CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
@koffy
i recall the question
everybody picks the answer based on “prefix-length 19″ because it represents the biggest number of bits.
to be honest… i dont know exactly why, i just follow the pack…
@xallax
Thnx.
Weaver#copy running-config startup-config
Destination filename [startup-config]?
what is destination file name???plz help
@abhi
Weaver#copy running-config startup-config
Destination filename [startup-config]?
the destination filename…
you can type in a new name
OR
just press Enter and the value between the brackets (“startup-config”) will be used
hi i’ve been following the exact same steps but unfortunately can’t ping the ISP, ????
sorry found my mistake!!!!!
@Burns: hi i’ve been following the exact same steps but unfortunately can’t ping the ISP, ????
I have the same problem as yours. cant ping ISP, why? can’t find my mistake though.
ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 255.255.255.0
ip nat inside source list 1 pool mypool overload
???
@ cassidy
ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 255.255.255.0 >>> use wildcard mask, it should be 0.0.0.7
ip nat inside source list 1 pool mypool overload
@serial
@Burns
@Cassidy
Your second line doesn’t look right. ie wildcard.
Try it this way:
access-list 1 permit 192.168.100.16 0.0.0.15
Wildcard mask is not base on the ISP pool netmask.
The “pool” is inside global addresses.
access-list is the inside local addresses.
The third line is where you map or translate inside local to inside global…….OVERLOAD.
I TOOK MY CCNA YESTERDAY NOV 30 AND HAD THIS SIM WITH DIFFERENT IP ADDRESS
ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload
I downloaded the sim and I have the same config below but still CANNOT ping. Please help!
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload
run rip over router 1 ,it will work…
@TULIPS
You are missing these configurations:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Router1(config-if)#end
Router#copy run start.
This would allow the ping to work. Just as is done in the above example. Thanks.
How about if I use extended access list? in ccna exam we must same typing syntax or funcional??
I use :
access-list 100 permit ip 192.168.6.64 0.0.0.63 any
because we use NAT for accessing internet right, so i think the destination is “any”
please help me to make it clear, or there are another reason why we must use standard access list,
thanks ^_^
The confuguration is fine….. However, you didn’t apply the access list to the Serial interface.
Please let me know if I’m wrong or If i dind’t read the configuration correctly
hmm, are there any candidate ever do this before ? or different person using standard and extended access-list and both of them got 100% ??
is there any rules in CCNA lab that we have used simple way?for decision using extended or standard for NAT lab
help me please..
has anyone seen this question in the exam lately? mostly acl, eigrp and vtp i see people commenting about
Hi,
I configured the NAT SIM using “http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip” dis link in Packet Tracer,same as it is, but at the end the PC did not ping with the ISP. So please may i know what might be the problem.
Thank You in advance.
plz help with latest new n dumps to my exam
izzathkhan119@yahoo.com
why have we used a standard access list instead of a extended access list, worried pliz help l did use any extended my ping works fine but there are no translations being shown.
you dont need to use an extended access list so therefore just use a standard. you are only permitting a single network of hosts. do not get too fancy and stick with what is needed only.
Great WEB SITE. I passed my CCNA exam on 25th January. 90 percent questions are from 9tut. I did got NAT, ACL and EIGRP sims.
Once again thanks.
Krunal
@Sanjeev, you need to configure the IP NAT INSIDE/OUTSIDE to interfaces, that is incomplete in the lab
@Sanjeev, you need to configure the IP NAT INSIDE/OUTSIDE to interfaces, that is incomplete in the lab
pls dis anyone write ccna exams today(february 1).are labs still vtp, acl and eigrp
hi everybody..I downloaded NAT sim from the link and i configured it with the
Weaver(config)#ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat inside source list 1 pool mypool overload
Weaver(config)#exit
Weaver(config)#int f0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#int s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#exit
commands…
but when i do
PC>ping 192.0.2.114
Pinging 192.0.2.114 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Plz some one can explain it.. How i wil solve this problem….
but i did he successfully working and ping
@Muhammad Kabir: Hm-m-m, stupid question: did you set IP address on PC host? ))
@Dims
not that much stupid yar i have set PC host IP address… but thanks 2 u.. I sort out the problem is was neither my mistake nor configurution , but it was packet tracer bugggggg…….
i configured on othr systm and it did work….
@Muhammad kabir: :-)
Packet Tracer has some bugs and disadvantages. I’m prefer GNS3 for Labs. It lets to use native Cisco IOS images.
hello guz i wont to do my ccna next week plese some one sent me last dumps i will be thank full e-mail mohamedjafer2000@yahoo.com
Yar you can download dumps from this link…
http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2011-07-09.by.Collisio.486q.vce.file.html
Quick question I’m taking the test tommorrow and am just wondering:
In this example 198.18.32.65 -.70/29 is given for the NAT pool, isn’t the correct range for the pool 198.18.32.64 – .71/29 – I’m thinking the with IP subnet zero not enabled it doesn’t even matter which way this is done – but which is the exam correct way?
What if years later someone enables IP subnet zero – the host that is then assigned the .64 IP address will not be able to connect to the Internet wihtout re-configuring the NAT pool- right?
Using packet tracer 5.3.1….nat is not working for me…..only interface nat is working not the pool nat of any kind….
@Josh
No, it doesn’t matter if IP SUBNET-ZERO is enable/disable the result will be the same /29.
Regards
Remeber you always will need to summary the pool of internet range received.
Regards again :p
No I realize the /29 part, I think, though I’m a little confused about the responses to my question!
No, I just want to know the correct way to define a NAT pool if the whole subnet is used for the pool.
“ip nat pool Test .64 – .71/29″
Or
“ip nat pool Test .65 – .70/29″
The example shows the .65 – .70 as the correct answer and I completely understand that you can use whatever range of addresses needed, even if those addresses do not comprise the whole subnet. However, for CCNA purposes, this question would almost always imply the whole subnet – in which case .65 – .70 would not be correct right?
I realize that .64 is the network address in this case and that’s fine – obviously won’t be an issue unless “ip-subnet zero” is used and I also realize that .71 is the broadcast, but the router logic already knows that too. So the question remains, which is correct, in my opinion probably both are correct, but what will the exam say? Do you include the network address and the broadcast, or omit them like is done in the example?
@Josh
In case the whole subnet needs to be defined, you will need to summary from the first Ip to the last.
i cant ping from PC2 to ISP :( destination ip in PC2 packet is 10.0.0.2 i dont know how it comes ..HELP PLZ
@Aerodesliza
Right, but which is first and last? .64 -.71 or .65 -.70? I think .64 – .71/29 is the correct answer because it allows the easiest adaptability to scaling issues and does not have any negative consequences – at least that I can see!
I have used the same commands, but I can not ping from Pc to ISP
if you cant ping from PC to ISP, you just follow the ip addressing in Packet tracer sample…
the packet tracer example is missing a inside statement on F0/0?
Hey guys I want to give my ccna exam in 10 days do you think thats enough time 4 me to study i just started studying dumps, have read todd Lamle earlier. plz plz plz tell me how n what should I study
Hi,
I downloaded the dumps from but its saying that its currupt
http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2011-07-09.by.Collisio.486q.vce.file.html
Hello
Can anybody give me the link to download the latest dumps
@anonymous – there are no nat statements in the fa 0/0 and se 0/0 interfaces as stated in the question. if you include them it works
I can’t ping the ISP may be if there is another way out..
Its able to ping the ISP..You have to fist define the pool name with public address range & netmask of 255.255.255.248.Then apply access-list permit statement & finally apply the overloading….But don forget to mention the inside & the outside interfaces …This SIM is completely working fine !!!! Thanks in Advance.