You are a network security engineer for the Secure-X network.

You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the
Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
– Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:
– Network object name: Internal-Networks
– IP subnet: 10.10.0.0/16
– Translated IP address: 192.0.2.100
– Source interface: inside
– Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
-In the Cisco ASDM, display and view the auto-generated NAT rule.
-From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
-From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
-At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.
-At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports. Both inside IP addresses translate to the same IP address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.

300-206-implementing-cisco-edge-network-security-solutions_img_078

300-206-implementing-cisco-edge-network-security-solutions_img_079

300-206-implementing-cisco-edge-network-security-solutions_img_080

300-206-implementing-cisco-edge-network-security-solutions_img_081

SHOW ANSWERS

Answer:
See the explanation for detailed answer to this sim question.
First, click on Add Network Objects on the Network Objects/Groups tab and fill in the information as shown below:

Then, use the advanced tab and configure it as shown below:

Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the instructions provided in the question

4 thoughts on “You are a network security engineer for the Secure-X network.”

ping says:

01/28/2020 at 6:11 AM

What about CLI command?

1. commands says:
  
  01/31/2020 at 10:56 PM
  
  sh ip nat translation
  show xlate
  show run nat
  show nat
  show nat detail
  
Someone says:

05/01/2017 at 11:31 AM

It is just a typo mate 😉

poligon says:

03/27/2017 at 8:52 AM

May I know why the answer is 10.0.0.0/16 instead of 10.10.0.0/16 for network object?

4 thoughts on “You are a network security engineer for the Secure-X network.”

Leave a Reply Cancel reply