You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.

CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the
Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP
address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
• Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT
using the following parameters:
• Network object name: Internal-Networks
• IP subnet: 10.10.0.0/16
• Translated IP address: 192.0.2.100
• Source interface: inside
• Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already
been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
• In the Cisco ASDM, display and view the auto-generated NAT rule.
• From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured
policy and statistics for translated packets.
• At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations
for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP
address, but using different ports.

You have completed this exercise when you have configured and successfully tested dynamic
network object NAT with PAT.

CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the
Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP
address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
• Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT
using the following parameters:
• Network object name: Internal-Networks
• IP subnet: 10.10.0.0/16
• Translated IP address: 192.0.2.100
• Source interface: inside
• Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already
been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
• In the Cisco ASDM, display and view the auto-generated NAT rule.
• From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured
policy and statistics for translated packets.
• At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations
for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP
address, but using different ports.

You have completed this exercise when you have configured and successfully tested dynamic
network object NAT with PAT.

Answer: See the explanation

Explanation:
First, click on Add – Network Objects on the Network Objects/Groups tab and fill in the information
as shown below:

Then, use the advanced tab and configure it as shown below:

Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the
instructions provided in the question

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

rabiul

rabiul

Why has it used 10.0.0.0/16 instead of using 10.10.0.0/16 as network object..

Reply

crazybat

crazybat

Does anyone have a clue if u need to execute the verification commands as part of the exibite? a does it count towards your score?

If so i was able to open the pages but sh nat and sh xlate didn’t show anyhing so i was confused. our are there specific command u are expected to execute?

Reply

Ronald Fong

Ronald Fong

New 300-206 Exam Questions and Answers Updated Recently (6/Feb/2016):

NEW QUESTION 197
How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment?

A. 1GB
B. 5GB
C. 2GB
D. 10GB

Answer: C

NEW QUESTION 198
Which feature is a limitation of a Cisco ASA 5555-X running 8.4.5 version with multiple contexts?

A. Deep packet inspection
B. Packet tracer
C. IPsec
D. Manual/auto NAT
E. Multipolicy packet capture

Answer: C

NEW QUESTION 199
When access rule properties are configured within ASDM, which traffic direction type is required by global and management access rule?

A. Any
B. Both in and out
C. In
D. Out

Answer: C

NEW QUESTION 200
Which option is a different type of secondary VLAN?

A. Transparent
B. Promiscuous
C. Virtual
D. Community

Answer: B

NEW QUESTION 201
Refer to the exhibit. Which statement about this access list is true?

access-list test: extended premit ip 2001:DB5:7::/64
192.168.1.0 255.255.255.0

A. This access list does not work without 6to4 NAT
B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default
C. This access list is valid and works without additional configuration
D. This access list is not valid and does not work at all
E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic

Answer: D

NEW QUESTION 202
Which option must be configured on a transparent Cisco ASA adaptive security appliance for it to be managed over Layer 3 networks?

A. Static routes
B. Routed interface
C. Security context
D. BVI

Answer: D

NEW QUESTION 203
Which statement about Dynamic ARP Inspection is true ?

A. In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted
B. DAI associates a trust state with each switch
C. DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database
D. DAI intercepts all ARP requests and responses on trusted ports only
E. DAI cannot drop invalid ARP packets

Answer: C

NEW QUESTION 204
Which command is the first that you enter to check whether or not ASDM is installed on the ASA?

A. Show ip
B. Show running-config asdm
C. Show running-config boot
D. Show version
E. Show route

Answer: B

NEW QUESTION 205
Which option is the Cisco ASA on-box graphical management solution?

A. SSH
B. ASDM
C. Console
D. CSM

Answer: B

NEW QUESTION 206
……

P.S. These New 300-206 Exam Questions Were Just Updated From The Real 300-206 Exam, You Can Get The Newest 300-206 Dumps In PDF And VCE From — http://bitly.com/1Pg5mjR (222q)

Good Luck !!!

Reply

JackP

JackP

Following the two commands required:

display your NAT configuration: show nat detailed
display the translation table : show xlate

Reply