Users on the Internet must be able to access web pages hosted on Web Server 2, which has the internal address 192.168.10.20 behind router R1. What must be configured so that Internet users can reach this server?

Introduction / Context:
In many enterprise and small business networks, internal servers use private IP addresses that are not routable on the public Internet. To allow Internet users to reach such servers, routers at the edge of the network use Network Address Translation. Specifically, static NAT or port forwarding can map a public IP address to a private server address, enabling external access while preserving internal addressing schemes.

Given Data / Assumptions:

• Web Server 2 has an internal private IP, 192.168.10.20.
• Router R1 connects the internal network to an external network 209.165.100.0/24.
• External users must access the web server over the Internet.
• We assume proper routing to the public address already exists in the service provider network.

Concept / Approach:
Private addresses, such as those in the 192.168.0.0/16 range, cannot be routed across the public Internet. When external clients send traffic to a public IP owned by the organization, R1 must translate that public address to the private address of the internal web server and vice versa. This is achieved with static NAT configuration on R1. DNS may map a domain name to the public IP, but the key step is configuring NAT to perform the translation between public and private addresses.

Step-by-Step Solution:
1. Recognize that 192.168.10.20 is a private IP address that is not reachable directly from the Internet.2. Identify that the organization has public addresses in the 209.165.100.0/24 network.3. To allow external users to reach the internal server, map one public address from 209.165.100.0/24 to 192.168.10.20 on router R1 using NAT.4. Configure appropriate static NAT or port forwarding rules on R1.5. With NAT in place, external users connect to the public IP, and R1 translates traffic to and from the internal server.

Verification / Alternative check:
You can verify the configuration by attempting to access the web server from an external test client using the public IP. On R1, commands such as show ip nat translations can confirm that translations are occurring. A successful web page load demonstrates that NAT is working and that routing and firewall rules permit the connection.

Why Other Options Are Wrong:
Option A sets a route on R2, which does not solve the fundamental problem of translating between public and private addresses. Option B, configuring DNS on R2, might map a name to an IP, but without NAT the private address remains unreachable from the Internet. Option D incorrectly suggests assigning a public address directly to the internal server using DHCP; this is not typical in a private internal network behind a router and does not address translation requirements.

Common Pitfalls:
A common mistake is to rely only on DNS and forget that routing and addressing still require public reachability. Another pitfall is misconfiguring NAT so that the wrong internal address is mapped, leading to connection failures. Administrators must also remember to adjust firewall rules so that HTTP or HTTPS traffic is allowed to reach the translated server.

Final Answer:
On router R1, configure Network Address Translation (NAT) to translate a public address on the 209.165.100.0/24 network to 192.168.10.20.