| Exam 300-101 | Question id=448 | Infrastructure Services |
A network engineer is asked to configure a “site-to-site” Ipsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?
| A. |
The command access-list 1 defines interesting traffic that is allowed through the tunnel. | |
| B. |
The command ip nat inside source list 1 int s0/0 overload disables “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface. | |
| C. |
The command access-list 1 permit any defines only one machine that is allowed through the tunnel. | |
| D. |
The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface. |
Configuring NAT to Allow Internal Users to Access the Internet Using Overloading
interface Ethernet 0
ip address 10.10.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address as a NAT inside interface.
Interface Ethernat 1
ip address 10.10.20.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address as a NAT inside interface.
Interface Serial 0
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines serial 0 with an IP address as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!--- Indicates that any packets recieved on the inside interface that
!--- are permitted by access-list 7 has the source address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
Note in the previous second configuration, the NAT pool “ovrld”only has a range of one address. The keyword overload used in the ip nat inside source list 7 pool ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.