Sign Up
Log In
Home
discussion
Exam 300-101 Question id=448 Infrastructure Services

A network engineer is asked to configure a “site-to-site” Ipsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?

A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface.

Configuring NAT to Allow Internal Users to Access the Internet Using Overloading
interface Ethernet 0 ip address 10.10.10.1 255.255.255.0 ip nat inside !--- Defines Ethernet 0 with an IP address as a NAT inside interface. Interface Ethernat 1 ip address 10.10.20.1 255.255.255.0 ip nat inside !--- Defines Ethernet 0 with an IP address as a NAT inside interface. Interface Serial 0 ip address 172.16.10.64 255.255.255.0 ip nat outside !--- Defines serial 0 with an IP address as a NAT outside interface. ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24 !--- Defines a NAT pool named ovrld with a range of a single IP !--- address, 172.16.10.1. ip nat inside source list 7 pool ovrld overload !--- Indicates that any packets recieved on the inside interface that !--- are permitted by access-list 7 has the source address !--- translated to an address out of the NAT pool named ovrld. !--- Translations are overloaded, which allows multiple inside !--- devices to be translated to the same valid IP address. access-list 7 permit 10.10.10.0 0.0.0.31 access-list 7 permit 10.10.20.0 0.0.0.31
Note in the previous second configuration, the NAT pool “ovrld”only has a range of one address. The keyword overload used in the ip nat inside source list 7 pool ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.

Reference