Exam 350-401 topic 1 question 884 discussion

C. interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat outside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static tcp 10.1.1.1 8080 209.165.200.225 80 This translates traffic on http standard port (80) to port 8080. 8080 is not a default http port... doesn't make sense that anything outside of this private network would be trying to send http traffic to 8080

interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat outside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static tcp 209.165.200.225 8080 10.1.1.100 8080 The external interface (G0/0) is configured as an "outside" interface using ip nat outside. The internal interface (G0/1) is configured as an "inside" interface using ip nat inside. The static NAT translation is set up using ip nat inside source static tcp, which maps the external IP address and port to the internal IP address and port. This configuration ensures that traffic entering the router from the internet on port 8080 is translated to the internal web server (10.1.1.100) on port 8080. Options B, C, and D have incorrect configurations for achieving the specified goal.

The correct answer is C although there is a typo of the inside local IP - should be 10.1.1.100 interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat outside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static tcp 10.1.1.100 8080 209.165.200.225 80 extendable The correct syntax of the ip nat command is: ip nat inside source static <protocol> <inside_local> <local_port> <inside_global> <global_port> local = private ip global = public ip

Correct answer is D. A and C are incorrect: NAT translation is done similar to the LB case with VIP as destination. This is similar however we have a single server so VIP is the outside interface ip , that is 209.165.200.225, hence the translation should be from 209.165.200.225 <80> to 10.1.1.1 <8080>. like it's in A except in A answer the port is incorrect.

I think D is correct, it should be a Destination NAT

From the picture Web Server IP is - 10.1.1.100 Last line should be like this: ip nat inside source static tcp 10.1.1.100 8080 209.165.200.225 80

Sorry for my English. Confused question. In options "B", "C" the source IP address is incorrect. In option “A” the public IP address is indicated first. And you will never have a NAT match in your life. While interface G0/0 "nat outside" In option "D" ip nat is incorrectly specified internally on interface G0/0. But if we do not have information that PAT is running on the router, or there is another Static NAT. Why don't we choose option "D"? After all, then the configuration will be correct and requests from the ISP on port 80 will be redirected to the WEB server on port 8080

ip nat inside source static tcp 209.165.200.225 8080 10.1.1.100 8080 # Configure NAT mapping to map the external IP address and port (209.165.200.225:8080) to the internal web server (10.1.1.100:8080)

Answer A, focus on the server!

Did you notice that B C Dall have ip nat inside source static 10.1.1.1? 10.1.1.1 is the router IP address, while the task says that we should redirect to a WEB server address which is 10.1.1.100

C is correct look at the source port and the source ip

ChatGPT says "A"

normally the incoming traffic (source) is holding a random port, destination is 8080. where we got this 80?

The traffic coming from the web would probably use the TCP port 80 and the server is listening for the TCP port 8080. When you configure a NAT translation, it applies for both incoming and outgoing traffic.

Based on the wording of the question, the answer is either A or C since G0/1 is the inside address. I believe the translated address should be 10.1.1.100 not "10.1.1.1" since we want to translate the servers address in choice C. Choice A looks correct if we are trying to do Destination NAT, but it specifies "source". Not sure what to go with :/