Which of the following samples of the Configuration > Firewall > NAT Rules pane corresponds to the resulting configuration after you create the NAT rule? (Select the best answer.)

Last Updated on August 4, 2021 by Admin 3

Refer to the exhibits:

300-735 Part 11 Q06 098
300-735 Part 11 Q06 098
300-735 Part 11 Q06 099
300-735 Part 11 Q06 099

You want to use ASDM to create a static network object NAT rule which will enable users on the OUTSIDE network to reach an SMTP server on the INSIDE network by using the IP address defined by the INSIDESMTPEXT object.
Which of the following samples of the Configuration > Firewall > NAT Rules pane corresponds to the resulting configuration after you create the NAT rule? (Select the best answer.)

300-735 Part 11 Q06 100
300-735 Part 11 Q06 100
  • Option A
  • Option B
  • Option C
  • Option D
Explanation:
The following sample of the Configuration > Firewall > NAT Rules pane corresponds to the resulting configuration after you create the static Network Address Translation (NAT) rule in this scenario:

300-735 Part 11 Q06 101
300-735 Part 11 Q06 101

The network object NAT rule in this scenario creates a static NAT rule which will enable users on the OUTSIDE network to reach a Simple Mail Transfer Protocol (SMTP) server on the INSIDE network by using the IP address specified by the INSIDESMTPEXT network object, which is 198.51.100.3. The following diagram illustrates the static rule by using a sample packet from a host with an IP address of 198.51.100.111:

300-735 Part 11 Q06 102
300-735 Part 11 Q06 102

You can configure a network object NAT rule from the Configuration > Firewall > NAT Rules pane in Adaptive Security Device Manager (ASDM) by clicking the Add dropdown list, and selecting the Add “Network Object” NAT rule to open the Add Network Object dialog box. The following sample Add Network Object dialog box corresponds to the dialog box in this scenario:

300-735 Part 11 Q06 103
300-735 Part 11 Q06 103

The Name field in the Add Network Object dialog box specifies the name of the network object to which the NAT rule will apply. The NAT rule will affect the source IP address of the specified network object. The Type dropdown list specifies the type of network object that is being configured. A network object can be a single IP address, a range of IP addresses, a network subnet, or a Fully Qualified Domain Name (FQDN). In this scenario, the NAT rule is being configured for a single SMTP server, so the Host type is selected from the dropdown list box in the dialog box. Because the Host type is selected, the IP Address field is displayed in the dialog box. If something else had been selected, the appropriate fields would be displayed instead. For example, if the Range type had been selected, the Start Address and End Address fields would have been displayed instead of the IP Address field. The IP Address field specifies the IP Address that corresponds to the network object; in this scenario, it refers to the real IP address of the SMTP server.
The NAT section of the Add Network Object dialog box is where NAT parameters can be configured. The Add Automatic Address Translation Rules checkbox enables NAT for the object and creates the NAT rules displayed in the Configuration > Firewall > NAT Rules pane of ASDM. The Type dropdown list in the NAT section specifies the type of NAT that will be performed for the network object’s source IP address. You can configure static NAT, dynamic NAT, and dynamic Port Address Translation (PAT). In this scenario, a static NAT rule is required to translate the SMTP server’s real IP address to a mapped IP address on the OUTSIDE network. The Translated Addr field specifies the mapped address that will be used as the source of translated packets. In this scenario, the INSIDE SMTPEXT network object defines the IP address of the SMTP server on the OUTSIDE network and is specified in the Translated Addr field. Because static NAT has been selected as the translation type, none of the other fields in the dialog box are available. Fields such as the PAT Pool Translated Address field become available only when a relevant translation type is specified. The Advanced button is used to open the Advanced NAT Settings dialog box, as shown in the following sample dialog box:

300-735 Part 11 Q06 104
300-735 Part 11 Q06 104

The Advanced NAT Settings dialog box can be used to specify additional translation parameters, such as the source and destination interfaces. In addition, you can specify port translation for a network service. In this scenario, we specify the INSIDE interface as the Source Interface, the OUTSIDE interface as the Destination interface, and we specify Transmission Control Protocol (TCP) port 25, which is the port used by SMTP, as both the real port and mapped port. Specifying the network service limits the static NAT rule to only packets with the appropriate network port.
The following sample of the Configuration > Firewall > NAT Rules pane does not correspond to the resulting configuration after you create the static NAT rule in this scenario, because no network service has been specified for the original packets:

300-735 Part 11 Q06 105
300-735 Part 11 Q06 105

The following sample of the Configuration > Firewall > NAT Rules pane does not correspond to the resulting configuration after you create the static NAT rule in this scenario, because no source or destination interfaces have been specified for the original packets:

300-735 Part 11 Q06 106
300-735 Part 11 Q06 106

The following sample of the Configuration > Firewall > NAT Rules pane does not correspond to the resulting configuration after you create the static NAT rule in this scenario, because neither a network service nor source and destination interfaces have been specified for the original packets:

300-735 Part 11 Q06 107
300-735 Part 11 Q06 107
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments