user@host> show security flow session … Session ID. 41, Policy name: allow/5, Timeout:
20, Valid In: 172.168.66.143/43886 –> 192.168.100.1/5000;tcp, If: ge-0/0/1.0, Pkts: 1,
Bytes: 60 Out: 10.100.1.100/5555 –> 172.168.66.143/43886;tcp, If: ge-0/0/2.0, Pkts: 0,
Bytes: 0 user@host> show configuration … security { nat { destination { pool server {
address 10.100.1.100/32 port 5555; } rule-set rule1 { from zone UNTRUST; rule 1 { match {
destination-address 192.168.100.1/32; destination-port 5000; } then { destination-nat pool
server; } } } } proxy-arp { interface ge-0/0/1.0 { address { 192.168.100.1/32; } } } } policies {
from-zone UNTRUST to-zone TRUST { policy allow { match { source-address any;
destination-address any; application [ junos-ping tcp-5000 ]; } then { permit; } } } } zones {
security-zone TRUST { interfaces { ge-0/0/2.0 { host-inbound-traffic { protocols { all; } } } } }
security-zone UNTRUST { interfaces { ge-0/0/1.0 { host-inbound-traffic { system-services {
ping; } } } } } } } applications { application tcp-5000 { protocol tcp; destination-port 5000; } }
Your customer is attempting to reach your new server that should be accessible publicly
using 192.168.100.100 on TCP port 5000, and internally using 10.100.100.1 on TCP port
5555. You notice a session forms when they attempt to access the server, but they are
unable to reach the server. Referring to the exhibit, what will resolve this problem?
A.
The NAT rule set rule1 must match on address 172.168.66.143.
B.
There must be a TRUST-to-UNTRUST security policy to allow return traffic.
C.
The NAT pool server address must be changed to 10.100.100.1/32.
D.
The NAT pool server port must be changed to 5000.
Explanation: