CCNA NAT SIM Question 1
Question
A network associate is configuring a router for the CCNA Training company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the CCNA Training company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration information
router name – Weaver
inside global addresses – 198.18.184.105 198.18.184.110/29
inside local addresses – 192.168.100.17 – 192.168.100.30/28
number of inside hosts – 14
|
The following have already been configured on the router: - The basic router configuration - The appropriate interfaces have been configured for NAT inside and NAT outside - The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) - All passwords have been temporarily set to “cisco” |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download this sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The CCNA Training company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask (/29 = 255.255.255.248). There were reports that the simulator in the real exam did not accept “prefix-length” keryword so you should use “netmask” keyword.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
on the router
weaver#conf t
weaver(cofig)#int fa 0/0
weaver(config-if)#ip access-group 1 in
Your going to ruin the config if you do that @avinash. access-list 1 was created to allow configured ip inside the access-list to translate private ip to public ip using NAT.
@GBA if you can answer my ques
what is the use of creating acl?if we don’t apply it on the interface
in this scenario the acl represents the list of hosts you are permitting out to the internet via PAT. without the acl the nat statement will do nothing. you must use an acl to say who can use the nat statement.
you have to create an ACL to allow the nat pool traffic outbound on the outer interface. That question has been in the CCNA exam for years.
then this good or bad?
then this good or bad?
I quite understand the exercise, what I dont understand is why I’m able to ping the ISP IP 192.0.2.114 before having done anything, I mean, I can ping the IP without having configured the NAT translations. Is it because Packet Tracer doesnt make any difference between public and private addresses? Thanks.
@gurdjieff easy as that ur pinging from the router which is connected to that network
try from host before anything u wont suceseed until configuring every thing *_+
@ avinash : Buddy you are right , I also try multiple time , but not able to ping End PC, Every time reply come from Created NAT Pool , After applying ACL on int F0/0 , Every things are going smooth , Thnx for sharing this.
@ All : Without Applying ACl , if there any other solution , Please also share…
@ gurdjieff : Dear you are able to ping because its directly connected to Local router ,
Hi,
what is the isp router password?
@sony
read questions carefully!!!
it mentions as ‘cisco’
@sony
sorry I mis understood your question.
the ISP password is noway
it works
For some reason the PT isn’t configured with the anything that is mentioned in the question (nat inside/outside, static routes, etc.) Also the activity within PT isn’t opening at all.
Thaks
www dot freevce dot com/Cisco.200-120.Actualtests.2013-12-10.by.Watson.314q.1636044324.vce.html
free dumps
@avinash
access list 1 permit192.168.100.16 0.0.0.15 was used to permit network to ip nat inside source list 1 pool mypool overload.
ACL’s has many uses.
you can google it.
Configuration information
router name – Weaver
inside global addresses – 198.18.184.105 198.18.184.110/29
inside local addresses – 192.168.100.17 – 192.168.100.30/28
number of inside hosts – 14
PLEASE AM CONFUSED HERE SOMEHOW. THE INFORMARTION GIVEN, I THINK THE SERIAL INTERFACE OF THE WEAVER ROUTER SUPPOSED TO HAVE EXACT IP ADD AS THE INSIDE GLOBAL BUT THE SIM PRACTICE IT HAVE IP ADD 192.0.2.113 AND ISP .114. CAN SOMEONE EXPLAIN TO ME THE CONFIG THAT CAN MAKE IT POSSIBLE FOR 192.168.100.17 TO PING 192.0.2.113 OR .114? COS AS I DID THE IT WAS EXPLAINED HERE WITH THE IP I CAN’T PING BUT WHEN I CHANGED THE S0/0 IP OF THE WEAVER ROUTER TO 198.18.184.105 AND ISP .106 I CAN THEN PING 192.168.100.17 TO 198.18.184.106. PLS MORE EXPLANATION NEEDED URGENTLY TO KNOW IF IN THE EXAM I CAN CHANGE THE IP? AM ABOUT WRITING MY EXAM NEXT WEEK.
the inside global ip which interface does it belong to?
@avinash : no need to apply the acl to any interface. you may need to check also the pool name, its case sensitive. hope this comment may help, i also have an issue but it was resolved by checking it.
Pool mypool mask 255.255.255.248 too small; should be at least 0.0.0.0
Start and end addresses on different subnets
please help me fix
Is that a real exam question or just to practice ?
i just passed with 972 feeling happy…….
i got ACL 1 with 1st and 2nd modification mix and eigrp 212 lab.
why are we using “access-list 1 permit 192.168.100.16 0.0.0.15″ but not 192.168.100.17? thanks.
I passed today! Thanks to 9tut. Sim were ACL1, 2 mod 3 and EIGRP.
Am wondering about the implicit deny in access list. Aren’t we apply ip access list 1 permit ip any at the end of access list statement???
what latest question comes out for simulation?
I thought this labs would be more complex like pk skill integration challenges at the end of each chapter in the curriculum. There is literally nothing complex to do on this labs and they literally take 3min or less to solve. But I do appreciate the effort, will report back from my cert exam in a month time.
@anon no we dont apply and implicit permit, in fact it depends on your acl configuration and “employee” needs. The structure varies depending on what and how much they want to deny or allow. Also that has nothing to do with this example, here you are just defining the range of private address that will be allowed for translation via the pool you defined. This acl gets binned to the public nat pool not a interface.
@nick the 192.168.100.16 is used because its the network id the add 192.168.100.17 is the first usable address of the network assigned to PC1, its basic subnetting.
@twdang the mask is not too small in this case you are only defining the netmask for available amount of address given witch is 6 (198.18.184.105-110) and the netmask that covers that amount of add is 255.255.255.248. It has nothing to do with network id or broadcasts address range.
i scored 1000 this website is fu**ing greattttttttt
Passed 958/1000
Thanks 9tut! Exactly same EIGRP ACL ACL2 Sims…
also went through dumps really helped a lot!!!..
Whatson, Giilibeast, Jennie and Mathew Dumps (examcollection.com)
All 51 questions were from dumps…
even if u dont study book and only go though dumps a few times then you will pass easily…
just remember the answers given in dumps…
im wondering ppl that take it for the 2nd chance do they use the same pool of question or do they change it
When i pinged the 10.0.0.2 on ISP under the simulation the packets get dropped at the weaver router so I added the static default routes on weaver and ISP and pinged the ping worked with original configuration, with out NAT implemented.
Then added the configuration for the NAT on the Weaver and the ping from PC1 to 10.0.0.2 worked. This time with the sh ip nat translation commend I was able to see the NAT translation.
It looks packet tracer does not care about the public and private ip address, the only way you can verify if the translation worked is to see it under sh ip nat trans
can anyone please email me the latest vce and dumps,taking the exam next week,my email add is shingai_mutambo@yahoo.com
Just go through the labs in 9tut and dont worry about anything. I just wrote today and scored 972 out of 1000.
@Nick – I think its because we are using a subnet ( /28 ) so we are specifying the subnet network address (192.168.100.16 @ /28) – Someone correct me if Im wrong of course…
The r
@Nick – I think its because we are using a subnet ( /28 ) so we are specifying the subnet network address (192.168.100.16 @ /28) – Someone correct me if Im wrong of course…
The range of the IP’s given, all reside in the 2nd subnet – being from .16 – 31…
Hope that helps..
salam alikoum :
I wish good luck to all the candidates, I also prepare my CCNA 200-120 certification for this month inshalah .
good luck
HI All,
Please let me know in ACL-1 ,do they ask in Multiple choice form or we need to configure anything…Gotta doubt because it is placed in Simulations
Hi guys, Thanks 9TUT……Pass score 890 +….Very very very happy
Passed the exam with 960……..thanks so lot 9tut……………………………………….party time
Hello friends… Go to ccnalearn.cf to know all about ccna / dumps / exam problems / new questions.. etc all for free.
Hope it helps all to learn and clear ccna 200-120 exam. http://www.ccnalearn.cf
PLEASE NEED HELP –> send the latest dumps for CCNA 200-120 to pablo.sebastian.666@gmail.com Thanks . Going to exam next week
I’m going to take CCNA exam tomorrow. at 3pm…………..@Sr
If you need any further information you can mail me: mrsrpy@gmail.com
الحمد لله Thanks Allah
I pass my CCNA Exam today 25/9/2014 with score 1000/1000
Refrance:
1-Netacad Online Material (www.netacad.com)
2-CBT Nugget Videos
3-Sybex CCNA 200-120 study guide
4-9tut.com
Dumps:
1-Waston
2-Mattehw
3-Gillbest
4-Examtut
Gillbest Dump and Waston Dump is quite perfect, Sims: ACL1, ACL2 (Modification3), EIGRP
Hope success for all, Good luck.
any help ask me http://www.facebook.com/habwara
please the latest CCNA 200-120 Dumps and vce doing the test next Saturday glaucogb@gmail.com
por favor ayuda..
are those gillbest, waston, matthew, dumps free ?
gutnyc@yahoo.com
is Nat sim is necessary?
good
good