Your perimeter Security Gateway’s external IP is 200.200.200.3. Your network diagram shows:Required: Allow only network 192.168.10.0 and 192.168.20.0 to go out to Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assume you enable all the settings in the NAT page of Global Properties.
How do you achieve this requirement?
A.
Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
B.
Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
C.
Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the Address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
D.
Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source – group object; Destination ?any; Service ?any; Translated source – 200.200.200.5; Destination ?original; Service ?original.
Answer = C
a arp entry required to be add for 200.200.200.5 with the fw external interface (200.200.200.3)
Correct answer is
B
Answers provided are poorly written.
Anyway answer should be B.
If you create a range from 192.168.10.1 to 192.168.20.254 you will include also networks 192.168.11-19.x in the policy..