nerdexam
Exams101Questions#79
F5

101 · Question #79

101 Question #79: Real Exam Question with Answer & Explanation

The correct answer is D: Source IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10. The connection source falls within SNAT1's 10.10.0.0/16 range, which is more specific than SNAT2's catch-all, so SNAT1's pool addresses (172.16.20.50 or 192.168.10.50) are used as the translated source.

Question

An LTM has the 3 virtual servers, 2 SNATs, four self IP addresses defined, and the networks shown in the exhibit. Selected options for each object are shown below. Settings not shown are at their defaults. Assume port exhaustion has not been reached. VirtualServerl Destination: 10.10.2.102:80 netmask 255.255.255.255 Pool: Pool with 3 members in the 172.16/16 network SNAT Automap configured VirtualServer2 Destination: 10.10.2.102:* netmask 255.255.255.255 Pool: Pool with 3 members in the 192.168/16 network VirtualServer3 Destination: 10.10.2.0:80 netmask 255.255.255.0 Type: IP Forwarding SNAT1 Source IP: 10.10.0.0 netmask 255.255.0.0 SNAT Address: SNAT Pool with 2 members 172.16.20.50 and 192.168.10.50 SNAT2 Source IP: All Addresses SNATAddress: 10.10.2.102 Floating Self IPs 192.168.1.1; 172.16.1.1; 10.10.2.1; 10.10.1.1 A connection attempt is made with a source IP and port of 10.10.100.50:2222 and a destination IP and port of 10.10.2.10:80. When the request is processed, what will be the source and destination IP addresses?

Exhibit

101 question #79 exhibit

Options

  • AThe request will be droped.
  • BSource IP: 10.10.2.1; Destination IP: 10.10.2.10
  • CSource IP: 10.10.2.102; Destination IP 10.10.2.10
  • DSource IP: Either 172.16.20.50 or 192.168.10.50; Destination IP: 10.10.2.10
  • ESource IP: 10.10.2.1; Destination IP: pool in the 172.16/16 network C

Explanation

The connection source falls within SNAT1's 10.10.0.0/16 range, which is more specific than SNAT2's catch-all, so SNAT1's pool addresses (172.16.20.50 or 192.168.10.50) are used as the translated source.

Common mistakes.

  • A. The connection matches VirtualServer1's destination 10.10.2.102:80 and a valid SNAT and pool exist, so the BIG-IP does not drop the request.
  • B. 10.10.2.1 is not a configured SNAT address in either SNAT1 or SNAT2 for this scenario; the applicable SNAT pool addresses are 172.16.20.50 and 192.168.10.50.
  • C. 10.10.2.102 is the SNAT2 translation address, but SNAT1 takes precedence because its source range 10.10.0.0/16 is more specific than SNAT2's catch-all 'All Addresses'.
  • E. VirtualServer1's pool contains members in the 172.16/16 network, not 10.10.x.x addresses, making a destination of 10.10.2.1 with that pool incorrect.

Concept tested. F5 BIG-IP SNAT object precedence with overlapping source ranges

Reference. https://support.f5.com/csp/article/K7820

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice