SIMULATION
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco AS
A.
You must configure the Cisco ASA such that the source IP addresses of all internal hosts are
translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
• Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT
using the following parameters:
• Network object name: Internal-Networks
• IP subnet: 10.10.0.0/16
• Translated IP address: 192.0.2.100
• Source interface: inside
• Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been
created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
• In the Cisco ASDM, display and view the auto-generated NAT rule.
• From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://spsrv.sp.public.
• At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy
and statistics for translated packets.
• At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for
the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but
using different ports.
You have completed this exercise when you have configured and successfully tested dynamic
network object NAT with PAT.
Explanation:
First, click on Add – Network Objects on the Network Objects/Groups tab and fill in the information
as shown below:
Then, use the advanced tab and configure it as shown below:
Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the instructions
provided in the question
Does anyone know how to get into the cli for the ASA to run the show commands on this sim???? I missed a chunk off this question because I couldnt find a live putty application on any of the pcs.
Does anyone know how to get into the CLI for the ASA to run the show commands on this sim??
disregard my comment. I realize now that the asa on the topology is the console access…. paniced in the moment and moved on…
please help me with this .. how to get into the CLI for the ASA to run the show commands on this sim??
• At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy
and statistics for translated packets.
• At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for
the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but
using different ports.
[email protected]
You can access the ASA cli via putty on admin PC
why isnt the add network object 10.10.0.0 instead of 10.0.0.0?
because the question says so.
Hi, the question ask to configure network object, 10.10.0.0/16 but why the answer is 10.0.0.0/16? Mind to explain?
Hello,
I have the same question syafig. Also, have you given the exam already? In my case i have failed the exam and i have put 10.10.0.0/16. I believe there is some conflict with the already configured object-groups and that is the reason that we should put 10.0.0.0/16 instead, however i am not sure and would appreciate if someone could also confirm. Finally i believe that in case we don’t complete the verification part, we are not given any marks no matter of the configuration even if it is correct.
im also failed for this exam. There are many new questions 🙁 Does anyone have a valid dump?
10.10.0.0/16 will work, if you look at the 2 networks hanging off the INSIDE of the ASA. You have;
10.10.9.0/24 and 10.10.11.0/24 so if you use 10.0.0.0 /16 you will not include the correct network (10.10.0.0/16) and the NAT will not work.
NOTE If you did a 10.0.0.0/8 it work but that’s not what the instructions tell you to do.
Hello all,
I wanted to comment on this question. There is a key point in the description that I missed on my first go around which is this;
The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been
created for your use in this activity.
If you don’t use this object you may find that when you go to the command line and do your “sh xlate” there is nothing there. It needs to go in place of the 192.0.2.100!!
bingo…
(28/Sep/2017 Updated) New 300-206 Exam Questions:
NEW QUESTION 259
A network engineer must manage and push configurations to a Cisco networking environment, in which 10 Cisco ASA with IPS modules reside. Which solution accomplishes this task?
A. Cisco Adaptive Security Device Manager to push configurations to each of the IPS units.
B. FireSIGHT manager to bundle and push configurations to the IPS units installed on an SSD within the Cisco ASA 5500 Series ASA.
C. Cisco Security Manager 4.5 or later and pushing configuration bundles to each of the IPS units.
D. Cisco IPS Manager Express and pushing configurations to the IPS units.
Answer: B
NEW QUESTION 260
When configuring packet-tracer command from CLI, what is the first option that you set?
A. source IP address
B. destination IP address
C. interface
D. protocol (ip, tcp, udp)
Answer: C
NEW QUESTION 261
What is a benefit the iOS control plane protection?
A. It allows QOS policing of aggregate control-panel
B. It provides for early dropping of packets directed toward closed
C. It prevents the input guide from being overwhelmed by any single
D. It minimizes the number of unprocessed packets a protocol can have
Answer: B
NEW QUESTION 262
Which two voice and video protocols does the Cisco ASA 5500 Series support with Cisco Unified Communications Application Inspection? (Chose two.)
A. SCTP
B. SDP
C. H.323
D. H248
E. SCCP
F. SRTP
Answer: CE
NEW QUESTION 263
Which two option are protocol and tools are used by management plane when using cisco ASA general management plane hardening?
A. Unicast Reverse Path Forwarding
B. NetFlow
C. Routing Protocol Authentication
D. Threat detection
E. Syslog
F. ICMP unreachables
G. Cisco URL Filtering
Answer: BE
NEW QUESTION 264
Which device can be managed by the Cisco Prime Security Manager?
A. ASA CX
B. ISR G2
C. Nexus
D. UCM
Answer: A
NEW QUESTION 265
A network engineer must mange and configurations to a cisco networking environment solutions accomplishes this task?
A. Cisco IPS manage express and pushing configuration to the IPS units.
B. Cisco security 4.5 or later and pushing configuration bundles to each of the IPS units.
C. Cisco adaptive security device manager to push configuration to each of the IPS.
D. Fire SIGHT manager to bundle and push configuration to the IPS units installed.
Answer: D