Which of the following NAT types effectively exempts one or more addresses from translation? (Select the best
answer.)
A.
dynamic NAT
B.
dynamic PAT
C.
identity NAT
D.
static NAT
Explanation:
Identity Network Address Translation (NAT) is a NAT type that effectively exempts one or more addresses from
translation. With identity NAT, real addresses and mapped addresses are identical for a particular NAT rule.
For example, an identity rule might specify that a real address of 192.168.13.1 on the inside interface should be
translated to a mapped address of 192.168.13.1 on the outside interface. Because the real and mapped
addresses are identical in an identity NAT rule, any matching addresses effectively bypass NAT. A common
use for identity NAT is to exempt remote access virtual private network (VPN) client addresses from the NAT
rules applied to the VPN gateway interfaces.
Static NAT, dynamic NAT, and dynamic Port Address Translation (PAT) are not NAT types that effectively
exempt one or more addresses from translation. Static NAT provides a bidirectional translation between real
and mapped IP addresses. As the name implies, static NAT specifies a mapping between real and mapped
addresses that does not change over time. Static NAT rules typically define onetoone mappings of real and
mapped addresses. By contrast, dynamic NAT provides unidirectional mappings between one or more real
addresses and one or more mapped addresses. The addresses are mapped on a firstcome, firstserved basis,
and mappings can be initiated only by hosts with real addresses. Dynamic PAT provides mappings between
one or more real addresses and a single mapped address. With dynamic PAT, the source port of each real
address is used to identify the associated mapped port and address. Like dynamic NAT, dynamic PAT
mappings occur on a firstcome, firstserved basis and mappings can be initiated only by hosts with real
addresses.Cisco: Information About NAT: Identity NAT