Implementing Cisco IP Routing (CCNP ROUTE, legacy) — Question 24

Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, and into the core of an Enterprise network. The branch also allows local hosts to communicate directly with public sites in the Internet over this same DSL connection. Which of the following answers defines how the branch NAT config avoids performing NAT for the Enterprise directed traffic but does perform NAT for the Internet-directed traffic?

Answer options

• A. By not enabling NAT on the IPsec tunnel interface
• B. By not enabling NAT on the GRE tunnel interface
• C. By configuring the NAT-referenced ACL to not permit the Enterprise traffic
• D. By asking the ISP to perform NAT in the cloud

Correct answer: C

Explanation

The correct answer is C because configuring the NAT-referenced ACL to not permit the Enterprise traffic ensures that this traffic is excluded from NAT processing. Options A and B are incorrect as they focus on disabling NAT on specific interfaces, which does not address the ACL's role. Option D is also incorrect because it suggests relying on the ISP for NAT, which does not resolve the local branch’s NAT configuration needs.