📘Cisco DevNet Associate (200-901 DEVASC)
1. NAT Problems (Network Address Translation)
What NAT does:
- NAT allows multiple devices on a private network to share a single public IP address when accessing the internet.
- It translates private IP addresses (like 192.168.1.10) to a public IP address so servers on the internet can send responses back.
How NAT can cause application issues:
- If the NAT device (router or firewall) is misconfigured, traffic may not reach the correct internal device.
- Some applications, especially those using peer-to-peer connections or VoIP, may fail if NAT does not allow proper address translation.
Example in IT terms:
- A web server inside a private network is not reachable from the internet because NAT rules were not set to forward port 80.
- The NAT device may drop packets if it doesn’t recognize the connection as valid.
How to troubleshoot NAT issues:
- Check the NAT rules or port forwarding configuration on routers/firewalls.
- Verify if the internal IP and port are correctly mapped to the external IP and port.
- Use tools like
pingortracerouteto see if traffic reaches the internal server.
2. Transport Port Blocked
What transport ports are:
- Applications use TCP or UDP ports to communicate. Examples:
- HTTP → port 80
- HTTPS → port 443
- SSH → port 22
- Firewalls or security devices control access by allowing or blocking these ports.
How blocked ports cause connectivity issues:
- If the firewall blocks a port required by an application, the application cannot connect.
- For example, a database client trying to reach a database on port 3306 (MySQL) will fail if the port is blocked.
How to troubleshoot port issues:
- Check firewall rules on client, server, and any intermediate devices.
- Use
telnet <IP> <port>ornc <IP> <port>to test if the port is reachable. - Confirm the application is configured to use the correct port.
3. Proxy Issues
What a proxy does:
- A proxy server acts as an intermediary between clients and servers.
- It can filter traffic, cache content, or enforce security policies.
How proxies can cause connectivity problems:
- Some applications may not support proxies and fail to connect if a proxy is required.
- Misconfigured proxy settings in the client can block access to external servers.
How to troubleshoot proxy issues:
- Verify the client has the correct proxy settings.
- Check if the proxy allows traffic to the target server and port.
- Temporarily bypass the proxy to see if the application connects successfully.
4. VPN Issues
What a VPN does:
- A VPN (Virtual Private Network) allows secure communication between a client and a network over the internet.
- It encrypts traffic and often provides access to internal resources from outside.
How VPN can cause connectivity problems:
- If the VPN connection fails, the client cannot reach internal applications.
- Misconfigured VPN policies may block certain applications or ports.
- Split-tunneling settings can cause some traffic to bypass the VPN, resulting in connectivity issues.
How to troubleshoot VPN issues:
- Verify the VPN client is connected and authenticated.
- Check the routing table to ensure traffic goes through the VPN tunnel.
- Test connectivity to internal resources using
pingortraceroute. - Check VPN logs for errors.
Summary Table: Causes & Checks
| Cause | Symptom | Troubleshooting Steps |
|---|---|---|
| NAT Problem | Application unreachable from internet | Check NAT rules, port forwarding, use ping/traceroute |
| Transport Port Blocked | Connection fails on specific port | Check firewall rules, use telnet/nc to test port |
| Proxy Issue | Application cannot reach server | Check proxy settings, bypass proxy temporarily |
| VPN Issue | Internal resources inaccessible | Check VPN connection, routing, logs |
✅ Key Exam Tips:
- Always verify the IP address, port, and route first when troubleshooting.
- Remember NAT issues often affect external access; firewall/port issues block internal or external connections; proxy affects traffic routing through intermediaries; VPN affects access to internal networks.
- Tools like
ping,traceroute,telnet, and logs are your best friends for troubleshooting.
