SNCF — Securing Networks with Firepower — Question 31

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?

Answer options

• A. A manual NAT exemption rule does not exist at the top of the NAT table
• B. An external NAT IP address is not configured
• C. An external NAT IP address is configured to match the wrong interface
• D. An object NAT exemption rule does not exist at the top of the NAT table

Correct answer: A

Explanation

The correct answer is A because without a manual NAT exemption rule, the firewall cannot properly handle the return traffic from the VPN users, preventing it from exiting. Option B is incorrect because the absence of an external NAT IP address would typically block all traffic, not just the return traffic. Option C is also wrong since it pertains to interface matching rather than the lack of an exemption rule. Lastly, option D is incorrect because an object NAT exemption rule is not relevant to this scenario where manual NAT rules are required.