Which of the following samples of the Add NAT Rule dialog box corresponds to the configuration needed to achieve your goal? (Select the best answer.)

Last Updated on August 3, 2021 by Admin 3

You want to issue the following block of commands on a Cisco ASA:
ASA(config)#nat (DMZ, INSIDE) source dynamic any interface destination static INSIDESQLEXT INSIDESQLINT
You do not have CLI access to the ASA and must use ASDM instead.
Which of the following samples of the Add NAT Rule dialog box corresponds to the configuration needed to achieve your goal? (Select the best answer.)

300-735 Part 07 Q18 060
300-735 Part 07 Q18 060
300-735 Part 07 Q18 061
300-735 Part 07 Q18 061
300-735 Part 07 Q18 062
300-735 Part 07 Q18 062
300-735 Part 07 Q18 063
300-735 Part 07 Q18 063
  • Option A
  • Option B
  • Option C
  • Option D
Explanation:
The following sample of the Add NAT Rule dialog box corresponds to the Cisco Adaptive Security Appliance (ASA) configuration needed to achieve your goal using Cisco Adaptive Security Device Manager (ASDM):

300-735 Part 07 Q18 064
300-735 Part 07 Q18 064

In the exhibit shown above, the Match Criteria: Original Packet section of the Add NAT Rule dialog box contains fields that correspond to the interface and IP address information in a matching packet prior to translation. The Source Interface field specifies the real source interface, the Source Address field specifies the real source IP address, the Destination Interface field specifies the real destination interface, the Destination Address field specifies the real destination IP address, and the Service: field specifies the real protocol port numbers for the original packet. By contrast, the Action: Translated Packet section of the Add NAT Rule dialog box contains fields that correspond to the mapped interface and IP address information in a matching packet after translation. The Source NAT Type field specifies the type of Network Address Translation (NAT), the Source Address field specifies the mapped source IP address, the Destination Address: field specifies the mapped destination IP address, and the Service: field specifies the mapped protocol numbers for the translated packet.
The sample Add NAT Rule dialog box configures the ASA to map the real source IP address traffic from any network attached to the DMZ network to the IP address assigned to the INSIDE interface. In addition, the mapped destination IP address defined in the INSIDESQLEXT object is mapped to the real destination IP address defined in the INSIDESQLINT object. The following diagram depicts the translation of the addresses within matching packets where INSIDESQLEXT has an IP address of 192.168.15.2 and INSIDESQLINT has an IP address of 192.168.13.2:

300-735 Part 07 Q18 065
300-735 Part 07 Q18 065

You could use the nat (DMZ, INSIDE) source dynamic any interface destination static INSIDESQLEXT INSIDESQLINT command from global configuration mode to configure the same dynamic NAT rule as shown in the sample. Add NAT Rule dialog box. When the nat command is issued from global configuration mode, it is referred to as the nat (global) command and it can be used to configure twice NAT on the ASA. Twice NAT enables you to specify a mapping for both the source address and destination address in a packet. The nat (global) command in this scenario can be used to create a dynamic NAT rule which translates traffic between the DMZ and INSIDE interfaces of the ASA. The abbreviated syntax to create a dynamic NAT rule with the nat (global) command is nat (real_interface,mapped_interface) source dynamic {real_object | any} {mapped_object | interface} destination static {mapped_object | interface} {real_object| any}.
The following sample of the Add NAT Rule dialog box corresponds to the nat (DMZ, INSIDE) source dynamic any interface destination static INSIDESQLINT INSIDESQLEXT command:

300-735 Part 07 Q18 066
300-735 Part 07 Q18 066

The following sample of the Add NAT Rule dialog box corresponds to the nat (INSIDE, DMZ) source dynamic any interface destination static INSIDESQLEXT INSIDESQLINT command:

300-735 Part 07 Q18 067
300-735 Part 07 Q18 067

The following sample of the Add NAT Rule dialog box corresponds to the nat (INSIDE, DMZ) source dynamic any interface destination static INSIDESQLINT INSIDESQLEXT command:

300-735 Part 07 Q18 068
300-735 Part 07 Q18 068
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments