Kamis, 01 Maret 2012

Soal-soal NAT


1.      Refer to the exhibit. What does the (*) represent in the output?
02:16:29: NAT: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51607]
02:16:29: NAT: s=1.2.4.1, d=1.2.4.2->10.10.0.2 [55227]
62:16:29: NAT*: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51608]
02:16:29: NAT*: s=10.10.0.2->1.2.4.2, d=1.2.4.1 [51609]
-          Packet is destined for a local interface to the router.
-          Packet was translated, but no response was received from the distant device.
-          Packet was not translated, because no additional ports are available.
-          Packet was translated and fast switched to the destination.

Penjelasan :
Tampilan output di atas adalah keluaran dari “debug ip nat”. pada output ini, line pertama memprlihatkan DNS request dan reply debugging output. Pada line pertama (DNS request) :
s=10.10.0.2->1.2.4.2: source of the IP address (10.10.0.2) dan di translate menjadi (to 1.2.4.2)
d=1.2.4.1: destination address paket
[51607]: the IP identification number of the packet
di baris kedua (DNS reply):
s=1.2.4.1: balasan dari destination address (reply)
d=1.2.4.2->10.10.0.2: address di translate.
Baris berikutnya memperlihatkan keluaran ouput dari koneksi telnet dari host didalam network ke host di luar network. Semua paket telnet, kecuali paket pertama akan di translate kedalam fast path, dan ditandai dengan asterisk (*)
Catatan: jika koneksi usah established, security appliance tidak perlu untuk re-check pakets dan paket di kirim ke fast path.

2.      Refer to the exhibit. What command sequence will enable PAT from the inside to outside network?
ip nat pool isp-net 1.2.4.10 1.2.4.240 netmask 255.255.255.0
!
interface ethernet 1
description ISP Connection
ip address 1.2.4.2 255.255.255.0
ip nat outside
!
interface ethernet 0
description Ethernet to Firewall eth0
ip address 10.10.0.1 255.255.255.0
ip nat inside
!
access-list 1 permit 10.0.0.0 0.255.255.255
-          (config)# ip nat pool isp-net 1.2.4.2 netmask 255.255.255.0 overload
-          (config-if)# ip nat outside overload
-          (config)# ip nat inside source list 1 interface ethernet1 overload
-          (config-if)# ip nat inside overload

3.      Refer to the exhibit. A junior network engineer has prepared the exhibited configuration file. What two statements are true of the planned configuration for interface fa0/1? (Choose two)
 -          The two FastEthernet interfaces will require NAT configured on two outside serial interfaces.
-          Address translation on fa0/1 is not required for DMZ Devices to access the Internet.
-          The fa0/1 IP address overlaps with the space used by s0/0.
-          The fa0/1 IP address is invalid for the IP subnet on which it resides.
-          Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown.

4.      Refer to the exhibit. What statement is true of the configuration for this network?
 -          The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.
-          Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.
-          The number 1 referred to in the ip nat inside source command references access-list number 1.
-          ExternalRouter must be configured with static routers to network 172.16.2.0/24

5.      What are two benefits of using NAT? (choose two)
-          NAT protects network security because private networks are not advertised.
-          NAT accelerates the routing process because no modifications are made on the packets.
-          Dynamic NAT facilitates connections from the outside of the network.
-          NAT facilitates end-to-end communication when IPsec is enable.
-          NAT eliminates the need to re-address all host that require external access.
-          NAT conserves addresses through host MAC-level multiplexing.

6.      Which two statements about static NAT translations are true? (choose two)
-          They are always present in the NAT table. à static nat selalu ada di NAT table sampai admin menghapusnya, sedangkan dynamic nat ada di NAT table ketika ada koneksi.
-          They allow connection to be initiated from the outside. à jelas
-          They can be configured with access lists, to allow two or more connections to be initiated from the outside.
-          They require no inside or outside interface markings because addresses are statically defined.
(refirensi : http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml)

7.      Refer to the exhibit. Which statement about packet addresses are true during data exchange when host A makes Web-request to WWW Server, considering that there is NAT overload scheme for data passing from Corp LAN hosts to outside networks in use?
 -          Source 234.15.27.226:3015 and destination 234.15.27.225:80
-          Source 200.15.239.128:3015 and destination 192.168.10.34:80
-          Destination 192.168.10.11:3015 and source 200.15.239.128:80
-          Source 192.168.10.34:80 and destination 192.168.10.254:3015
-          Destination 234.15.27.225:3015 and source 200.15.239.128:80
Diposting oleh di 11.08
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)