CertExams.com Simulator Lab Exercises Answers
Console Based :
Description: The lab exercise explains Source NAT rule set rs1 with a rule r1 to match any packet from the trust zone to the untrust zone. For matching packets, the source address is translated to the IP address of the egress interface.
Instructions:
1. Enter into configuration mode
2. Enter into source NAT hierarchy mode
3. Create Source NAT rule set rs1 with a rule r1 to match any packet from the trust zone to the untrust zone. For matching packets, the source address is translated to the IP address of the egress interface. That is ge-0/0/0 interface ip address
| Original Source IP | Translated Source IP |
| 192.168.2.0/24 | 20.1.1.60/24(Interface IP) |
On R1
user@R1>configure
[edit]
user@R1# edit security nat source rule-set rs1
[edit security nat source rule-set rs1]
user@R1#set from zone trust
[edit security nat source rule-set rs1]
user@R1#set to zone untrust
[edit security nat source rule-set rs1]
user@R1# set rule r1 match source-address 192.168.2.0/24
[edit security nat source rule-set rs1]
user@R1# set rule r1 match destination-address 0.0.0.0/0
[edit security nat source rule-set rs1]
user@R1# set rule r1 then source-nat interface
[edit security nat source rule-set rs1]
user@R1#exit
[edit]
user@R1#show
GUI Based :
Description: The lab exercise explains Source NAT rule set rs1 with a rule r1 to match any packet from
the trust zone to the untrust zone. For matching packets, the source address is translated to the IP
address of the egress interface.
Instructions:
1. Select device R1 from drop down box and click configure button
2. Select NAT -> Source NAT from left navigation pane
3. Source NAT configuration screen appears enter Ruleset name as rs1 from zone name trust , to zone name untrust , rule name r1, source address 192.168.2.0/24 , destination address 0.0.0.0/0 and then condition to interface and click Add button.
4. Click OK button
