ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 68 discussion

Actual exam question from Cisco's 300-710
Question #: 68
Topic #: 1
[All 300-710 Questions]

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?

  • A. A manual NAT exemption rule does not exist at the top of the NAT table
  • B. An external NAT IP address is not configured
  • C. An external NAT IP address is configured to match the wrong interface
  • D. An object NAT exemption rule does not exist at the top of the NAT table
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by kakakayayaya at June 3, 2021, 1:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
14a1949
1 week ago
Selected Answer: A
The issue described is likely due to the absence of a NAT exemption rule, which is necessary for allowing return traffic to pass through the firewall correctly. In this case, the most appropriate answer is: A. A manual NAT exemption rule does not exist at the top of the NAT table Without this rule, the firewall might be dropping the return traffic because it doesn't match any existing NAT rules, leading to the observed behavior where traffic enters the firewall but does not leave it.
upvoted 1 times
...
houhou12322
4 months ago
I think its a problem of expression precession "object NAT exemption rule" is more precise than "manual NAT exemption rule" (it means that we are using objects) i don't understand these kind of questions
upvoted 1 times
...
Stevens0103
11 months, 1 week ago
Selected Answer: A
"The NAT exemption is a preferred translation method used to prevent traffic to be routed to the internet when it is intended to flow over a VPN tunnel (Remote Access or Site-to-Site). This is needed when the traffic from your internal network is intended to flow over the tunnels without any translation." https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215875-configure-anyconnect-vpn-client-on-ftd.html#toc-hId-809586599
upvoted 2 times
...
Cokamaniako
1 year, 8 months ago
Selected Answer: A
According with jamp1801
upvoted 1 times
...
Joe_Blue
1 year, 10 months ago
Selected Answer: A
The reason for this issue is likely that an object NAT exemption rule does not exist at the top of the NAT table. This is necessary to allow return traffic to leave the firewall and reach the remote access VPN users. Without this rule, the firewall may perform NAT on the return traffic, causing it to be dropped or lost.
upvoted 1 times
...
japm1801
2 years, 4 months ago
Selected Answer: A
According to my knoledge about teminology, object nat does not exist in FTD, only in ASA In FTD you have manual(before and after) and auto nat rules in production enviroments it is common to create a manual nat rule before to do a NONAT for VPN Traffic, so i'll go with A
upvoted 3 times
...
xziomal9
2 years, 7 months ago
Selected Answer: D
Correct answer is: D
upvoted 1 times
xziomal9
2 years, 7 months ago
Correct answer is: A
upvoted 1 times
...
...
cewe
2 years, 10 months ago
Selected Answer: A
Answer A seems to be correct https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html
upvoted 2 times
...
liqucika
2 years, 11 months ago
Selected Answer: A
NAT exemptions can only be done with manual rules before Auto/Object NAT.
upvoted 1 times
...
dariol
3 years, 4 months ago
D can't be correct. What is needed is a NAT exemption rule and that can only be achieved with a manual NAT rule. A is correct.
upvoted 4 times
dariol
3 years, 4 months ago
The only way D can be correct is if the answer is meant as an exemption rule for the existing object NAT rule does not exist. That exemption rule would then be a manual NAT rule.
upvoted 1 times
...
...
Bobster02
3 years, 6 months ago
I will take it back. Original answer D is correct!
upvoted 2 times
...
Bobster02
3 years, 7 months ago
Confirmed A is correct: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html
upvoted 1 times
...
kakakayayaya
3 years, 7 months ago
I think A is right
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago