addresses to avoid a potential conflict with another
network. It will also translate the registered global IP addresses back to the unregistered local IP
addresses when information is sent to the internal network
Changing the content of an IP address or TCP port can change the meaning of some of the other
fields, especially the checksum. And many protocols and applications carry the IP address or
information based on the IP address within their data fields. Changing an IP address in the
header could change the meaning of the encapsulated data, possibly breaking the application.
This section examines the most common issues surrounding the operation of NAT.
Header Checksums
The checksum of an IP packet is calculated over the entire header. If the source or destination IP
address or both change, the checksum must be recalculated. The same is true of the checksum
in the TCP header. This number is calculated over the TCP header and data, and also over a
pseudo-header that includes the source and destination IP addresses. Therefore, if an IP address
or a port number changes, the TCP checksum must also change. Cisco's NAT performs these
checksum recalculations.
Encryption
Cisco's NAT can change the IP address information carried within the data fields of many
applications, as you will see shortly. If the data fields are encrypted, however, NAT has no way of
reading the data. Therefore, for NAT to function, neither the IP addresses nor any information
derived from them (such as the TCP header checksum) can be encrypted.
Another concern is virtual private networks (VPNs) using, for example, IPSec. With certain modes
of IPSec, if an IP address is changed in an IPSec packet, the IPSec becomes meaningless and
the VPN is broken. When any sort of encryption is used, you must place the NAT on the secure
side rather than in the encrypted path.
A local address is any address on the inside portion of the network before translation.A global
address is any address that appears on the outside portion of the network after translation.
The ip address assigned to a host on the inside network likely to be a private address.
The ip address of an outside host as it is known to the hosts on the inside network.
The ip address of outside host as known to the hosts on the inside network
Depending on how NAT is configured the local and global addresses for inside and outside may
vary.
A table of information about each packet that passes through is maintained by NAT.
When a computer on the network attempts to connect to a website on the internet the header of
the source IP address is changed and replaced with the IP address of the NAT computer on the
way out
The "destination" IP address is changed (based on the records in the table) back to the specific
internal private class IP address in order to reach the computer on the local network on the way
back in
Network Address Translation can be used as a basic firewall – the administrator is able to filter
out packets to/from certain IP addresses and allow/deny access to specified ports.
Packets from the inside portion of the network the source address SA are inside local addresses
and the DA destination address is an outside local address. When the same packet is switched to
the outside network the SA is now the inside global address and the DA is the outside global
address.
Define Inside Local and Inside Global Addresses
interface s0
ip nat inside
interface s1
ip nat outside
Packets traversing on the inside and outside network.
This also means that when the NAT router receives a packet on its outside interface
With a destination address of 171.16.68.5, the destination address is translated to 10.10.10.1
show ip nat translations shows the active NAT translations in the router.
When the packet moves from the inside network to the outside network,
the output of show ip nat translations is
Because of the way NAT is configured the inside addresses are the only addresses that are
translated, therefore the inside local address is different from the inside global address while the
outside local and outside global address are the same.
interface s0
ip nat inside
interface s1
ip nat outside
This is what the packets look like when they are on the inside network and on the outside
network.
When the NAT router receives a packet on its outside interface S1
With a source address of 171.16.68.1 the SA is translated to 10.10.10.5.
This also means that if the NAT router receives a packet on its inside interface S0
With a DA of 10.10.10.5 the DA address is translated into 171.16.68.1
We can issue the show ip nat translations command in order to verify the NAT translations in
the ideal condition, the output of the show ip nat translations command is as shown here
When the packet moves from the outside network to the inside network, the output of the show ip
nat translations command is,
In this example only the outside addresses get translated therefore the outside local is different
from the outside global address while the inside local and global are the same.
interface s0
ip nat inside
interface s1
ip nat outside
This also means that when the NAT router receives a packet on its outside interface
With a DA of 171.16.68.5 the DA is translated to 10.10.10.1
If an inside host was communicating with an outside device the addresses would be
When the packet transfer is initiated from both the sides, the output of the show ip nat
translations command is as shown here
Here both the inside and outside addresses are translated therefore the inside local is different
from the inside global and the outside global is different from the outside local.
So depending on how NAT is configured the local and global addresses for inside and outside
may vary.
Verifying NAT
show ip nat translation to see basic IP address translation information.
Router#show ip nat translation
show ip nat translations shows the active NAT translations in the router.
Router#show ip nat translations
The debug ip nat shows the sending, destination addresses and the translation.
Router#debug ip nat
You can use the "debug ip nat" command while you are pinging hosts on either side of the tunnel
to verify NAT operation. Make sure you disable debugging once you are done.
Of course, only dynamic entries are cleared, the command does not remove static entries.
Static NAT
Configure a static NAT between the private IP 10.6.1.2 and the public 171.69.68.10
Establish static translation between an inside local address and an inside global address
Specify the inside interface
Specify the outside interface
R3(config)#interface ethernet0
R3(config-if)#ip address 10.5.5.8 255.0.0.0
R3(config-if)#ip nat inside
R3(config-if)#interface serial0
R3(config-if)#ip address 210.1.1.1 255.255.255.0
R3(config-if)#ip nat outside
R3#conf t
R3(config)#ip nat inside source static 10.5.5.5 210.1.1.2
R3(config)#ip nat inside source static 10.5.5.6 210.1.1.3
R3(config)#ip nat inside source static 10.5.5.7 210.1.1.4
The diagram shows a router translating an inside source IP address to a source IP address for
the outside network.
1. User at host 10.0.0.3 sends traffic to the router, destined for host at 212.31.80.2
2. Upon receiving the first packet, the router checks its NAT table.
If dynamic NAT is configured, the router picks up a free global address from its dynamic address
pool (in the above example 179.2.2.80) and creates a translation entry into its NAT table.
If static NAT is configured, the router automatically translates the inside local address 10.0.0.3
with its equivalent global IP address 179.2.2.80, and forwards the packet.
3. User at 212.31.80.2 replies to host 10.0.0.3 using the inside global destination address
179.2.2.80 (Destination address =179.2.2.80)
4. When the router receives the replied packet, it checks its NAT table again to find an entry for
the inside global address 179.2.2.80. If a match is found, then the router translates the address
back to its respective local address 10.0.0.3 and forwards it to the user.
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
The ip nat inside source command identifies what IP addresses will be translated.
This is a static translation between the inside local address 10.0.0.3 to the outside global address
170.2.2.80
Router(config)#interface ethernet0
Router(config-if)#ip nat inside
Router(config)#interface serial0
Router(config-if)#ip nat outside
Router(config)#ip nat inside source static 10.0.0.3 179.2.2.80
Inside local outside global
The ip nat outside source could also be used as a starting point of the translation.
A router needs to be configured with NAT and it has 15 public addresses, 179.9.8.80 through
179.9.8.95 call this pool_1. On the inside network hosts use the private addresses of 10.1.0.0/16.
What is the NAT configuration on the router?
The configuration translates all source addresses passing access list 1, which have source
address from 10.1.0.0/16, to an address from the pool named nat-pool1. The pool contains
addresses from 179.9.8.80/24 to 179.9.8.95/24.
Another Example
Global outside addresses 25, therefore block size 32, netmask 256 – 32 = 224
To configure dynamic inside source address translation an access list must permit only those
address that are to be translated. Remember there is an implicit “deny all” at the end of each
access list.
When an entry is placed into the NAT table the 1st time a timer begins this is the translation
timeout. Each time a packet for a given entry translates through the router the timer gets reset. If
the timer expires (cisco default 24 hrs = 86400s) the entry is removed from the NAT table and the
dynamically assigned address is returned to the pool. This can be changed using
ip nat translation timeout
NAT overloading conserves registered inside global IP addresses on the router. Inside local IP
addresses are translated to a common global IP address and are distinguished between them by
the use of different port numbers. Outside hosts do not see this translation; they believe they are
talking to the same host with IP address 179.2.2.80, though they are actually talking to two
different hosts.
NAT Overload or PAT Configuration
The access list in this case is not being used to permit or deny traffic but to select interesting
traffic into the NAT process
Router(config)#interface serial0
Router(config-if)#ip nat outside
Example
Router(config)#int e0/0
Router(config-if)#ip nat inside
Router(config)#int s0/0
Router(config-if)#ip nat outside
Router(config)#ip nat inside source list 10 interface s0/0 overload
Router(config)#access-list 10 permit 172.16.10.0 0.0.0.255
Question
Where would you implement NAT in this design and what type would you configure?
Answer
Place the NAT on the corporate router and use dynamic NAT with overload (PAT)
Question
ip nat pool todd-nat 170.168.10.10 170.168.10.20 netmask 255.255.255.0
The pool command shows this is dynamic NAT, there is more than one address so its not PAT
Example
A border router needs to be configured with NAT and will allow 6 public addresses,
198.18.131.65 through 70. On the inside network there are 63 hosts that use the private
addresses of 192.168.10.129 through 190. What is the NAT configuration on the border router?
Answer
For the inside global pool 5 addresses are required block size = 2, 4, 8.
Block size must be 8, 256 - 8 = 248, Giving us a netmask of 255.255.255.248
Inside local 63 hosts required block size 64 therefore wildcard mask is 0.0.0.63
For the subnet the start of local address pool is 192.168.10.129
This lies in the 192.168.10.128 subnet
Remember to add the ip nat inside and ip nat outside statements on the interfaces.
Lab_A(config)#int s0/0
Lab_A(config-if)#ip nat outside
Lab_A(config-if)#ip f0/0
Lab_A(config-if)#ip nat inside
We are going to connect the link between the Corp and R3 router using a 64.1.1.4/30 network
(with global PAT) and the LAN F0/0 link and on the R3 router using the 64.1.1.8/30 network.
Configure NAT on the Corp router, all the networks connected to the Corp router need to
communicate to all the networks connected to the R3 router using the new global address of
64.1.1.5/30 before NAT translation the interface ip is known as the inside local.
Corp#config t
Corp(config)#ip nat pool Todd 64.1.1.5 64.1.15 net 255.255.255.252
Corp(config)#access-list 1 permit 10.1.0.0 0.0.255.255
Corp(config)#ip nat inside source list 1 pool Todd overload
Note Corp’s outside interface 64.1.1.5 is used as both a start and finish address of the pool.
Corp(confi)#int s0/2/0
Corp(config-if)#ip nat outside
Corp(config-if)#int f0/1
Corp(config-if)#ip nat inside
Corp(config-if)#int s0/0/0
Corp(config-if)#ip nat inside
Corp(config-if)#int s0/0/1
Corp(config-if)#ip nat inside
Corp(config-if)#int s0/1/0
Corp(config-if)#ip nat inside
Enable an interface on the router with an IP Address and mark it as nat inside interface. This is
the interface that connects to your internal private network
WANRouter(config)#int fastethernet0/1
WANRouter(config-if)#ip address 192.168.1.1 255.255.255.0
WANRouter(config-if)#ip nat inside
WANRouter(config)#int serial0/0/0
WANRouter(config-if)#ip address 100.100.100.100 255.255.255.0
WANRouter(config-if)#ip nat outside
This will be a pool of legal Public IPs that is bought by the organisation. This could anything from
one to many IP Address
This creates pool which has just one IP address. The syntax is
ip nat pool <pool name> start ip end ip {netmask netmask | prefix prefix-length}
For more networks or hosts to overload the NAT pool simply add them to the access list
If this is an internet configuration then ensure that a default route on the IP to the outside IP
address or outside interface
or
Basic NAT Use this wizard for basic pc’s on your trusted network that need internet access.
Advanced NAT
A Demilitarized Zone (DMZ). A DMZ allows external Internet users to access public servers,
including Web and FTP servers, while maintaining security for the company's private LAN through
the use of Cisco IOS Firewall.
If you have a DMZ or servers on your inside network that users from the outside need to access
use the Advanced NAT configuration.
Here we going to create a basic NAT. After that we click Launch the Selected Task, we get the
next screen which says what the Basic NAT Wizard is going to do.
Here we are able to select all our inside and outside addresses
After choosing inside and outside interfaces, click Next. A NAT pool is created and all interfaces
are assigned inside or outside configurations. Click Finish.
Exam Questions
Question
A system administrator must provide Internet connectivity for ten hosts in a small remote office.
The ISP has assigned two public IP addresses to this remote office. How can the system
administrator configure the router to provide Internet access to all ten users at the same time?
Answer C
Question
What is the purpose of the command marked with an arrow shown in the partial configuration
output of a Cisco 806 broadband router?
Answer C
Explanation
Port address translation or NAT overloading uses transport layer port information to dynamically
create NAT entries.
Incorrect Answers
A Static NAT is known as one to one NAT and is used to map a single IP address to a single
registered IP address. It is often used for servers that need to be accessed via the internet.
Question
A network administrator would like to implement NAT in the network shown to allow inside hosts
to use a private addressing scheme. Where should NAT be configured?
A. Corporate router
B. Engineering router
C. Sales router
D. All routes
E. All routes and switches
Answer A
Explanation: Network Address Translation (NAT) can be used to hide the private IP addressing
scheme of the entire network from the Internet. To do this, NAT needs to only be configured on
the router that resides between the Internet and the rest of the private internal network. In this
case, it needs to only be implemented on the Corporate router.
Question
ABC has 25 computers and decides to connect the network to the Internet. ABC would like for all
of the computers to have access to the Internet at the same time, but ABC only has four usable
publicly routable IP addresses. What should be configured on the router so that all computers can
connect to the Internet simultaneously?
A. Static NAT
B. Global NAT
C. Dynamic NAT
D. Static NAT with ACLs
E. Dynamic NAT with overload
Answer E
Explanation: NAT overload, also called many to one NAT or Port Address Translation (PAT)
allows for many IP hosts to share a single IP address when connecting to the outside. In this
case, the use of dynamic NAT with overloading will allow for the 25 hosts to use an IP address
from the NAT pool, which will contain the 4 public IP addresses.
Question
A Cisco router has been configured with the following command: IP nat pool nat-test
192.168.6.10 192.168.6.20 netmask 255.255.255.0 This is an example of what type of NAT?
A. Static NAT
B. Dynamic NAT
C. Dynamic NAT with overload
D. Port Address Translation
E. None of the above
Answer B
Explanation: The configuration statement in this example is used to define a pool of IP addresses
to be used for dynamic NAT translations.
Incorrect Answers
A. Static NAT is used for 1 to 1 translation entries, using the "static" configuration keyword. In this
example a range of addresses are being defined for the use in a pool. C, D. With NAT overload,
also known as Port Address Translation (PAT), the keyword "overload" is added at the end of the
configuration statement.
Question
In any NAT (network address translation) configuration, what is the Inside Global IP address?
Answer C
Explanation
With NAT, Cisco defines 4 different types of addresses as follows
Inside local address - The IP address assigned to a host on the inside network. This is the
address configured as a parameter of the computer's OS or received via dynamic address
allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by
the Network Information Center (NIC) or service provider.
Inside global address - A legitimate IP address assigned by the NIC or service provider that
represents one or more inside local IP addresses to the outside world.
Outside local address - The IP address of an outside host as it appears to the inside network. Not
necessarily a legitimate address, it is allocated from an address space routable on the inside
Outside global address - The IP address assigned to a host on the outside network by the host's
owner.
The address is allocated from a globally routable address or network space. The above
definitions still leave a lot to be interpreted. For this example, this document redefines these
terms by first defining "local address" and "global address." Keep in mind that the terms "inside"
and "outside" are NAT definitions. Interfaces on a NAT router are defined as "inside" or "outside"
with the NAT configuration commands, ip nat inside and ip nat outside. Networks to which these
interfaces connect can then be thought of as "inside" networks or "outside" networks,
respectively.
Local address- A local address is any address that appears on the "inside" portion of the network.
Global address- A global address is any address that appears on the "outside" portion of the
network.
Question
The administrator of the network needs to ensure that a web server in their network is accessible
from the Internet. Since the network uses private addressing, this requires an IP-to-registered-
address mapping. The following command is entered on the router: TK1(config)# ip nat inside
source static 192.168.2.1 198.18.1.254 After unsuccessful results from a ping to the Internet, the
administrator issues the show ip nat translations command and the output is blank. What could
be the problem with the NAT configuration for this mapping?
Answer D
Explanation. After configuring the static NAT administrator should configure the NAT on interface
in order to define which interfaces are on the outside and which are on the inside.
Example: interface s0 ip nat outside because s0 interface is connected to ISP interface
e0 ip nat inside because e0 interface is connected to Local LAN.
Incorrect Answers
A, B, C. These are all tasks that need to be configured when performing many to one NAT, also
known as Port Address Translation (PAT). In this example, we are specifying a static 1-1 NAT
entry.
Question
Refer to the topology and router configuration shown in the graphic above. A host on the LAN is
accessing an FTP server across the Internet. Which of the following addresses could appear as a
source address for the packets forwarded by the router to the destination server?
A. 10.10.0.1
B. 10.10.0.2
C. 199.99.9.3
D. 199.99.9.57
E. 200.2.2.17
F. 200.2.2.18
Answer D
Explanation: Using NAT we can translate the Source or Destination Address. In our example all
source address from the 10.10.0.0 0.0.0.255 network will be translated to an IP address from the
199.99.9.40-62 pool.
Question
The network administrator has configured NAT as shown in the exhibit. Clients still cannot access
the Internet. What should the network administrator do to resolve this problem?
Answer D
Explanation
The "ip nat inside" and "ip nat outside" commands must be used from interface configuration
mode to tell the router which interface is performing which role in the NAT process. The following
commands show how to configure our example router:
Border(config)#interface ethernet0
Border(config-if)#ip nat inside
Border(config-if)#exit
Border(config)#interface serial0
Border(config-if)#ip nat outside
Border(config-if)#exit
Border(config)#
Question Simulation
Configure a router to provide Internet access. The ISP has provided you with six public IP
addresses of 198.18.158.97, 198.18.158.98, 198.18.158.99, 198.18.158.100, 198.18.158.101,
and 198.18.158.102. ABC.com has 62 hosts that need access to the Internet simultaneously. The
hosts in the ABC.com LAN have been assigned private space addresses in the range of
192.168.98.65 - 192.168.98.126. The following have already been configured on the router
Configuration information
Router name: ABC1 inside global addresses: 198.18.158.97 198.18.158.102/29
inside local addresses: 192.168.98.65 - 192.168.98.126/26 Number of inside hosts: 62
password Cisco
Answer
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192 which is
incorrect because we are configuring inside global and it's /29 which is 255.255.255.248.
Explanation
Public ip addresses 198.18.158.97 – 102
5 addresses, block size 8, 256 – 8 = 248, netmask 255.255.255.248
Local inside addresses 192.168.98.65 – 126, 62 hosts = block size 8, 16, 32, 64, block size = 64
Start of local pool 192.168.98.65 lies in the 64 subnet = 192.168.98.64
So subnet and inverse mask 192.168.98.64 0.0.0.63
Question
BBC.com wants to use NAT in network displayed in the exhibit. Which commands will apply the
NAT configuration to the proper interfaces? Select two.
Answer B, C
Explanation. After creating the static NAT entries, the router needs to know which interfaces are
"inside" and which are "outside." The ip nat inside and ip nat outside interface subcommands
identify each interface appropriately.
Question
Refer to the topology and partial configuration output shown in the graphic. The ip subnet-zero
configuration command is also in effect. After the router performs network address translation,
which address is a valid "inside global address"?
A. 10.10.0.1
B. 10.10.0.17
C. 200.2.2.17
D. 200.2.2.18
E. 199.99.9.33
F. 199.99.9.47
Answer F
Explanation
Regarding NAT operation
1. Inside local address - The IP address assigned to a host on the inside network. This is the
address configured as a parameter of the computer's OS or received via dynamic address
allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by
the Network Information Center (NIC) or service provider.
2. Inside global address - A legitimate IP address assigned by the NIC or service provider that
represents one or more inside local IP addresses to the outside world. In this case, the NAT pool
is used to distribute the Inside Global IP addresses.
3. Outside local address - The IP address of an outside host as it appears to the inside network.
Not necessarily a legitimate address, it is allocated from an address space routable on the inside.
4. Outside global address - The IP address assigned to a host on the outside network by the
host's owner. The address is allocated from a globally routable address or network space.
Question
Which of the following can be done to allow the users on the 10.0.0.0 network to communicate
with the Web Server shown in the graphic? (Choose two.)
Answer A & C
10.0.0.0 is a private ip address and not routable outside the private network as soon Miami is a
border router
The following configuration translates between inside hosts (Weaver LAN) addressed from
192.168.100.16 /28 network (192.168.100.17 – 192.168.100.30) to the globally unique pool of
address provided by ISP 198.18.184.105 – 198.18.184.110 /29.
Weaver>enable
Weaver#configure terminal
Before starting the NAT configuration verify that router hostname currently configured is weaver.
If not change hostname to Weaver using the command
Router(config)#hostname weaver
Create an access-list to match all inside local Weaver LAN addresses that need NAT translations
Create a NAT Pool with pool name isp_adr and specify the pool address range provided by ISP
with their netmask.
Packets that match access-list 10 will be translated to an address from the pool called "isp_adr".
Overload keyword specify to use Port based NATing to support all the Weaver LAN address
range.
overload keyword is compulsory because the internal LAN address space is more then the ISP
provided public address range
We need to support all internal LAN address to access internet thats the reason we are using
overload keyword.
SIM Question already provides that appropriate interfaces have been configured for NAT Inside
and NAT Outside statements.
Weaver>enable
Weaver#configure terminal
Router(config)#hostname weaver
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat pool isp_adr 198.18.184.105 198.18.184.110
netmask 255.255.255.248
Weaver(config)#ip nat inside source list 10 pool isp_adr overload
Functionality Test
Our requirements are to allow the hosts (Weaver LAN) the ability to communicate with the
Internet. For this test, we ping the Internet device (ISP router S0/1) from Host for testing.
PING should be success to 192.0.2.114 since SIM question provides that static route is already
configured on router.
Sample output
Considering host for testing IP address is 192.168.100.17
Question
Answer C
198.18.1.55
Question
Refer to the exhibit. Based on the output of the show ip nat translations command, which kind of
address translation is in effect on this router?
A. static
B. public
C. overload
D. private
Answer C
Overload
Question
How many addresses will be available for dynamic NAT translation when a router is configured
with the following commands?
A. 7
B. 8
C. 9
D. 10
E. 24
F. 31
Answer B
Question
When configuring NAT on a Cisco router, what is the inside local IP address?
A. the IP address of an inside host as it appears to the outside network
B. the IP address of an outside host as it appears to the inside network
C. the IP address of an inside host as it appears to the inside network
D. the configured IP address assigned to a host in the outside network
Answer A
Question
Given the accompanying debug output from a Cisco router, what kind of address is 10.10.10.3
with the IP identification number of 29855?
A. inside local
B. inside global
C. outside local
D. outside global
Answer A
inside local
Question
Given the accompanying graphic, which statement would be applied to the S0 interface when
configuring NAT on the Tampa router?
A. ip nat inside
B. ip nat outside
C. ip pat inside
D. ip pat outside
Answer B
ip nat outside
Question
Given the accompanying graphic, which addresses could be assigned to traffic leaving S0 as a
result of the statement
ip nat pool Tampa 179.9.8.96 179.9.8.111 netmask 255.255.255.240? (Choose two.)
A. 10.0.0.125
B. 179.9.8.95
C. 179.9.8.98
D. 179.9.8.101
E. 179.9.8.112
Answer C, D
Question
Which command would establish a group of 30 IP addresses that could be used to hide inside
addresses from the Internet?
Answer C
Question
Given the accompanying diagram, which commands are necessary to implement PAT on the
Raleigh router? (Choose four.)
Answer A, D, E, F
A. PAT uses the word "overload" at the end of the access-list statement to share a single
registered address.
B. Static NAT allows an unregistered address to map to multiple registered addresses.
C. Dynamic NAT allows hosts to receive the same global address each time external access is
required.
D. PAT uses unique source port numbers to distinguish between translations.
Answer D
Question
The Raleigh router shown in the diagram is configured with PAT. Which of the following must be
changed if the private network is migrated to a 10.0.0.0 network? (Choose two.)
A. E0 interface address
B. S0 interface address
C. the access-list statement
D. the NAT outside interface
E. the NAT inside interface
Answer A, C