which type of NAT is configured?

— Exhibit —
user@srx> show security flow session
Session ID. 10702, Policy name: default-permit/4, Timeout: 1794, Valid
In: 2.3.4.5/5000 –> 10.1.2.3/22;tcp, IF. fe-0/0/6.0, Pkts: 88444, Bytes: 7009392
Out: 10.1.2.3/22 –> 10.1.1.1/5000;tcp, IF. .local..0, Pkts: 81672, Bytes: 6749337
— Exhibit —
Click the Exhibit button.
The output of show security flow sessions is shown in the exhibit.
From this output, which type of NAT is configured?

— Exhibit —
user@srx> show security flow session
Session ID. 10702, Policy name: default-permit/4, Timeout: 1794, Valid
In: 2.3.4.5/5000 –> 10.1.2.3/22;tcp, IF. fe-0/0/6.0, Pkts: 88444, Bytes: 7009392
Out: 10.1.2.3/22 –> 10.1.1.1/5000;tcp, IF. .local..0, Pkts: 81672, Bytes: 6749337
— Exhibit —
Click the Exhibit button.
The output of show security flow sessions is shown in the exhibit.
From this output, which type of NAT is configured?

A.
interface source NAT

B.
static destination NAT

C.
static source NAT

D.
pool-based source NAT with PAT

← Previous question

Next question →

Leave a Reply 8

3abdontha3if

Any one could explain me how to now that it is static source nat ??

Reply

Guy

it looks like a Destination NAT to me

Reply

Guy

My mistake, it is source NAT. the only thing I don’t understand is the “static” portion of it

Reply

traffikator

well 3abdontha3if, lets look at it. from output you see no port translation? port 5000 in both directions of the flow. then, answer A requires PAT. answer D explicitly pointers to PAT. answer B obviously wrong – no destination nat here, just source nat. all this (NO PAT + source nat) clearly indicates that either source NAT with shifting or static source NAT must be here. answer C confirms it due absence of NAT whifting option. are you with me still?

Reply

Hari Sapkota

Great explanation Mr. traffikator. Appreciated !

Reply

ocechap

The original (internal source) IP:2.3.4.5,Port: 5000 is “nated” to IP: 10.1.1.1,Port: 5000. There is not PAT, that eliminates A and D options. The address “nated” is source, so B is wrong. It’s a “one-to-one” translation from 2.3.4.5 to 10.1.1.1 keeping same port: Static Source NAT

Reply

Fabien Krüger

ATTENTION PLEASE!!!

The JN0-332 exam End of Life (EOL) on July 1, 2017, now the new exam is JN0-333.

The newest JN0-333 dumps are available here FYI:

https://drive.google.com/open?id=0B-ob6L_QjGLpNzNvWWE1ck01MHM

Good Luck!!!

Reply

dieselsilvester

Correct Answer:

Juniper is considered a very difficult certification but it has become easier with the introduction of JN0-333(JNCIS-SEC). I prepared from the material on Dumps4Download that has been designed by the experts who are highly qualified and there is no doubt about their experience as their work is a reflection of it. I am really thankful to the whole team working for the production of such a useful exam material. https://www.dumps4download.com/jn0-333-dumps.html

Reply