CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
Does cisco give partial credit for incomplete answers on simulation questions. Thanks in advance for your help.
for the ISP router,sombody suggested u hav to configure a default route on it before u can ping the isp router but i cant even log on into the router,its not accepting the “cisco” password.
somone who has succedded in this should pls help.thanks
i got same problem as mike………””Hi. I dont understand the NAT pool configuration. From my studies, I learned when you use PAT you apply it to the interface or one IP address. The IP NAT pool starts with the address 198.18.32.65 – 70 but the serial interface is IP address 192.0.2.113. How can the pool “mypool” be natted to a different IP address (192.0.2.113)? why wouldnt you just use the command “ip nat inside source list 1 s0/0 overload” instead? How does the router know how to match the 198.18.32.65- 70 network to the s0/0 192.0.2.113 address? Thanks for any information.””’ plz answer
kindly let me know , how we can open the .Pkt extension file.
i also don’t understand about ip addresss range in “ip nat pool…” command, plz help me !
The public interface on the router doesn’t need to be configured with the public addresses provided by the ISP, hence when trafic leaves the interface in question, the ISP already knows from whence it came and also knows how to direct returning packets to the same interface to reach the private LAN. Your responsibility however is simply to configure NAT correctly with the provided addresses and also the inside and outside interfaces. The ISP does the rest.
@Mike: Mike post about configuring 0.0.0.0 has been removed as he required. In the exam you don’t need to configure a default route on Router1.
@9tut
Thanks! can you just go ahead and remove all my post? thanks allot !
hello To all there,
i have configured the same commend but i am not able to ping sueccesfully, i dont know why, is there any one to guide me about it,
AbdulAhmad.barakzi@yahoo.com
Hi there,
Some other solutions state that
access-list 1 permit 192.168.6.64 0.0.0.63
access-list 1 deny any
…
Is it necessary for a “deny any” in the real exam?
i have configured it too but is not pinging…can somebody please help with this or do we need to configure a routing protocol on the routers…
Some other testkings say:
access-list 1 permit 192.168.6.65 0.0.0.62, what is it correct?
Is necesary writte access-list 1 deny any at final?
@claudio from chile
when you use wildcard masks it’s like writing down a subnet.
our subnet is
192.168.6.64 /26
192.168.6.64 255.255.255.192
the wildcard that would represent this entire subnetwork is… 255-192 = 63.
192.168.6.64 0.0.0.63
I recreated this network in Packet Tracer and it did not work. I had to add a default route to Router1 (config)#ip route 0.0.0.0 0.0.0.0 192.0.2.114 and a static route on the ISP router to the ouside global address the network was using
(config)#ip route 198.18.32.64 255.255.255.248 192.0.2.113
After entering these, then the pings would work. Then I could use the show ip nat translations and show ip nat statistics commands. Part of the problem may be that the default routes are preconfigured in the exam so we do not see them and can’t copy them.
Taking the exam in a few hours. Nervous as hell.
taking exams in 2 weeks time plz help with new n dumps…exam on 16 sept
wondering why answer didn’t include statement (ip access-group 1 out) on the s0/0 interface. Any comments/explanation to this, ta.
pls help with latest dumps, didnt finish on first try….osa_ed@hotmail.com
Wondering Isn’t suppose to use ip nat inside source list 1 interface s0/0 overload instead bcoz
question is asking 62 host to simultaneous access to internet .
@laonglan no need that statement because we apply this list on ip nat inside source list 1 pool mypool overload. list 1 indicates access list 1
Any one can tell me..on what basis we give the subnet mark for our Dynamic Pool..?? and PAT pool?
Taking my exams tomorrow, excited hope i could pass it.
Cleared CCNA today, so funny 1000/1000 is my score, ACL, EIGRP, VTP (all here in 9tut), 53 questions, about 3 to 5 question not in collisio/acme but manageable anyway. Thanks 9TUT CCIP here i come.
guys wrong packet tracer was posted here this is the same one from the other NAT SIM
congratulation to my friend M.Ishaq he passed tha exam of ccna with 841.cong…. to you my loving friend…………………….
@Sajid
You get that pool and all that address information from your the ISP. And we put that in our configuration. The ISP handles that some how. So it is just to accept that address space and put it in the configuration. I hope that was a little help.
Weaver#copy running-config startup-config
Destination filename [startup-config]?
how to copy the file !!!please help
@tornado
press Enter or write the desired destination file name
Do we need not bind the access list to any interface while using it for NAT over load? In the above example, they haven’t done any binding of the access list to any interface. Kindly confirm
@ MARK: Thanks, it worked. Default route on “Weaver” RTR is needed and just had to configure another 2811 with static route.
@ MAS: You may want to configure another 2811 since the “cisco” password is not valid on ISP router.
-518
@xallax
I need your help, if you have the time.
The question comes with a diagram, but since I can’t bring up the diagram, I’m going to write it out in the best way I can.
Host A, a PC has IP address 10.1.1.2 is connceted via Fa0/0 interface to a router R1. R1 Fa0/0 IP address is 10.1.1.1. R1 Se0/0 is connected to router R2 Se0/0. R1 Se0/0 IP address is 172.30.20.1. R2 Se0/0 has IP address 172.30.20.2. A Web server is connected via Fa0/0 interface to router R2. Web server IP address is 192.168.1.2. R2 Fa0/0 has IP address 192.168.1.1
Question read: R1 is performing NAT for the 10.1.1.0/24 network, and R2 is performing NAT for the 192.168.1.2/24 network. What would be valid destination IP address for Host A to put in its IP header when communicating with the Web server?
1. 10.1.1.1
2. 172.30.20.2
3. 192.168.1.2
4. 255.255.255.255
It will be helpful if the answer comes with some explanations. Thanks.
@Kofty: Strange question.
1. Incorrect. It’s IP address of F0/0 R1 but we need to connect to WEB server.
2. Incorrect. It’s IP address of S0/0 R2.
3. Correct. It’s IP address of WEB server.
4. Incorrect. It’s broadcast address and it has no use in the unicast packet.
Where is NAT here? I don’t see it.
@DimS
Maybe the question is misleading without the diagram. I am going try to recreate it the best way I can.
The diagram has A PC Host A. This PC is connected to router R1. R1 has a serial connection to a router R2(serially). A Web server is connected to the router R2. Between the PC and R1 is Fa0/0 connection. The two routers has serial connection (R1Se0/0, R2 Se0/0). Between the Web server and R2 is a Fa0/0 connection. (R1Fa0/0 is the gateway to the PC, and R2Fa0/0 is the gateway to the Web server)
Now the IP addresses assignment: PC has IP add. 10.1.1.2, R1 Fa0/0 has IP add. 10.1.1.1, R1 Se0/0 has IP add. 172.30.20.1. R2 Se0/0 has IP add. 172.30.20.2, R2 Fa0/0 has IP add. 192.168.1.1, Web server has IP add. 192.168.1.2
The question reads: R1 is performing NAT for the 10.1.1.0/24 network. And R2 is performing NAT for the 192.168.1.0/24 network. What would be valid destination IP address for Host A (PC) to put in its IP header when communicating with the Web server.
A. 10.1.1.1 B. 172.30.20.2 C. 192.168.1.2 D. 255.255.255.255
Actually the asnwer is B. I just needed a second opinion with some explanation. I believe the question is more focus on PC and its IP header. Any one with some opinion is welcome. Thans.
@koffy
please upload the pic to imageshack or similar and post a link to it next time, it would be far easier to get an answer :)
@xallax
Thanks. I will do that next time.
Guy i take ccna soon but diarrea all over and quick tell me how to ccna in 3 hours. faster i exam and diarrea
@ all
How would you enter this on the access-list 1 if you have 254 host 192.168.6.1 192.168.6.254?
access-list 1 192.168.6.0 0.0.0.254
Is this right?
Thanks,
Sorry what I mean is this.
access-list 1 permit 192.168.6.0 0.0.0.254
I’m confuse on the wild card mask…
Thanks again,
@bunso
so…
wildcards are the opposite of subnets.
you can’t use wildcard at random.
for a subnet of 255.255.255.128 the wildcard would be….
255.255.255.255 -
255.255.255.128
______________
000.000.000.127
for a subnet of 255.224.0.0 it would be 0.31.255.255
for a subnet of 255.255.192.0 it would be 0.0.63.255 and so on
now… you gave us these pieces of information:
network: 192.168.6.0
number of hosts: 254
well… you would have a problem using exactly 254 hosts + 1 router interface as default gateway on a single class C network… the IPs wouldn’t suffice.
anyway, to answer your question i have to ask you this: what is the best subnet mask to use for 254 hosts on the 192.168.6.0 network?
answer: 255.255.255.0 (/24)
knowing the subnet mask makes it easy to figure out what wildcard mask is needed on the ACL.
255.255.255.255 -
255.255.255.0
______________
000.000.000.255
that is 0.0.0.255
your ACL line would be “permit 192.168.6.0 _ 0.0.0.255″
@xallax
On the problem above regarding NAT Sim it should be like this right
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.64
not .63
in my case as you said this would be right
Access-list 1 permit 192.68.6.0 0.0.0.255
not .254
This access list will be input in the Nat pool problem.
Thanks,
Oh yeah this is one of the question on my CCNA test last friday which i failed 815 score. That why im asking, it called for 254 clients that need to access the internet simultaneously.
The rest of the number on the sim problem above are the same except for the client.
So this what I put on the access list
access-list permit 192.168.6.0 0.0.0.254
which i’m not sure about.
Thanks,
@bunso, ei let me share my idea about this “wild card bits” cause i think you only making it harder for you. actually wild card bit is just the reverse of the subnet mask… so in short if you’re given a subnet mask of 255.255.255.0 its wild card mask is 0.0.0.255 . to make it more simpler rather than the use of binary bit just subtract the given subnet mask to 255.255.255.255. example 62 users were i think the subnet mask should be 255.255.255.192 or /26 then just do this 255.255.255.255 – 255.255.255.192 = 0.0.0.63 . . . hope it lighten up even a little…
and for your CCNA situation should’ve use wild card bits of 0.0.0.255 . always remember your VLSM to make it easier…
@Bunso
Am assuming the mask is /24 which is 2^8=256(254 clients to access internet simultaneously)
Therefore inside local address is 192.168.6.0/24…..255.255.255.128
access-list 1 permit 192.168.6.127 0.0.0.126
Mathematically:lets focus on the forth octet……127+126=253, this will allow 254 client to access internet simultaneously…..0 to 253 equals 254
ip nat inside source list 1 pool mypool overload
This will instruct NAT to map ACL 1 to the pool (inside global addresses)
Remember to use the word “OVERLOAD” at the end of. the instruction.
Frankly, this is a very tight scenario for a Class C network….(127 is broadcast address)
Any suggestion from anyone? Thanks.
@all
Ip range 10.0.0.16 – 10.0.0.20
Hey can u tell me the wildcard address of this ip range
I guess it should be 0.0.0.7
@Newbie
Am guessing this is a /28
10.0.0.16-10.0.0.20…….255.255.255.240……0.0.0.15
I hope am right. Any ideas?
So while most people have been getting VTP, ACL2, and EIGRP sims, NAT is still a possibility? Who had NAT come up?
@Newbie
Ip range 10.0.0.16 – 10.0.0.20
Hey can u tell me the wildcard address of this ip range
I guess it should be 0.0.0.7
It is correct, subnet no’s, 8, 16, 24 etc..increment of 8, so wildcard mask is 0.0.0.7.
hey
plz help with latest new n dumps my exam held on after eid 2011 plz plz plz
parvezcs@yahoo.com
Regards.
@xallax
This question came up on share your ccna experience. I tried explaining it, but am not sure if I was on the right track. Can you please help. Thanks.
please anyone can xplain…thanks
Refer to the exibit. Which command would allow the translations to be created on the router?
Router#show ip nat translations
ip nat pool mynats 1.1.128.1 1.1.135.254 prefix-length 19 — acme answer