Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE
and IPsec tunnel, over the DSL connection, and into the core of an Enterprise network. The
branch also allows local hosts to communicate directly with public sites in the Internet over this
same DSL connection. Which of the following answers defines how the branch NAT config avoids
performing NAT for the Enterprise directed traffic but does perform NAT for the Internet-directed
traffic?
A.
By not enabling NAT on the IPsec tunnel interface
B.
By not enabling NAT on the GRE tunnel interface
C.
By configuring the NAT-referenced ACL to not permit the Enterprise traffic
D.
By asking the ISP to perform NAT in the cloud
Explanation:
The NAT configuration acts only on packets permitted by a referenced ACL. As a result, the ACL
can permit packets destined for the Internet, performing NAT on those packets. The ACL also
denies packets going to the Enterprise, meaning that the router does not apply NAT to those
packets.
New Questions