CCNA NAT SIM Question 2

Also obviously change the pools but at this point I feel like I am becoming my own worst enemy just giving out the entire solution.

no ping!!!!

Q1. I cannot ping in this Simm either.
I wonder if the fact that in Sim 2 Fa0/0 has ip address 192.168.100.30 255.255.255.240 (192.168.100.30/28) which is different subnet than the access list
“access-list 1 permit 192.168.6.64 0.0.0.63 (192.168.6.64/26)”.
It explains why the Sim 1 works fine.

Q1. Disregard my earlier comment. I found out that the host used to test ping was not in the same subnet as the default gateway.
Like this site a lot.

what is the difference between: ip nat inside source list 1 pool mypool overload and
ip nat inside source list 1 interface s0/0 overload.

so what the difference when you specify the interface and not the pool name?

I’d like some clear explanations. plz.

pool = this pool of addresses will be used for the overload and dynamically allocated as the inside global addresses/ interface = the ip of that particular interface used for the overload and only that address is used as the inside global address

This SIM just has wrong range of Public IP Addresses:)
Means pool.

interface FastEthernet0/0
ip address 192.168.100.30 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.0.2.113 255.255.255.0
encapsulation frame-relay
ip nat outside
!
ip nat pool MIKE 192.0.2.112 192.0.2.117 netmask 255.255.255.248
ip nat inside source list 1 pool MIKE overload
ip classless
!
!
access-list 1 permit 192.168.100.16 0.0.0.15
!
!
!
!
!
line con 0
password cisco
login
line vty 0 4
login
!
!
!
end
PC>ping 192.0.2.114

Pinging 192.0.2.114 with 32 bytes of data:

Reply from 192.0.2.114: bytes=32 time=44ms TTL=254
Reply from 192.0.2.114: bytes=32 time=55ms TTL=254
Reply from 192.0.2.114: bytes=32 time=56ms TTL=254
Reply from 192.0.2.114: bytes=32 time=30ms TTL=254

Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 56ms, Average = 46ms

PC>

@to No ping. Good job mate, to change the pool its too easy solution)))
interface FastEthernet0/0
ip address 192.168.100.30 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.0.2.113 255.255.255.0
encapsulation frame-relay
ip nat outside
!
ip nat pool MIKE 198.18.184.105 198.18.184.110 netmask 255.255.255.248
ip nat inside source list 1 pool MIKE overload
ip classless
!
!
access-list 1 permit 192.168.100.16 0.0.0.15
!line con 0
password cisco
login
line vty 0 4
login

PC>ping 192.0.2.114

Pinging 192.0.2.114 with 32 bytes of data:

Reply from 192.0.2.114: bytes=32 time=110ms TTL=254
Reply from 192.0.2.114: bytes=32 time=124ms TTL=254
Reply from 192.0.2.114: bytes=32 time=125ms TTL=254
Reply from 192.0.2.114: bytes=32 time=125ms TTL=254

Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 125ms, Average = 121ms

PC>

ip nat pool MIKE 192.0.2.112 192.0.2.117 netmask 255.255.255.248
192.0.2.112 – is a network address of netmask 255.255.255.248
host addresses: 113 – 118.
119 – broadcast.

sim conf is ok.

@hi
First one its wrong,

so then is access access-list 1 permit 192.168.100.16 0.0.0.15 or
access-list 1 permit 192.168.6.64 0.0.0.63

in the test what should i answer ishould tostudy play-doh 1 lol

@SUPERCARBON

On a test you should see what they are asking for, means how many hosts they want to allowe to access the Internet. And how many global addresses they giving you for NAT.
This sim is only giving you idea , what shoul d you expect on exam
Ta

hey

how can i view all the .vce files . i have a player but its only a trial version which allow only 5 questions. Please help me on this
nawab.ansh@gmail.com

thanks :)

AM GONNA WRITE THE EXAM FOR THE SECOND TIME . WILL I GE THE SAME LABS IE ACL2, EIGRP, AND VTP OR NAT ETC?

@9tut & @xallax
I owe you!

@everybody else especialy @tekcorzvrah….in this tutorial,
Your logical questions and challenges in here are invaluable to many of us!

Appreciate!

Although it is said that the inside and outside nat interfaces are already configured, It seems that the lab file available here it is not configured with the “ip nat inside” and “ip nat outside” commands.
make sure you issue those commands before starting your labs:

Weaver(config)#int f0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#int s0/0
Weaver(config-if)#ip nat outside

cheers

UH OH, from reading recent comments on this site, it appears that Cisco is tinkering with the CCNA 640-802 exam a little. Recently some people are seeing Uncle Nat and Cousin Pat Simulation on the exam instead of VTP or EIGRP Sim. Actually it is fairly easy, but more stuff to remember, and to memorize the exact commands. One careless mistake and you lose 50 to 100 points.

After you understand the concept of NAT/PAT you must memorize three commands.

Global configuration mode RTR1(config)#
ip nat pool [swimmingpool] 198.60.80.17 198.60.80.30 netmask 255.255.255.240
access-list 1 permit 192.168.95.64 0.0.0.63 [permit 192.168.95.65 to 192.168.95.126]
ip nat source list 1 pool swimmingpool overload

If Cisco modifies the Sim and requires us to set up inside and outside interfaces, we have to be prepared to write the correct format of the commands.
ip nat inside, and ip nat outside.

We must be able to do this in our heads while lying in bed in order to guarantee getting this simulation correct on the exam.

Actually easier than the VTP simulation.

Can someone pls explain to me the NAT sim of 9tut

Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Router1(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)

i dont get this 192.168.6.65 to 192.168.6.126 connected to this

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

in real exam of NAT sim what pool name will be used? in 9tut sim he used mypool.

@Angel

the statement 192.168.6.64 0.0.0.63 (192.168.6.64 /26) is the network for the 192.168.6.65 – 192.168.6.126 range

guy,

I am confused. The pakcet tracer sim for this question is exactly the same for “ccna nat sim question 1″.

Does anyone have the correct packet tracer sim for this question? Or is it a case of we needing to change the configs from sim 1, i.e the IP address etc???

am confused….

Thanks in advance

Hi arp,
it is because it said it’s a similar sim, not the one mentioned on this Q, although an exact one will be nice. But okay for me I got the last one.

nice stuff

Did anyone get NAT sim in the exam??

Hi All. Can anyone help me to send a full version of VCE. Thanks
den_carl39@yahoo.com

No,no no!! This is wrong!! PAT configurations are strictly “one to many”, not “a few to many” as in the 9Tut example at top of the page..I’ll explain..

There are over 64000 ports available for NAT mapping/translation per IP address so there is only ever 1 IP public address ever needed for translation, not a range!

PAT can also be much more simply configured by doing the following:
1. Create the standard access list for the private addresses needing translation:
Router(config)#access-list 1 permit 10.10.0.0 0.0.255.255

(this example allows permits all users on the 10.10.0.0/16 network unrestricted access and will also be available for NAT translation)

2. Next, link the access list to the configured NAT outside interface:
Router(config)ip nat inside source list 1 interface serial 0/0/0 overload

(this links the access list to the outside interface, effectively using the public IP address assigned to Serial0/0/0 to convert all 10.10.0.0/16 addresses to the same public IP address but with random port numbers generated for each conversation)

3. Make sure inside NAT is configured for the subnet that the 10.10.0.0/16 network is attached to, for example:
Router(config)interface fastethernet 0/0
Router(config-if)#ip nat inside

This example assume that Int s0/0/0 is already configured with a public, routable IP address, and has the “ip nat outside” configured at its interface level.

9Tut, please correct this as many users will be confused!! The only way for your example to work would be to use matching IP addresses in the range command:
Your example:
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

Pool for proper PAT setup:
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.65 netmask 255.255.255.248

This in theory would still work, but makes the configuration longer than it needs to be.
Hope this helps people!!

Forgot to add my source to back up my previous post:

CCNA Discovery
Introducing Routing and Switching in the Enterprise
Lab 4.4.4.3 Configure and Verify PAT

This is the valid, current method that Cisco use in the curriculum to teach us PAT with and will likely be the way they would expect us to answer it in an exam, so its your choice if you get a NAT/PAT sim in the 640-802 exam and do it the way that this site has set it up..you chance losing a lot of points!

One last thing for all to note, please dont think Im having a go at anyone or slating this site in anyway whatsoever, I think it is an invaluable resource for any CCNA candidate and it has many useful hints and explanations, I would just hate to see people losing marks over what seems to be a genuine mistake.

Peace y’all, and good luck! Im sitting my 640-802 in a couple of days!!

Exact copy from the current curriculum:

“Configuring PAT requires the same basic steps and commands as configuring NAT. However, instead of translating to a pool of addresses, PAT translates to a single address. The following command translates the inside addresses to the IP address of the serial interface:

ip nat inside source list 1 interface serial 0/0/0 overload

Verfiy NAT and PAT functionality with the following commands.

show ip nat translations

This command displays active translations. If the translation is not used, it ages out after a period of time. Static NAT entries remain in the table permanently. A dynamic NAT entry requires some action from the host to a destination on the outside of the network. If configured correctly, a simple ping or trace creates an entry in the NAT table.

show ip nat statistics

This command displays translation statistics, including the number of addresses used and the number of hits and misses. The output also includes the access list that specifies internal addresses, the global address pool, and the range of addresses defined.”

************end of copy********************

The 9tut example appears to be for Dynamic NAT, not PAT as stated..

Copy from curriculum for dynamic NAT:

“When configuring either static or dynamic NAT.

List any servers that require a permanent outside address.
Determine which internal hosts require translation.
Determine which interfaces source the internal traffic. These will become the inside interfaces.
Determine which interface sends traffic to the Internet. This will become the outside interface.
Determine the range of public addresses available.

Configuring Static NAT

1. Determine the public IP address that outside users should use to access the inside device/server. Administrators tend to use addresses from either the beginning or end of the range for static NAT. Map the inside, or private address to the public address.

2. Configure the inside and outside interfaces.

Configuring Dynamic NAT

1. Identify the pool of public IP addresses available for use.

2. Create an access control list (ACL) to identify hosts that require translation.

3. Assign interfaces as either inside or outside.

4. Link the access list with the address pool.

An important part of configuring dynamic NAT is the use of the standard access control list (ACL). The standard ACL is used to specify the range of hosts that require translation. This is done in the form of a permit or deny statement. The ACL can include an entire network, a subnet or just a specific host. The ACL can range from a single line to several permit and deny statements.”

*******end of copy*******

The examples given for configuration in the curriculum do not have “overload” mentioned at all in any page anywhere for Dynamic NAT because it is intended for PAT only, ie “one to many”.

Hope this helps!

Hello I tested the nat1 and i config it and i got a good ping after i reviewed the nat2 sim and i cant ping 192.0.2.114 i checked the fa0/0 the ip add assign was 192.168.100.30 but in nat2 the inside local was 192.168.6.0..

do both nat1 and nat2 should have the same topology name CCNA_NAT_sim_question ?

hi friends ,
if you want any dumps or any
suggestion regarding ccna exam i will
guarantee you that i will respond you
within 2hours
mail me at aman.mim80@gmail.com

the link http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
given above is not for Nat Sim Question 2.
so u have to reconfigure all including the ISP router.
the ISP router should have its “ip route” command changed to match the network given by ISP in the question.

Thanks

Both of the NAT questions refer to a pool of public ip addresses which are not referenced on the NAT router, except in the pool. How can this work?

OK, it seems that an address or pool of addresses does not have to exist on a physical interface. In this example, the WAN router routes for that network down to 192.0.2.113 – So on the ISP router – ip route 198.18.32.64 255.255.255.248 192.0.2.113

Is this correct?

I’ve made NAT Sim 2 in packet tracer if anyone wants it?

PLEASE READ!!!!

To stop all the confused people… this actually does work perfectly fine. A NAT pool does not have to match a interface subnet; the ISP just has to know where to send traffic back to. So what most of you are running into is pinging through the Packet tracer packet button instead of actually pinging the ISP from the PC command line. If you notice the ping with the packet tracer packet button pings the LAN interface of the ISP… but we don’t want that. We want to ping the WAN interface. Hope this clears things up!

Please send me latest dump of CCNA
email:aloksrinet@gmail.com

I’m not understanding this command:
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Establish dynamic source translation, specifying the access list that was defined in the prior step

How do you get or find this IP address cause I cannot find it anywhere? Please help ASAP, I take the exam tomorrow on the 4th of Sept 2012.

This lab does not work. I’ve tried pinging it from the cmd & web browser all I get is timed out.
I even tried to change up the access-list mulitple ways like: 192.168.6.0 0.0.0.63 & 192.168.6.0 0.0.0.7 & 192.168.6.64 0.0.0.63……Not even when watching the packet endvelopes pass through are working.

Guys, you need to add the IP NAT INSIDE and OUTSIDE commands to the appropriate interfaces first for your ping tests to work!

If you understand how this works, doing a simple show run command will prove that the above lines are missing. Put them in, then do the PING tests again and they will work.

Besides that, this LAB works just fine.

I have my inside and outside all configured properly. Im not able to ping from the 2 PCs but pinging from the console works fine. Any ideas?

Apologies!!

I could not ping from the PCs because I was using the IPs on the “SIM” question which happen to be different when loaded in Packet Tracer. I am pinging away now. Anyone having trouble pinging may well take note. Thanks.

Uhmmm.. NAT 1 sim and NAT 2 sim are the same. Just sayin…

Where are you supposed to make the ping from? I’m getting it even w/o putting in the commands.

Dear all

“MTU 1500″ means Packet or Frame?

My exame date is 15 sep so please help me i’m confused.

can anyone say …..whts the sim is currently for this month………

@hiresh maximum packet

hi,

Could someoen plz advise on the sims? Im sitting mine on the 25th!

NAT is so cool!

This for all the people who didn’t the ping back when tried in packet tracer. In the exam they would have created a static route for the 198.18.32.64 network, which is how it is seen by the ISP router in the source address field.

When you are practicing at home you will need to do a little extra work.

The ISP router has no route to the .64 network,There fore when it tries to send a reply it has no idea how to reach the .64 network.

So to solve this issue you will need to write a static route saying (ISP(Config)#ip route 198.18.32.64 255.255.255.248 192.0.2.113 ) YOU NEED NOT DO THIS IN THE EXAM BECAUSE THEY WOULD HAVE ALREADY CONFIGURED THIS. Please also note that it may be very tempting to write a default route on ISP router, which in turn will cause routing loops, so you must have static route at the ISP router and default route on the Router 1 router!

Cheers,
Kart

SIM works, if you can’t get this to work, or don’t understand it, you should go back to the books. The point isn’t to pass the exam – it’s to learn the material. i.e.; If I was to interview you for a job based on the fact you passed the exam, you’ll fail the interview when I ask you to explain this. You MUST have these skills down to function in the real world.