In which situation is NAT proxy NDP required?
A.
when translated addresses belong to the same subnet as the ingress interface
B.
when filter-based forwarding and static NAT are used on the same interface
C.
when working with static NAT scenarios
D.
when the security device operates in transparent mode
Explanation:
WhenIP addressesarein the same subnet of the ingressinterface,NAT proxy ARPconfigured
Reference :http://www.juniper.net/techpubs/en_US/junos12.1×44/information-products/pathwaypages/security/security-nat.pdf
Reference :http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos-spacesecurity-designer-whiteboard-nat-overview.html
Proxy-ARP and Proxy-NDP are required for IPv4 and IPv6, respectively, when you are
performing NAT and using a public range that is local to the subnet of the egress interface rather than a routed subnet.
There is no limit on the type of NAT being used with proxy ARP/NDP except the interface based source NAT and when the pool is different from the interface subnet.
Therefore the answer A makes more sense from the answers offered.
Agree with Silver coin again. A makes more sense based on the KB below. If you read under the source nat configuration, you see that it needs proxy arp and ndp. So it isnt a configuration that is only applied to static nat. As you can see, it can also be applied in source nat.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB26776
so meaning, A and C also correct?
Answer is A.
Proxy NAT NDP required in IPV6 address source nat configuration where in which we are using source nat with public pool ip other than interface IP of the untrust interface.
I think C is the correct answer as option “A” is mentioning INGRESS interface but correct is EGRESS interface
ingress – entering
egress – exiting
The ingress port is the incoming port. The egress port is the exiting port.
Proxy NDP ia used mostly in NAT64 & NAT46 scenarios . both scenarios is needed to configure proxy arp and proxy ndp , where the proxy arp is the address on the ingress interface and the proxy ndp is the adress on the egress interface , and both addresses needed to talk to each other .
both scenarios are using one to one translating .
So answer A is not that correct . and C are most correct answer .
please correct me if im wrong .
Look at AJsec volume 1 of 2 , chapter 5 page 38-39
A
-A- all life.
Proxy NDP does (in IPv6) the same function of proxy-ARP (in IPv4).
This link well explain WHEN to use Proxy ARP:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21785&actp=search
*When addresses defined in the static NAT and source NAT pool are in the same subnet as that of the ingress interface (Source NAT and Static NAT scenario)
*When addresses in the original destination address entry in the destination NAT rules are in the same subnet as that of the ingress interface (Destination NAT scenario)
Answer A is more correct and specific (case Source NAT with Pool) , other option are generic , the general role for proxy-arp and proxy-arp-ND when traffic is entering interface (ingress)destination for IP on the same subnet of the this interface .
we have two case
case 1 destination NAT , Static Nat
request coming for the pre-NAT Address (normal Direction)
Case 2 source NAT with Pool
in this Case the request come to the post-nat Address (reverse Static NAT )
hope this will remove confusion
Thanks
•For source NAT, the proxy NDP is available for NAT pool addresses.
*For destination NAT and static NAT, the proxy NDP is available for destination NAT addresses.
Passed JN0-633 exam recently!
65 multiple choice questions, a little difficult to pass.
Pay close attention to questions on AppQoS, Routing (OSPF, BGP) in VPN (group, auto and hub-and-spoke), AppSecure, troubleshoot of IPSec, etc.
I learned valid JN0-633 dumps here:
http://www.passleader.com/jn0-633.html (209Q VCE and PDF)
Recommend to you!
P.S.
You can download that 209Q dumps for free, here:
https://doc.co/Tek7cT
Good Luck!