CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
9tut,
Why is the access list not applied to the inside interface for it to kick in? Is it not needed?
Thanks!
man this nat stuff is really getting me nervous pls help me understand the concept of nat configuration
Do we get NAT SIM for the ccna exam?
de lab get the cbt nuggets and the todd lammle book mate
goodluck to you ^^ im writing my ccna now in a few hours :D
first , thank you god . Second thank you 9tut.com . I passed CCNA today and the questions are vtp, eigrp (12,22) , access-list
In reference to PAT is there a configuration step missing in the above example?? According to the venerable Wendall Odom, ICDN 2 pg. 606, PAT configuration is as follows:
Configure an inside local interface: ip nat inside
Configure an outside local interface : ip nat outside
Configure a standard access list.
Then according to Odom you DO NOT configure a NAT pool but use this command instead:
ip nat inside source list 1 interface [INTERFACE] overload
Any thoughts as to which is correct and why???
can some 1 help with latest pkt player for windows 7 -64bit os plzzz
ASAP plz thnks a ton in advance :)
first , thank you God
Second thank http://www.examcollection.com/cisco and you 9tut.com
i pass the exam march 2012 AND i have got 947 /1000
don’t worry go to the tow website above !!!!!!
best regards
When i am downloading NAT Question 1 & Nat question 2, both are giving me the same SIM with identical questions..!
Can any provide NAT Question 2′s Link?
CCNA exam like SIM’s links will also do. Thanx.*
can some check this for me:
enable
config t
interface fastethernet 0/0
ip nat inside
interface serial 0/0
ip nat outside
access-list 1 permit 192.168.6.65 0.0.0.63
access-list 1 deny any
ip nat pool nat_test 198.18.32.65 198.18.32.70 netmask 255.255.255.248
ip nat inside source list 1 pool nat_test overload
end
copy running-config startup-config
(this for nat sim2 lab i need some one to check my answers for me )
this never come
I HATE NATT, HATE IT, HATE IT, HATE IT, NATT ME BOLL**
Karate Kid :-) POF
Hi samuel,
I think the Inside local network address must be 192.168.6.64 255.255.255.192 instead of 192.168.6.65.
So, access-list 1 permit 192.168.6.64 0.0.0.63
Also the “deny” is implicit, you don’t need to write “deny any”
Thks
Please explain why we use 192.168.6.64 255.255.255.192 instead of 192.168.6.65. Why we need network address to be used, why can’t we begin from first source address?
thank you very much ( Sioelo )
This packet tracer sim doesn’t work…
Question for 9tut and anybody else;
in d real exam sims do we first save our configs (copy running-config startup-config) b4 testing our config(pinging) or do we test our configs 1st b4 saving it?.
@ifyllenium: You should check & test the config first.
got 907/1000 felt like i ws in a game house 2day…gt some new ques bt notin to be scared of….d labs were;
acl:still d same as 9tut bt wit minor changes in ip address.
VTP;Still d same.
eigrp;d same bt d new router was nt configured at all.
Thanks to God and to u gr8 guys in 9tut….ccnp is go down next. :-)
Hi Sam, I passed my exam yesterday with score 973. Good luck to you
@Jam
We use 192.168.6.64 (the network number) to represent all hosts on that subnet or network portion. If we use ony 192.168.6.65 it would only represent the 1st assignable host on that network.
When you configure access-list you want to apply in a interface, this is a reason, nat don’t work good in this lab. For me it’s work very good
I pass my exam today may god help me to have my exam
Weaver(config)#ip nat inside source list 1 interface serial 0/0 overload
and used 192.168.100.16 0.0.0.15 —access-list
after that from any host i can ping the internet address which is 192.0.2.114 it works
Perfeito!!! Tudo pingando direitinho!!!
You got to do whatever it takes, but I altlacuy sleep a lot better now that I gave up caffeine. I altlacuy am more alert in the morning and during the day as well. So, I’m altlacuy really glad that I gave it up as is well worth the effort to kick the habit.
Packet tracer 5.3.3 latest version download from the following link
http://www.techfindings.com/cisco-packet-tracer-5-3-3-free-download-t225.html
Well explanations!! ”Eureka”.
olesimbe@yahoo.com
Remember, remember, remember your ip nat pool is case sensitive!!!!!
If I get, like in simulation: 6 public IP addresses of 198.18.184.105 198.18.184.110, what is appropriate netmask in command where we should define Pool? Is is 255.255.255.0 because it belongs to class C?
Guys what’s the difference between CCNA NAT SIM Question 1 and CCNA NAT SIM Question 2!!
@roxy !!!
The command would be like this:
Lab-NAT
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside.
- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)
- All passwords have been temporarily set to “cisco”
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration Information:
Router name – Weaver
Inside Global addresses – 198.18.184.105 198.18.184.110/29
Inside Local addresses – 192.168.100.17 – 192.168.100.30/28
Number of inside hosts – 14
The command would be like this:
Router>ena
Router#conf t
Router(config)#hostname Weaver
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat inside source list 1 pool mypool overload
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Weaver#copy run start
i have revised and solved all mcq s and labs in this site 9tut and i have exam 2morrow 22 may will be that enough to pass , i’m very worried and afraid :’(
what does this means?
You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.
I didn’t see any NAT configuration.
Guys pls know this. It may help clear some doubts. Its called wild card bits with formula (wildcard bit = block size – 1) so when ever you are to define the subnet pool of ip. Choose the most appropriate block size, use the formula to get the wild card bit, then your inverse mask is good to go. E.g for a pool of CIDR /29. Block of 8. The wild card bit becomes 7 ie (8-1). Then the inverse mask is 0.0.0.7
@Josh:
>>Right, but which is first and last? .64 -.71 or .65 -.70? I think .64 – .71/29 is the correct answer because it allows the easiest adaptability to scaling issues and does not have any negative consequences – at least that I can see!<<
I looked in "Lab 7.4.1: Basic DHCP and NAT Configuration".
Step 1: Define a pool of global addresses.
Create a pool of addresses to which matched source addresses are translated. The following command creates a pool named MY-NAT-POOL that translates matched addresses to an available IP address in the 209.165.200.241–209.165.200.246 range.
R2(config)#ip nat pool MY-NAT-POOL 209.165.200.241 209.165.200.246 netmask 255.255.255.248
You can chack in some subnet calculator that network address for this subnet is 209.165.200.240 and broadcast address is 209.165.200.247
Worked fine for me. Do check in your simulator that your ISP has the next-hop route configured to reach the R1 for the IPs 198.18.32.65 198.18.32.70/29. Else your ping reply will not reach PC2.
@joe
can u please tell me your commands..!!
plzzz
Difference between CCNA NAT SIM Question 2 & CCNA NAT SIM Question 1… It looks the same except the Private IP addresses……
What is the probability that this sim will appear in the exam?
hello everybody
Please , my exam is after 3 days any body have latest damp or any practice exams or any thing can help in exam Please send it at omran_mostafa@rocketmail.com
and wish good for all
this not PAT
in pat we use only 1 public address
the configuration shown above did not work in both packet tracer and GNS3, PCs in the company’s LAN are unable to ping the ISP(192.0.2.114).
GNS3 config:
R1 config:
!
interface FastEthernet0/0
ip address 192.168.18.46 255.255.255.240
ip nat inside
!
interface Serial0/0
ip address 192.0.2.113 255.255.255.252
ip nat outside
!
ip nat pool ABCD 198.18.32.65 198.18.32.70 netmask 255.255.255.248
ip nat inside source list 10 pool ABCD overload
!
access-list 10 permit 192.168.18.32 0.0.0.15
PC>ping 192.0.2.114 – timed out.
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 198.18.32.65:512 192.168.18.35:512 192.0.2.114:512 192.0.2.114:512
ISP#debug ip icmp
ICMP packet debugging is on
ISP#
*Mar 1 00:28:28.035: ICMP: echo reply sent, src 192.0.2.114, dst 198.18.32.65
ISP#
*Mar 1 00:28:33.499: ICMP: echo reply sent, src 192.0.2.114, dst 198.18.32.65
ISP#
*Mar 1 00:28:38.987: ICMP: echo reply sent, src 192.0.2.114, dst 198.18.32.65
ISP#
*Mar 1 00:28:44.499: ICMP: echo reply sent, src 192.0.2.114, dst 198.18.32.65
@9tut admin,
what is your secret in the configuration of ISP? why did you restrict us to view the configuration of your ISP router?
@tekcorzvrah
the password is “noway”
your access to it has been restricted as you wont be able to alter its configuration in the real exam so there was no point in practicing on that device
@xallax,
I was thinking that there is something that has been configured in the ISP router and sure it is, there is…….”ip route 198.18.184.104 255.255.255.248 192.0.2.113″
if ISP router does not have that static route, any PCs on the company’s LAN will not be able to connect to ISP (example ping).
anyway, thanks for the password.
I found the issue. There is a typo in the instructions and I didn’t notice it until comparing the uncompleted lab to the answered lab.
interface FastEthernet0/0
ip address 192.168.100.30 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.0.2.113 255.255.255.0
encapsulation frame-relay
ip nat outside
!
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source list 1 pool mypool overload
ip classless
!
!
access-list 1 permit 192.168.100.16 0.0.0.15
Notice the address in the access list. Finding that is the difference between memorizing answers and actually knowing what is going on. After I adjusted the access list everything pinged just fine.
When all else fails show run can save the day.
Also the instructions on here are not asking the same thing or answering the same thing as the downloadable lab. Having an access list:
access-list 1 permit 192.168.6.64 0.0.0.63
That doesn’t even apply to the downloadable lab. None of the hosts are anywhere near that subnet. Never just follow instructions and expect to learn very much. Look at the bigger picture starting with there being rather different questions/requirements on here compared to the packet tracer lab.
Actually read the instructions
Show run on router
check host ip’s, gateways, subnets