CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
There is no default route in the router(Weaver)…
we could ping 119.2.0.113 from PC to wever router’s interface but how are we able to ping 119.2.0.114 from same pc, without a route from our stub network..?
PING is based upon unicast of an ICMP packet. Echo-reply is the port that the “reply” will come back on. Two things, the echo reply is unrecognizable at Weaver’s S 0/0 port and ISP router has no route back so it can’t send echo-reply back to the source.
Hi, someone can send me the last dump to fedesscapo@hotmail.com. Thanks!
@9tut. This lab does not work (the one unresolved). Inside zip file there are 2 files, 1 to answer and one already answered. I tried to resolve the unresolved one, and compare Weaver router config. to the one answered; exactly the same configuration, I even used Beyond Compare and is exactly the same, but pinging to 192.0.2.114 does not work, but in the answered one pinging just work fine. Is there something missing in the no answered file inside ISP router?. I tried to access it but ‘cisco’ password does not work on that router.
@9tut
the question says that you need to provide internet access to 62 hosts (in the lab that I’ve downloaded it is 14 instead). The point is, what subnet mask do we need to configure?
a mask of 255.255.255.192 (wildcard 0.0.0.63) would provide 64 IPs. discarding the network and the broadcast, it would remain 62… but one is already being used by the fastethernet of the router… Therefore it remains 61 IPs to be used by the hosts if we use this wildcard that you’ve mentioned.
Isn’t it a tricky question????
cheers
please send me latest dumps
my email id : rosireddy.muvva@gmail.com
When you make the sim, just change the ISP and your router to IP addresses within the IP address pool given to you by the ISP.
I know this isn’t the answer, but you will 1) get pings back and 2) carry out what is required of you in the exam.
You need not worry about static routes etc. as long as you understand why this SIM won’t ping if you create it line for line off this tutorial.
Create static routes if you really want to…
Please send me latest dump of CCNA
email:hpesoy1@gmail.com
Please send me latest dump of CCNA
m.mineiro@globo.com
when you are configuring the access-list portion of this simulation
why use the network address of 192.168.6.64 rather than use the source address of 192.168.6.65.
very confusing.
@OneEyeJack
Because you need to include ranges 192.168.6.65 – 192.168.6.126.
The network address 192.168.6.64 0.0.0.63 covers them and that’s the correct way of doing it.
Even if you entered 192.168.6.65 0.0.0.63 it will correct itself if you show access-list to .64 but in the exam, I think it will not give you points if you let the config correct the input for you.
Thanks guys, I tried the SIM in packet tracer and could not receive an ICMP reply from the ISP router even though I was advertising the all routes on Router1 with RIP…I found that to be weird but then I followed advice and did a default route on ISP router and worked fine. I did: ISP(config)# ip route 0.0.0.0 0.0.0.0 s0/1 and worked perfectly…By the way this site’s awesome !!!
@CR7Cubano.
How did you get into ISP router?. When I try to get into it, it asks for a password that is not ‘cisco’.
Thanks!.
hi everyone!
Which statement is correct regarding the operation of DHCP?
a. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
b. If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
Which one is true??? At 9tut the answer is a , at Brar the answer is b. I am not sure what is right!!!
going for the exam next week,,someone pliz send me latest dumps..email benady12@gmail.com
going for the exam next week, someone please send me the latest dumps to g2hari@gmail.com
@atr
should be (b)
@korean
It is (a)
any body plz give me link of packet tracer updated version for these simulations :)
@atr
it should be (a). Todd says that is very important to remember that the address will not be assigned to a host until the administrator resolves the conflit by hand in his 7th edition chapter ‘Introduction to TCP/IP’.
@9tut
i need help pls, how were u guys able to get into router weaver from pc1> have tried telnet 192.168.100.30 n also tried 192.0.2.113 no luck
is there something am not doing right
HELP PLSSSSSSS!!!!!!!!!!!!!!
mo,
just click on the Desktop tab under pc1, then select terminal…there you will be able to access the weaver router.
cheers.
send dumps on tshons@gmx.com
hi friends I intend to pass the 640-802 exam if possible I may have the last dumps thank you in advance my mail is k.innos86 @ gmail.com
The reason why people are having trouble, I believe, is that that write-up uses different IP addresses than the attached Packetrace file.
The write-up says, “These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range” while the actual packetrace file uses 192.168.100.17 – 192.168.100.30.
If you enter “access-list 1 permit 192.168.6.64 0.0.0.63″ into packetracer to allow the PC to connect with the NAT pool, you’re actually entering a useless command, since the PC they ask you to ping from is IP 192.168.100.18
Hope this helps
OTG
hi
i have smoel proplem with the ping 192.0.2.114
how i can Createed
in the clod no way to pot the ip any i dya please
if can send the toploje
to me
my email
bo_3li88@hotmail.com
thanks
This lab file is not have a 6.65 to 128 range
absolutely can not ping to 192.2.0.114
If you want to lab this question,
you need to modify this file.
Switch and Host and Router. Good luck
hey daft question but do you need to config the isp router with a static route to the weaver router?
helo
please can someone help me by directing to any link where i can download free the ccna courses? i want to prepare my ceetification
my mail is:johnossan@yahoo.fr
thanks to all
this nat not pingins isp router bcz they not assign the interface address to the s0/1..u just ping outside local address s0/0..reply come success..its enough bcz its isp router we didn’t able to configure the interface id…
sorry its pinging i try command prompt at first
Sure it works :) you must use Addressing from Packet-Tracer description under topology.
Hi all,
Please send me the latest dumps of CCNA.
ranz11281989@yahoo.com
Thanks..
9tut,
Clearly the lab does not work, but in the interest of making it work I would like the password for the ISP router to insert the static route ip route 198.18.32.64 255.255.255.248 192.0.2.113
By the way, is this one of the SIM on the exam?
@Jamerican: The ISP router already had the static route there. The password for the ISP router is “noway”.
@ Jamerican :
if you apply the command “show run” you will notice that there is no “ip nat inside” for fa 0/0
and there is no “ip nat outside” for s 0/0
here is the problem .. ;)
apply the missing commands and it will ping Successfully :)
does this mean 192.168.6.64 & 192.168.6.127 will also be nat ‘ed given the wildcard mask?
@Nil:
192.168.6.64/26 gives u 62 usable host IP add, which 192.168.6.65 to 192.168.6.126.
64 is the network address & 127 is broadcast address
Netwrk addr Usable Range brodcast addr
0 61-62 63
64 65-126 127
128 129-190 191
192 193-254 255
hehe sorry for that,cant believe I forgot the simplest of details wasnt thinking right.
hello. ive configured everything correctly, now i can ping from pc1 to the isp interface but the problem is why cant i ping any of the nat interfaces or the pc1 from ISP?
Please answer.
Faisal, because the ISP does not have a route to your local networks only to the already NAT’ed address.. Therefore a ping from outside the network to a local IP will not work.
has nat sim also to be studied?
Thanx 9Tut
I got My Exam With 986/1000 Marks
Similations ….EIGRP-ACL-VTP
Exam is Really easy Frnds……….
dnt b scared, jst do it
@ 9Tut
kindly let me know what is the password for router1 plz.
@ 9Tut
sorry i missed but got it now.
if you are using the sim you will either need to change the IP of PC1 to something within the allow subnet or you will need to add its current subnet to access-list 1. Only then can you ping.
You have to add the ip nat inside and out side interfaces to the router & change the Access list to fit what is on your LAN.
Don’t forget to check you translations by using the show ip nat translation command to make sure all is working properly.
If you don’t understand nat, by time you get this to work right, you you should have a full understanding of it.
I turned out to be a good SIM, Thanks!!!
hello guz i will take ccna tomorrow i need to know did all nat type come in the lab question !!
or just pat ??
please
hello, can someone tell me why we have to use the overload keyword? thx