what will resolve this problem?

— Exhibit –user@host> show configuration

security {
nat {
destination {
pool server {
address 10.100.100.1/32 port 5555;
}
rule-set rule1 {
from zone UNTRUST;
rule 1 {
match {
destination-address 192.168.100.1/32;
destination-port 5000;

}
then {
destination-nat pool server;
}
}
}
}
proxy-arp {
interface ge-0/0/1.0 {
address {
192.168.100.1/32;
}
}
}
}
policies {
from-zone UNTRUST to-zone TRUST {
policy allow {
match {
source-address any;
destination-address any;
application [ junos-ping tcp-5000 ];
}
then {
permit;
}
}

}
}
zones {
security-zone TRUST {
interfaces {
ge-0/0/2.0 {
host-inbound-traffic {
protocols {
all;
}
}
}
}
}
security-zone UNTRUST {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}

applications {
application tcp-5000 {
protocol tcp;
destination-port 5000;
}
}
— Exhibit –Click the Exhibit button.
Your customer is attempting to reach a new server that should be accessible publicly using
192.168.100.100 on TCP port 5000, and internally using 10.100.100.1 on TCP port 5555. You
notice no sessions form when the customer attempts to access the server.
Referring to the exhibit, what will resolve this problem?

— Exhibit –user@host> show configuration

security {
nat {
destination {
pool server {
address 10.100.100.1/32 port 5555;
}
rule-set rule1 {
from zone UNTRUST;
rule 1 {
match {
destination-address 192.168.100.1/32;
destination-port 5000;

}
then {
destination-nat pool server;
}
}
}
}
proxy-arp {
interface ge-0/0/1.0 {
address {
192.168.100.1/32;
}
}
}
}
policies {
from-zone UNTRUST to-zone TRUST {
policy allow {
match {
source-address any;
destination-address any;
application [ junos-ping tcp-5000 ];
}
then {
permit;
}
}

}
}
zones {
security-zone TRUST {
interfaces {
ge-0/0/2.0 {
host-inbound-traffic {
protocols {
all;
}
}
}
}
}
security-zone UNTRUST {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}

applications {
application tcp-5000 {
protocol tcp;
destination-port 5000;
}
}
— Exhibit –Click the Exhibit button.
Your customer is attempting to reach a new server that should be accessible publicly using
192.168.100.100 on TCP port 5000, and internally using 10.100.100.1 on TCP port 5555. You
notice no sessions form when the customer attempts to access the server.
Referring to the exhibit, what will resolve this problem?

A.
There must be a TRUST-to-UNTRUST security policy to allow return traffic.

B.
The NAT pool server must use port 5000.

C.
The UNTRUST-to-TRUST security policy must allow port 5555.

D.
The NAT rule set rule1 must match on port 5555.

Explanation:



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Vitaliy

Vitaliy

B

Vitaliy

Vitaliy

No! B wrong .
Correct C.
After DNAT application becomes 5555

Nelson

Nelson

thanks for confirm , vitaliy

JNCSP-MIKE

JNCSP-MIKE

Isn’t this a repeat of an earlier question?