You need to ensure that return traffic is able to reach User 1 from Server 1

Click the Exhibit button. User 1 will access Server 1 using IP address 10.2.1.1. You need to
ensure that return traffic is able to reach User 1 from Server 1. Referring to the exhibit,
which two configurations allow this communication (Choose two.)

Click the Exhibit button. User 1 will access Server 1 using IP address 10.2.1.1. You need to
ensure that return traffic is able to reach User 1 from Server 1. Referring to the exhibit,
which two configurations allow this communication (Choose two.)

A.
[edit security nat static] user@host# show rule-set server-nat { from zone [ untrust ]; rule
1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32; } } }
} }

B.
[edit security nat static] user@host# show rule-set server-nat { from zone [ junos-host
untrust ]; rule 1 { match { destination-address 10.2.1.1/32; } then { static-nat { prefix {
192.168.1.2/32; routing-instance vr-b; } } } } }

C.
[edit security nat static] user@host# show rule-set server-nat { from zone untrust; rule 1 {
match { destination-address 10.2.1.1/32; } then { static-nat { prefix { 192.168.1.2/32;

routing-instance vr-a; } } } } }

D.
[edit security nat static] user@host# show rule-set in { from zone untrust; to zone cust-a;
rule overload { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } }

Show Hint

Leave a Reply 15

Your email address will not be published. Required fields are marked *

juniper

juniper

any one could explaine why C is an answer ?!

Reply

me

me

what is true answer?

Reply

Lucas

Lucas

I believe it’s “C”. The one which makes more sense to me

Reply

ahmed

ahmed

why B? and why C ?

Reply

ahmed

ahmed

and why he uses “from zone [ junos-host ” in B ?

Reply

ahmed

ahmed

C,D

C: to make static NAT for destination IP on VR-1 to allow traffic from User-1 to Server-1

D: to make Static Nat for source ip of user-1 to allow its source ip to be the ip of Ge-0/0/2.0 (192.1681.x/24) of VR-A to allow return traffic from Server-1 to user-1

Reply

Mauricio

Mauricio

C is the correct answer

Reply

mcfaber

mcfaber

Hey guys had you seen that questions require two answer (choose two!!!) OH my God.
Anyway why should be D, which is the egress interface here??? Ge-0/0/2.0 or Ge-0/0/3.0?

Reply

MSK

MSK

Hi,
“D” for sure not the option. If I am not wrong there is no option in Static NAT configuration to mention “to zone”; secondly, static nat cannot be used with interface. So option D is syntax issue.
I think, B & C are better options.

Reply

Fe

Fe

why option B if the VR of server 1 is A?

Reply

SW

SW

answer should be A & C because

C > as you want to communicate with server in VR.a

A > even if you dont specify VR, you can add instance Import or RIB-GRP to import A routes to untrust.

Reply

traffikator

traffikator

A – maybe with additional config
B – bullshit
C – correct 100%
D – bullshit

what are we left with, guys? AC

Reply

FRANCISCO DE

FRANCISCO DE

Passed JN0-633 exam recently!

65 multiple choice questions, a little difficult to pass.

Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.

I learned valid JN0-633 dumps here:

http://www.passleader.com/jn0-633.html (209Q VCE and PDF)

Recommend to you!

Reply