Te question clearly describes that the NAT shoud be on the router facing the internet, not the vEdge. In order to form the control connections it needs to be natted on the border router. Thus the answer is Symmetric NAT.
in this question said which NAT type that there are some type of the NAT:
* full cone NAT : In this way internal and external hosts can initiate connection to each other
* Symmetric NAT: In this way, only internal hosts can initiate connection to external hosts and suitable for where a number of users in internal need access to the internet
* Address Restricted Cone NAT : This type of NAT works similar full cone NAT, but there is a difference that only external hosts allows to communicate with internal hosts if that has communicated with the external host before on
* Port Restricted Cone NAT : This types of NAT likes address restricted cone NAT, except it uses the port number as a filter
because private ip need to access internet I think C is correct
WAN Edge routers always reach out to the vBond controller first to learn about the rest of the components in the fabric. During this process, they also learn whether they are behind a NAT device. When the WAN Edge initially connects to the vBond, it inserts its real IP address into the exchange. When this packet passes through the NAT device, the source IP and possibly the source port are translated. Because the message still contains the WAN Edge real IP and port, the vBond can send a message back to the WAN Edge. The message notifies the WAN Edge that it is behind a NAT (because the real IP differs from the NAT-translated IP that was received in the exchange).
The WAN Edge then inserts this information into its OMP TLOC route and sends it to the vSmart controller. If these values are different, the WAN Edge is behind a NAT device. This information is then reflected to all WAN Edges in the overlay, and the routers use this information to build its data plane. The way to achieve this NAT detection is by using STUN (RFC 5389). In the example, WAN Edge 2 has received an OMP TLOC route from the vSmart route to reach WAN Edge 1 through its public address
Symmetric NAT - Request from the same internal socket to a specific destination IP address and port is mapped to a unique external source socket. Only an external host that receives a packet from an internal host can send a packet back.
With the symmetric NAT method, each request from the same internal socket to a specific destination socket is mapped to a unique external source socket. If the same internal host sends a packet with the same source socket but to a different destination, the NAT device creates a different mapping.
Only an external host that receives a packet from an internal host can send a packet back.
WAN Edge routers support symmetric NAT only on one side of the WAN tunnel. That is, when a WAN Edge router operates behind a NAT device that is running symmetric NAT, only one NAT device at either end of the tunnel can use symmetric NAT.
The WAN Edge router that is behind a symmetric NAT cannot establish a BFD tunnel with a remote WAN Edge router that is behind symmetric NAT, address-restricted NAT, or port-restricted NAT.
To allow a WAN Edge router to function behind a symmetric NAT, you must configure the vManage and vSmart control connections to use TLS. DTLS control connections do not work through a symmetric NAT.
The question specifically requires you the NAT type, a public IP address is not a NAT type.
Their is only two real choices to be made here ( Full Cone NAT or Symmetric).
I have given my explanation below to why it would be Full Cone NAT
If for some reason the vEdge router does need a NAT config, it's automatically full cone. The symmetric and restricted cone methods are uncommon, and (unless I'm mistaken) are not options on the vEdge. Cisco docs mention these NAT methods to warn customers that third party NAT devices may be using them, which causes problems for SD-WAN. So when they say full cone NAT is preferable, they are usually talking about the third-party NAT devices. This is a really badly worded question overall.
Full cone NAT is needed, but on the NAT router, not the vEdge. The sensible action here would be using a public color. True, that doesn't match the wording of the question, asking for a NAT type. But it's also true that configuring NAT on the vEdge is ridiculous. So it's a 50/50 guess. Did they stupidly decide that the engineer should enable NAT on the vEdge, or did they stupidly mess up the wording, by saying "which NAT type" in the question instead of "which configuration."
Corect answer is D. Were do you see mention of public ip? Why you will configure a NAT on the vEdge when you've already have device which si already making that. I've deployed a similar setup and configured only biz-internet color on the cEdge interface, NAT being hadled by the next router.
The question describes the VEdge Router to the NAT router (In a Private Network)
This eliminates option D (Use a public color on the TLOC)
This is all from my working knowledge working within the SD-WAN and being an Network Architect for 5 years. Due to the relatively new technology, their isn't a blueprint or templates to reference for this
At least one side of the WAN Edge tunnel can always initiate a connection inbound to a second WAN Edge even if there is a firewall in the path. It is recommended to configure full-cone, or 1-to-1 NAT at the data center or hub site so that, regardless of what NAT type is running at the branch (restricted-cone, port-restricted cone, or symmetric NAT), the branch can send traffic into the hub site using IPsec at a minimum without issue.
The logical answer here would be [B] - Full Cone NAT
Link Reference
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Can you explain why D is the correct answer ? Thank you.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.300-415 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
2e6bc5f
2 weeks, 2 days agoArsenal16
2 months, 3 weeks agomikidvd51
5 months, 3 weeks agoRcont
8 months, 4 weeks agomikidvd51
5 months, 1 week agoStanleymahamadi
10 months, 1 week agoRafaJohnston76
1 year, 1 month agoabvga
1 year, 2 months agosoltani
1 year, 3 months agothinqtanklearningDOTcom
1 year, 4 months agothinqtanklearningDOTcom
1 year, 4 months agothinqtanklearningDOTcom
1 year, 4 months agothinqtanklearningDOTcom
1 year, 4 months agothinqtanklearningDOTcom
1 year, 4 months agothinqtanklearningDOTcom
1 year, 4 months agosalmarin
1 year, 6 months agobegafas
1 year, 8 months agosteed47
1 year, 9 months agobrutusmail
1 year, 9 months agoNetArch_Teck
1 year, 9 months agotimtgh
1 year, 7 months agotimtgh
1 year, 7 months agobegafas
1 year, 8 months agoNetArch_Teck
1 year, 9 months agobrutusmail
1 year, 9 months agocioby
1 year, 9 months ago