CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
No you have to add the nat inside and out commands
overload signifies PAT
Guys I just upload my version of this sim
I updated all the addressing scheme similar to this one and they can ping back with each other
here’s the link:
http://www.mediafire.com/?vyyh8d285331cpo
when do i have to type the command :hostname weaver ,as in this nat lab this command is not included in the answer ,also it is include in the second nat simulation,so can anyone please explain when do i have to type this command?
Dear Kambalpogi
Now It’s ok. And I can ping from Host successful.
Thank you very much. And Pray for me I am going to take CCNA
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
Cisco 2621 (MPC860) processor (revision 0×200) with 253952K/8192K bytes of memory
Self decompressing the image :
######################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
Cisco 2621 (MPC860) processor (revision 0×200) with 253952K/8192K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
63488K bytes of ATA CompactFlash (Read/Write)
Press RETURN to get started!
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%SYS-5-CONFIG_I: Configured from console by console
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
User Access Verification
Password:
Weaver>enable
Password:
Weaver#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.240
Weaver(config)#acces-list 1 permit 192.168.100.16 0.0.0.15
^
% Invalid input detected at ‘^’ marker.
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat inside source list 1 pool mypool overload
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Weaver#
%SYS-5-CONFIG_I: Configured from console by console
copy run start
Destination filename [startup-config]?
pleas go through my config i have enter on a router …
Weaver(config)#acces-list 1 permit 192.168.100.16 0.0.0.15 >>>>>>>>>> typo
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.240
Weaver(config)#acces-list 1 permit 192.168.100.16 0.0.0.15
^
% Invalid input detected at ‘^’ marker.
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
—————————–
oops didnt see that it was corrected hehe, anyways it should be only /29 rather than /28 on your pool because 110-105=5
the command should be “ip nat inside source list 1 interface s0/0 overload”
certbopols,
please explain how that would work..
thanks..
Please can some one send me the new VCE. my email address is kofikoma@yahoo.com
thanks
where can i download latest vce reader?
to get the CPT sim to work change the following:
PC1
IP address: 192.168.6.65
Subnet Mask: 255.255.255.192
Default gateway: 192.168.6.126
RT Weaver
interface FastEthernet0/0
ip address 192.168.6.126 255.255.255.192
ip nat inside
interface Serial0/0
ip address 192.0.2.113 255.255.255.0
ip nat outside
NAT
ip nat pool MyISP 198.18.32.65 198.18.32.70 netmask 255.255.255.248
access-list 1 permit 192.168.6.64 0.0.0.63
ip nat inside source list 1 pool MyISP overload
RT ISP
password for the ISP router is “noway”
ip route 198.18.32.64 255.255.255.248 192.0.2.113
“sh ip route command”
198.18.32.0/29 is subnetted, 1 subnets
S 198.18.32.64 [1/0] via 192.0.2.113
From PC1
————
ping 192.0.2.114
RT Weaver
————-
Weaver#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 198.18.32.65:41 192.168.6.65:41 192.0.2.114:41 192.0.2.114:41
icmp 198.18.32.65:42 192.168.6.65:42 192.0.2.114:42 192.0.2.114:42
icmp 198.18.32.65:43 192.168.6.65:43 192.0.2.114:43 192.0.2.114:43
icmp 198.18.32.65:44 192.168.6.65:44 192.0.2.114:44 192.0.2.114:44
Can i ask you guys how you got 192.168.6.64 0.0.0.63?
Same question than Rocky..
It shouldn’d be 192.168.6.65 0.0.0.62 if we want only to have 62 adresses from 65->126
Otherwise 192.168.6.64 0.0.0.64 taking consideration that 64 and 127 will not be used because of Networking and Broadcast adresses..
Thank you ;)
@Rocky & Souaize:
the private addresses provided: 192.168.6.65 – 192.168.6.126/26
prefix/26 = 192 (128 192 224 240 248 254 252 255), it’s class C, counting from left – 25=128, 26=192, 27=224 … you can see the pattern)
you subtract the 192 – 255 as shown below
255.255.255.255
0 . 0 . 0 .192
———————
0. 0. 0 . 63
============
hope this helps.
Just small addition to Hotbreads expl.
With mask /26 or 255.255.255.192 you have divided your class-full C network on 4 separate classless networks:
192.168.6.0
192.168.6.64 <—- Our Guy's
192.168.6.128
192.168.6.192
Hey Why u are using overload command as this command is to enable PAT.
Sorry we should use overload as all 62 need simultaneous internet use. so 6 public ip –multiple session at 1 time.
Does anyone out there have Packet Tracer 6 or later? Please send to aaegh7@gmail.com. My version (V5) does not support iBGP…I’m preparing for CCIE.
Thanks in advance.
this is just awesome!!!!!!!!!! oh my god! i love life!
Hey i have configured the attached PKT same as required also adding IP Nat inside for F0/0 and ip nat outside for S0/0 but no ping from the host whether for 192.0.2.113 or 114???
Oooh got the problem , i wan pinging from PC-PT Console O_o, i must do it from PC-PT for testing :))
مجید میگه:سلام به محض که آدرس سایت وارد میکنم صفحه سغید بااین پیغام میادParse error: syntax error, uenxpected =’ in /home/loresta1/public_html/wp-content/themes/chip-life/functions.php on line 7 چکار کنم مرسی
@9tut
http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
is the same as NAT Simulation Question 1. Please correct it!
with IP NATing feature, how can I setup a ACL to open port for exchange (port 25)? I setup a simple NATing but I don’t know how to do ACL to allow port 25 to open for Exchange.
NAT sim practice lab 2 is same as lab 1, the hosts IP range is different from the lab 2 question.
I have to physically change the configuration by adding the ip route into the ISP router & changing the hosts IP to the range that was provided in sim 2 question, also i have to change the ip & mask of weaver router too….ping was successfully.
I have to admit, this lab does not work. I copied Copy/paste the text right out of the page and it still did not work. I compared to the solution one, which was in the zip and there are completely different subnets being use
Thank you Wangy, That did the trick!!
I was on the right track when I saw your post, I thought something weird when I saw the graphic with the wrong IP address that was on the interface fa0/0.
Great job, can some fix the download, so others don’t get the grief.
I mean the scope of the test is NAT not, whats wrong with my network ;0)
can we use overload in dynamic nat
ip nat inside source list pool pool-name
but here they used overload..confusing..someone help me can we use overload in dynamic
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload
———
int fa0/0
ip nat inside
———
int s0/0
ip nat outside
hi,
i think Pijush , yours will work
i already tried with same and every thing works
tested ping from two pc’s to isp router
and it works fine
please some one send me licenced version of visual_certexam_suite_setup .i m thank full 2 u.my mailing add: its_md.5277@yahoo.com.
Mazhar u can download VCE with crack from 4shared, jus click the link. http://www.4shared.com/rar/DtZYr7fc/vce_311.html
passed to day with 947/1000.
thanks 9tut and all of the people who was involved.
acl2, vtp, eigrp same as 9tut.
an extra network was in eigrp. you should apply “no network……”
another everything was same.
now time for CCNP.
is it a must to save the configuration in exam ?? copy run start ??
Pleease reply…
to shuvo_bd :
Would you please expalain exactly how & where to use “no network……” in the eigrp ?
Many thanks in advance
Shuvo means
there is a phantom network on the Main router
better to remove it by using the no network command
e.g
router eigrp 212
no network 192.168.30.0
it will remove the network 192.168.30.0 to be advertise
SilverStone :
How can i know the exact wrong network ?
Thanks in advance FY feedback
Harro, sneeky round eye western dogs, i see you trying to cheat on CCNA, I change exam on you all!
@hammam…
u have to see 1. the directly connected interfaces on the router by typing “show ip interface brief; then 2. show running-config to see which networks are entered under eigrp
solution 1. remove all network addresses that are not directly connected
configure terminal
router eigrp 10
no network [not directly connected network]
network [directly connected network]
@ examtaker : Thanks so much FY help
After permiting in access-list do we have to deny the other traffic because I saw that line in pass4sure question solutions?
access-list 1 permit 192.168.16.33 0.0.0.15
access-list 1 deny any
ip nat pool mypool 198.18.237.225 198.18.237.230 netmask 255.255.255.248
ip nat inside source list 1 pool mypool overload
Please help
Buen dia tengo una duda .
Porque se le da un pool :
mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Aqui estamos diciendo que coga de este rango ip publicas para que sirva de traductor alas IPS de la LAN Privada.
Cuando se coga cada Ip del Pool traducira dinamicamente:
Por Ejemplo :
IP Privada : 192.168.1.65 traducido a 198.18.32.65 (cogido del pool)
despues de esta traduccion con que se enlazara si las ip son 192.0.2.13 y 192.0.2.14…los cuales no estan en el rango de MEJOR DICHO NO CONCUERDAN CON EL POOL QUE TRADUCE CADA Ip Privada.
Alguien me explica . Se lo agradeceria muchisimo o capaz yo estoy en un error …gracias.
PASSED YESTERDAY WITH 894/1000 AND I HAD THIS LAB.
@waqmac u dont have to deny, because its already implicit
just permit the network that will be translated, in this case:
access-list 1 permit 192.168.6.64 0.0.0.63
then create the pool: ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
and link the list and the pool: ip nat inside source list 1 pool mypool overload
Need help : how can nating range 198.18.32.65 —>198.18.32.70 work on serial 0/0 with ip 192.0.2.113 translat … totaly differnt range i am configuring as above but nating doesnt work .. ???
It’s a mistake, use sh run to get the actual IP addresses and use it creat a limited for the outside range.
I hope some contributions are made to these guys? They have been very helpful. Though, I have not contributed, but I look forward to at least give something little to encourage 9tut.
Thanks 9tut