Exam 350-401 topic 1 question 110 discussion

it cant be A because this is not a static one to one NAT. it cant be B because outside local is the private address of the destination, it has nothing to do with the network that we are configuring. it cant be E because 1) its a private IP address 2) we specify the inside global pool in the 2nd command it has to be C) because we "assign" (aka permit with the ACL) the 10.1.1.0/27 block to be NATed it has to be D) for the same obvious reason, we state this block to be the inside global pool in the command

it's not A because it is many to many it's not B because 209.165.201.0/27 is inside global not outside local it's not E because 10.1.1.0/27 is inside local then C and D are correct

The only reason I didn't pick A is because it didn't specify the type of the 1:1 mapping. When using a pooled NAT, 1:1 mapping is dynamic.

C & D are correct

C & D A is too confusing

It establishes a one-to-one NAT translation. 1-to-1 i think is static nat. This configuration allow dynamic nat

I also think the answer is AC, for people who think answer D is correct, think you have to NAT only part of a large network /23, what is the external IP of the address 10.1.1.0? In my testing with these settings I get these translations: R2#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 209.165.201.1:5 10.1.1.0:5 209.165.201.253:5 209.165.201.253:5 --- 209.165.201.1 10.1.1.0 --- --- so my conclusion is the inside source addresses are translated to the 209.165.201.0/27 subnet but only with specified address in the pool

A is not right, because this is many to many NAT

could not be A, this configuration is Case Study: Dynamic NAT. https://www.ciscopress.com/articles/article.asp?p=25273&seqNum=4

C&D: not 1:1; 209.165.201.0/27 == inside global; 10.1.1.0/27 == inside local Good explanation:https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/4606-8.html

It is Dynamic NAT Binding. Dynamic binding guarantees a one-to-one mapping between the local address and theglobal address. D. is incorrect. Because 209.165.201.0/27 subnet including the address from 209.165.201.0 through 209.165.201.31 (Remember you are not assigning IP address to an interface with /27 subnet. So, forget the Network Address and Broadcast address blah blah... Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/nat-xe-3s-book_chapter_011011.pdf

one to one is dynamic

I'll stick with A and C, focusing on NAT terminology. A- OK, this is a 1to1 mapping, although dynamic. B- NOK, those are inside global. C- OK. D- most controversial one. if it were "inside local" instead of "inside source", then it would be OK, but it isn't. Conceptually we know this is how it behaves, but NAT terms don't match. E- These are inside local, so NOK

C. The 10.1.1.0/27 subnet is assigned as the inside local addresses. D. Inside source addresses are translated to the 209.165.201.0/27 subnet. Explanation: The access list "access-list 1 permit 10.1.1.0 0.0.0.31" defines the inside local addresses (source addresses) that will be translated. It permits the 10.1.1.0/27 subnet. The NAT configuration "ip nat inside source list 1 pool CISCO" specifies that the inside local addresses (10.1.1.0/27 subnet) will be translated to the addresses in the NAT pool named "CISCO" (209.165.201.1 to 209.165.201.30). Therefore, the inside source addresses (10.1.1.0/27 subnet) will be translated to the 209.165.201.0/27 subnet, and the 10.1.1.0/27 subnet is assigned as the inside local address range.

The answer is A & C The reason I rule out D is that in the NAT world, there is nothing called an inside local address. If this question was not about NAT maybe the term "inside local" would be acceptable.

A similar example is described in the official certification guide on page 661.

It is C and D