Which command on a Cisco IOS router is used to configure basic static Network Address Translation (NAT) that maps a single inside local IP address to a single inside global IP address?
Correct Answer: B
Detailed Explanation: Understanding Static NAT: Static NAT (Network Address Translation) provides a one-to-one, permanent mapping between an inside local IP address (typically a private IP address within your internal network) and an inside global IP address (typically a public IP address). Static NAT is used when you need to make an internal server or device permanently accessible from the outside internet using a consistent public IP address. Analyzing the NAT Configuration Commands: Let's break down each command option and understand their purpose in NAT configuration: A. ip nat inside source list 1 interface GigabitEthernet0/1 overload: This command configures PAT (Port Address Translation) or Dynamic NAT with Overload. ip nat inside source list 1: Indicates that this is an "inside source" NAT rule. list 1 refers to an access list (ACL 1) that defines the inside local IP addresses that will be translated. interface GigabitEthernet0/1 overload: Specifies that the inside global IP address will be the IP address of the router's GigabitEthernet0/1 interface. overload keyword is crucial – it enables PAT (Port Address Translation), also known as NAT overload or many-to-one NAT. With overload, multiple inside local IP addresses can be translated to the same single inside global IP address (interface IP) by using different source port numbers to distinguish between connections. Not Static NAT: This command configures PAT or dynamic NAT with overload, not static NAT. It translates multiple private IPs to one public IP, not a one-to-one static mapping. Incorrect for Static NAT requirement. B. ip nat inside source static 192.168.1.100 203.0.113.5: This command configures Static NAT. ip nat inside source static: Keywords inside source static explicitly indicate that this is a static NAT configuration for source addresses (traffic originating from the inside network). 192.168.1.100: This is the inside local IP address (private IP) that you want to translate. 203.0.113.5: This is the inside global IP address (public IP) that you want to map to 192.168.1.100. This is a one-to-one, static mapping. Any traffic originating from 192.168.1.100 and going to the outside will have its source IP translated to 203.0.113.5. Traffic coming from the outside to 203.0.113.5 will be translated to 192.168.1.100 and forwarded to the internal server. Correct for Static NAT: This command perfectly matches the requirement of configuring basic static NAT mapping a single inside local IP to a single inside global IP. Correct Answer. C. ip nat outside source list 1 interface Serial0/0/0 overload: This command is incorrectly using "outside source" and is likely not a typical or valid NAT configuration in most standard NAT scenarios. ip nat outside source: "Outside source" is generally not used. NAT is primarily about translating inside source addresses (private to public) when traffic originates from the inside network. "Outside source" might be relevant in very specific, less common NAT scenarios, but it is not typical for basic NAT. list 1 interface Serial0/0/0 overload: Similar to option A, this command uses overload, which implies PAT/dynamic NAT with overload, not static NAT. Incorrect NAT Direction and Type: Option C is syntactically unusual and does not configure static NAT as required. Incorrect. D. ip nat outside source static 203.0.113.5 192.168.1.100: This command is also incorrectly using "outside source" and has the inside and global IP addresses reversed for a static NAT configuration mapping an internal IP to a public IP. ip nat outside source static: Again, using "outside source static" is not standard for typical NAT and is likely not the intended command. 203.0.113.5 192.168.1.100: The order is reversed. For static NAT mapping inside to outside, the correct syntax is ip nat inside source static <inside-local-ip> <inside-global-ip>. Here, it's trying to map a public IP (203.0.113.5) to a private IP (192.168.1.100), which is not the standard direction for NAT when translating private internal addresses to public internet-routable addresses. While you could potentially configure static NAT in the reverse direction for specific, unusual cases, it's not the typical scenario and doesn't match the question's intent of mapping an inside local to an inside global address for making an internal resource accessible from the outside using a public IP. Incorrect NAT direction and type for the intended scenario. Why Option B is Correct: Correct Static NAT Syntax: Option B uses the correct ip nat inside source static command and the correct order of inside local and inside global IP addresses for configuring static NAT to map an internal private IP address (192.168.1.100) to a public IP address (203.0.113.5). Why Other Options are Incorrect: Options A, C, and D all use incorrect syntax or configure NAT types other than static NAT. Options C and D also use the less common and likely inappropriate "outside source" keywords for typical NAT configurations. In Conclusion: ip nat inside source static <inside-local-ip> <inside-global-ip> is the fundamental command for configuring static NAT on Cisco routers. Understanding the syntax, the "inside" vs. "outside" keywords, and the different types of NAT (static, dynamic, PAT) is crucial for CCNA-level networking and for configuring NAT for network address management and internet connectivity. This question directly tests your knowledge of static NAT configuration syntax and distinguishes it from other NAT types like PAT/dynamic NAT.
This CCNA practice question helps students prepare for Cisco networking certification exams by testing knowledge of network fundamentals, routing, switching, and network security concepts.