Referring to the exhibit, which two actions are required to complete this task?

Exhibit:

You are asked to ensure that Internet users can access the company’s internal webserver using its FQDN. However, the internal DNS server’s A record only points to the webserver’s private address.

Referring to the exhibit, which two actions are required to complete this task? (Choose two.)
A . Disable the DNS ALG.
B . Configure static NAT for both the DNS server and the webserver.
C . Configure destination NAT for both the DNS server and the webserver.
D . Configure proxy ARP on ge-0/0/3.

Answer: BD

Explanation:

In the scenario where internal users are trying to access the company’s web server via its FQDN but the DNS server resolves to a private IP, two key actions are needed:

Static NAT (Answer B): Since the internal DNS server resolves the web server to its private IP address (10.10.10.4/24), you need to configure static NAT for both the DNS server and the webserver. This will ensure that requests coming from the internet will be translated to the web server’s public IP (203.0.113.4) and the DNS server’s public IP (203.0.113.2). Example Command:

bash

set security nat static rule-set public-to-private from zone untrust

set security nat static rule-set public-to-private rule dns-server match destination-address 203.0.113.2/32

set security nat static rule-set public-to-private rule dns-server then static-nat-prefix 10.10.10.2/32 set security nat static rule-set public-to-private rule web-server match destination-address 203.0.113.4/32

set security nat static rule-set public-to-private rule web-server then static-nat-prefix 10.10.10.4/32

Proxy ARP (Answer D): The SRX needs to respond to ARP requests for the public IP addresses of both

the DNS and webserver on the interface facing the internet (ge-0/0/3). This allows the SRX to handle

requests directed at the public IPs.

Example Command:

set interfaces ge-0/0/3 unit 0 family inet proxy-arp interface-address 203.0.113.2/32 set interfaces ge-0/0/3 unit 0 family inet proxy-arp interface-address 203.0.113.4/32

These two configurations allow external users to access the internal web server via its public IP, as resolved by the DNS server.

Reference: Juniper NAT and proxy ARP documentation .

Latest JN0-637 Dumps Valid Version with 115 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments