Which two statements are correct about the NAT configuration?

Referring to the exhibit,

Which two statements are correct about the NAT configuration? (Choose two.)
A . Both the internal and the external host can initiate a session after the initial translation.
B . Only a specific host can initiate a session to the reflexive address after the initial session.
C . Any external host will be able to initiate a session to the reflexive address.
D . The original destination port is used for the source port for the session.

View Answer

Answer: BD

Explanation:

Persistent NAT with target-host restricts session initiation to specific addresses, enhancing security. Reflexive NAT supports multiple connections by preserving the original port. Refer to Juniper NAT Configuration Documentation.

Referring to the NAT configuration shown in the exhibit:

Specific Host Can Initiate a Session (Answer B): The configuration uses persistent NAT with the permit target-host-port statement. This allows a specific external host (based on the target host and port used in the initial session) to initiate a session back to the internal host after the initial session has been established.

Persistent NAT ensures that the translation state is maintained, allowing external hosts to connect back only under specific conditions (e.g., the same target host and port as used in the original connection).

Original Destination Port (Answer D): The original destination port used by the internal host is retained as the source port when the session is established from outside to inside. This behavior is a result of how persistent NAT binds the internal and external sessions, ensuring that communication occurs over the same port used for the initial session.

Reference: Juniper NAT and Persistent NAT configuration documentation.