Which of the following is the most likely cause?

You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web
server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0.
Which of the following is the most likely cause?

You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web
server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0.
Which of the following is the most likely cause?

A.
Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask.

B.
Spoofing on the external interface is set to Not Defined.

C.
You do NOT have a rule that allows HTTP access to the internal Web Server.

D.
You do NOT have a rule that allows HTTP from the Web Server to Any destination.

E.
None of the above.

Explanation:
the traffic is being dropped because you don’t have a rule allowing HTTP traffic to the internal web
server, this traffic is dropped by an implicit rule.
Incorrect Answers:

A: This is not a spoofing problem, we have an implicit rule dropping the traffic.
B: You don’t need to define spoofing in the external interface.
D: You don’t need this rule since the web server will send reply’s to existing request, you only
need the inbound rule that allows the external clients the HTTP access to the internal web server.
E: This answer is wrong, because answer C is correct.



Leave a Reply 0

Your email address will not be published. Required fields are marked *