Which of the following actions is performed by dynamic NAT? (Select the best answer.)
A.
mapping an inside local IP address to a specific global IP address
B.
mapping an inside local IP address to a global IP address chosen from a pool
C.
mapping an inside local IP address and port to a global IP address with a specific port
D.
mapping an inside local IP address and port to a global IP address with a randomly selected port
Explanation:
Dynamic Network Address Translation (NAT) maps an inside local IP address to a global IP address chosen
from a pool. This is often done to enable inside hosts with private, nonroutable IP addresses to use a globally
routable IP address so that the inside hosts can communicate over the Internet. The following exhibit shows an
example of dynamic NAT:Static NAT maps an inside local IP address to a specific global IP address. This is often used to enable outside
hosts to connect to a device on the inside network, such as a web server, when port translation is not required.
The following exhibit shows an example of static NAT:Static Port Address Translation (PAT), which is also called port forwarding, maps an inside local IP address and
port to a global IP address with a specific port. This is often used to enable outside hosts to connect to a
specific service on a device located on the inside network, such as a web server. The following exhibit shows
an example of static PAT:Dynamic PAT, which is also called NAT overloading, maps an inside local IP address and port to a global IP
address with a randomly selected port. This is often done to enable multiple inside hosts with private,
nonroutable IP addresses to share a single globally routable IP address so that the inside hosts can
communicate over the Internet. The PAT router keeps track of each inside host by assigning a random port
number to the client for the duration of the communication.
However, dynamic PAT is capable of mapping internal source addresses to more than one routable IP address.
Some security appliances could mistake a large number of packets from a single IP address as a DoS attack
attempt. Therefore, dynamic PAT supports the use of roundrobin to enable internal IP source addresses to map
to more than just one routable IP source address. By using dynamic PAT’s roundrobin assignment of IP
addresses, the risk of misidentification of large amounts of traffic as a DoS attack can be mitigated.
The following exhibit shows an example of dynamic PAT:Cisco: Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration
Guide, 3.1: NAT Types