Exam 400-101 | Question id=832 | Infrastructure Services |
Which of the following steps in the NAT order of operation typically occur after NAT outside-to-inside translation?
A. |
decryption | |
B. |
encryption | |
C. |
redirect to web cache | |
D. |
check inbound access list | |
E. |
check outbound access list | |
F. |
inspect CBAC | |
G. |
IP routing |
The following steps of the Network Address Translation (NAT) order of operation typically occur after NAT outside-to-inside translation:
-Encryption
-Check outbound access list
-IP routing
-Inspect Contextbased Access Control (CBAC)
NAT enables a network to communicate with a separate network, such as the Internet, by translating traffic from IP addresses on the local network to another set of IP addresses that can communicate with the remote network. NAT outside-to-inside translation, which is also known as global-to-local translation, occurs when the NAT router maps an outside destination IP address to an inside destination IP address. When a NAT router performs NAT outside-to-inside translation, the following operations occur in order:
1.If IP Security (IPSec) is implemented, check inbound access list
2.Decryption
3.Check inbound access list
4.Check inbound rate limits
5.Inbound accounting
6.Redirect to web cache
7.NAT outsidetoinside translation
8.Policy routing
9.IP routing
10.Check crypto map and mark for encryption
11.Check outbound access list
12.Inspect CBAC
13.Transmission Control Protocol (TCP) intercept
14.Encryption
15.Queueing
Conversely, when a NAT router performs NAT inside-to-outside, or local-to-global, translation, the NAT inside-to-outside translation operation immediately follows the IP routing operation. Otherwise, the order of operation is the same:
1.If IPSec is implemented, check inbound access list
2.Decryption
3.Check inbound access list
4.Check inbound rate limits
5.Inbound accounting
6.Redirect to web cache
7.Policy routing
8.IP routing
9.NAT insidetooutside translation
10.Check crypto map and mark for encryption
11.Check outbound access list
12.Inspect CBAC
13.TCP intercept
14.Encryption
15.Queueing