Flashcards in Networking Test 4 Deck (42):
NAT changes ______ _____ on outbound packets and _____ _____ on inbound packets
NAT changes SOURCE IP on outbound packets and DESTINATION IP on inbound packets
NAT translates what layer addresses between interfaces? L2, L3, or L4?
What is NAT most commonly used for?
Allowing many internal hosts on private IPs to share a single public IP to access the internet
What feature was NAT never designed for but it provides anyways?
Provides one layer of security
What are the types of NAT?
Static (one-to-one)Dynamic (many-to-many but not common)Overloading (one-to-many)
This type of NAT is designed to allow one-to-one mapping between local and global addresses
This type of NAT gives you the ability to map a range of unregistered IP addresses to a registered IP address out from a pool of registered IP addresses
This is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports
What are the 4 names of NAT addresses?
Inside Local, Inside Global, Outside Local, Outside Global
What NAT address would have this application:Actual IP address assigned to an inside host Typically private (RFC 1918)
What application would an Inside Global NAT address have?
Outside view IP address of inside host After translation Typically address of router connected to ISP
Outside Local NAT addresses have an __________ view ip address of outside host
Outside Global NAT addresses have actual IP address assigned to __________ host
What's another name for Overloading NAT configuration?
PAT (Port Address Translation) or NAT Overload.
What are some disadvantages to using NAT?
Translation introduces switching path delaysNAT causes loss of end-to-end IP traceabilityCertain applications will not function with NAT enables
What are some advantages to using NAT?
NAT conserves legally registered addressesNAT increases flexibility when connecting to the internetNAT remedies address overlap occurrence
What does the asterisk (*) represent in the following output?NAT*: s=18.104.22.168, d=192.168.2.1->10.1.1.1 
The packet was translated and fast-switched to the destination
Which of the following is considered to be the inside host's address after translation?Inside LocalOutside LocalInside GlobalOutside Global
Which of the following is considered to be the inside host's address before translation?Inside LocalOutside LocalInside GlobalOutside Global
Which command would you place on the interface of a private network?
ip nat inside
Which command would you place on an interface connected to the internet?
ip nat outside
What is the prefix-length cisco command used for?
When creating a pool of global addresses the prefix-length command can be used instead of the netmask command
What would be a good starting point for troubleshooting if your router is not translating?
Run the debug all command
What does the clear ip nat translations * command do?
Clears all the translations active on your router
Which command will allow you to see real-time translations on your router?show ip nat translationsshow ip nat statisticsdebug ip nat
debug ip nat
What does the show ip nat statistics command do?
The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (an attempt to create a mapping), and expired translations
What will this command give you?ip nat pool Todd 22.214.171.124 126.96.36.199 net 255.255.255.224
This will create a dynamic pool named Todd that will provide you with 30 global addresses. The name has to be Uppercase, aka Todd. The range 188.8.131.52 - 94 has 30 available hosts, so the mask has to match 30 hosts as well, which is why the subnet is 255.255.255.224.
List 3 good reasons to run NAT
You need to connect to the internet and your hosts don't have globally unique IP addresses_________You change to a new ISP that requires you to renumber your network___________You require two intranets with duplicate addresses to merge
What are the two main protocols in IPSec (layer 3 protocol suite)?
Authentication Header (AH)and Encapsulating Security Payload (ESP)
Which IPSec protocol provides integrity, authentication, and anti-replay, but not confidentiality?
Authentication Header (AH)
Which IPSec protocol provides CIA+A (which makes it the most used), can work in Transport mode (host-to-host), and can work in tunnel mode (network-to-network)?
Encapsulating Security Payload (ESP)
Which protocol establishes Security Associations and defines the process for peer authentication?
Internet Security Association and Key Management Protocol (ISAKMP)
What is the security association?
A set of agreed upon parameters between peers to ensure communication security
What does IKE stand for?
Internet Key Exchange (this builds security between peers)
Which version of IKE is the most efficient and secure?IKEv1, IKEv2, IKE_SA, CHILD_SA?
IKEv2 is the bomb.com
How many phases of IKE are there?
IKE phase 1/IKE_SA established a secure channel between peers and managed the channel, key renewal, like a _____ ______
IKE phase 2/CHILD_SA established a second security channel, encrypts, decrypts, transports data, like a ___________ __________
IKE phase 1 negotiates connection parameters using :
Hash algorithm, encryption algorithm, diffie-hellman group, authentication method, connection lifetime
What does Diffie-Hellman group entail?
Diffie-Hellman exchange establishes a shared symmetric key
IKE phase 2 is a child connection established right after ____ _____