Drag Drop

– by 13

Drag Drop

Refer to the exhibit. You have a business partner who has a host IP address of 209.165.202.130. You have a host object that has an IP address of 172.16.0.100.
You need to create a NAT rule that allows 209.165.202.130 to connect over the Internet to 172.16.0.100 by using an object that has a public IP address of 209.165.200.228. The partner IP address must be translated to an internal IP address of 172.16.0.50 for security reasons. Drag and drop the NAT criteria options from the left onto the correct host objects on the right.
Select and Place:

cisco-exams

13 thoughts on “Drag Drop

  1. This is the syntax in CLI for the rule like this:
    nat () source static original source mapped source destination static original destination mapped destination

    Reply

  3. The answer is right. The poor choice of words here is proposital so you get confused. Let’s analyse this.

    The confusing part of the question is that it is not pretty clear that 172.16.0.100 needs to be translated to 209.165.200.228. It basicly says that you need
    to allow the incoming connection to 172.16.0.100 by using 209.165.200.228 object from your partners network. That means that you need to translate the destination part of the packet from
    real destination to translated destination. It also states that you need to translate your own address to 172.16.0.50.

    This is the syntax in CLI for the rule like this:
    nat () source static destination static

    So we have:
    nat (inside,outside) source static 209.165.202.130 172.16.0.50 destination static 172.16.0.100 209.165.200.228

    Now the syntax needs to be read like this: if you are coming from 209.165.202.130 and going to 172.16.0.100 translate packet source to 172.16.0.50 and packet destination to 209.165.200.228.
    So as the packet leaves partners ASA it has source address of 172.16.0.50 and destination address of 209.165.200.228. WIll the packet be routable over the internet?
    Yes – as the routing (not PBR) only takes into account the destination ip address and the destination part of the packet and it has public ip address in it.

    Now for the return traffic the packet will have mirrored order so the source of the packet will be 172.16.0.100 and the destination will be 209.165.202.130.

    Reply

  4. Stupid question. In real life, this has to be a double NAT, so you can screw round and round in your head and never get it.
    The way the question is meant to be word will NEVER happen in real life because they want to NAT both source and destination address. Can be done, but nobody in the right mind would do it. .

    Reply

  6. in my oppinion
    firstly we should look it under the ASA’s perspective that has .100 inside its network.
    209.165.202.130 is the Source address in original packet
    209.165.200.228 is the IP that host needs to use to access the .100 IP hence the Destination address in original packet
    172.16.0.50 Source address in translated packet because we need to translate the .288 to .50
    172.16.0.100 the Destination address in original packet
    In other word the communication on the internet should look like 209.165.202.130 209.165.202.228 and inside the ASA 172.16.0.50 172.16.0.100

    Reply

  7. the answer should be
    209.165.202.130 – Source address in original packet
    209.165.200.228 – Destination address in original packet
    172.16.0.50 – Source address in translated packet
    172.16.0.100 – Destination address in translated packet

    Reply

  8. 209.165.202.130 – source in original
    209.165.200.228 – a destination in translated
    172.16.0.50 – source in translated
    172.16.0.100 – a destination in original

    Reply

  9. guys anyone confirm what’s correct. I’ve got below

    209.165.202.130 – destination in original
    209.165.200.228 – destination in translated
    172.16.0.50 – source in translated
    172.16.0.100 – source in original

    Reply

  10. Answer is wrong. You can’t rotue 172.16.x.x over the Internet. The original packet can only have the 209.165.x.x addresses for both source and destination.

    Reply

  11. Is this answer correct?
    According to me…
    209.165.202.130 – Source address in original packet
    209.165.200.228 – Destination address in original packet
    172.16.0.50 – Source address in translated packet
    172.16.0.100 – Destination address in original packet

    Please confirm.

    Reply

    2. There is another source says:
      209.165.202.130 – Destination Address in original packet
      209.165.200.228 – Destination address in the translated packets
      172.16.0.50 – Source address in the translated packet area
      172.16.0.100 – Source address in the original packet area

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.