Select the three (3) options below that would allow for proper function of NAT-dst.
A.
The default address book entry of "any" in the internal zone
B.
The default address book entry of "any" in the external zone
C.
A secondary address on an interface in the internal zone, configured with the public address
D.
A loopback interface in the internal zone, configured with the public address
E.
A static route to the public subnet using an interface in the internal zone as the outbound interface
Explanation:
With Nat_Dsttraffic could be coming from any external IP address, you’re natting from External to Internal, Any on Internal doesn’t make sense.
For proper functioning of NAT-dst we can use:
1. The default address book entry of "any" in the external zone
2. A loopback interface in the internal zone, configured with the public address
3. A static route to the public subnet using an interface in the internal zone as the outbound interface
You cannot have a secondary address with a public address on the internal zone because there can be no subnet address overlap between any two secondary IP addresses. In addition, there can be no subnet address overlap between a secondary IP and any existing subnet on the NetScreen device.