CCNA NAT SIM Question 1

After establishing the access list dont u think we should write “Access-list 1 deny any” command and one more thing if i configure the interfaces Fa0/0 with nat inside and S0/0 with nat outsde command before configuring Access list and nat pool in that case will my configuration work????
Plz help if possible…..

Please remember that there is an implicit “deny any” at the end of each access list- this means that your access list will deny all traffic that fails to match any of your access list lines. So you don’t need to write “access-list 1 deny any”

You can configure the interfaces Fa0/0 and S0/0 before configuring access list and nat pool. It will work well!

In fact, you don’t need to configure interfaces Fa0/0 and S0/0 because our question said: “the appropriate interfaces have been configured for NAT inside and NAT outside”

i am confused plz help mee
If i changed the command

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Changed below
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.105 netmask 255.255.255.248

Tell me it works or not and why

It still works well because we used “overload” keyword (PAT). All your outgoing packages will have a source ip address of 198.18.184.105 but with different port numbers. But you should do what the question requested

is it ok to use the prefix-length 29 option with the “ip nat pool ” command instead of the netmask option

thanks

Yes, you can use “prefix-length 29″ instead of “netmask 255.255.255.248″

i’m going to test on 29 & i can’t understand why we write

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
NOT

Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15
bec. the question is telling me that the inside local addresses 192.168.100.17 ????

you cant write Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15

you have to write the network number in the access-list configuration

192.168.100.17′s network address is 192.168.100.16

i think we shoud add :” access-list 1 deny 192.168.100.31 0.0.0.0″ because “access-list 1 permit 192.168.100.16 0.0.0.0″ includes the address 192.168.100.31 but the question requests only the address from 192.168.100.17 to 192.168.100.30
is it right???

No, we don’t need to add an access list of 192.168.100.31 because it is the broadcast address of this subnetwork

Shouldn’t you add a copy running-config startup-config after the:
Weaver(config)#ip nat inside source list 1 pool mypool overload

as, no further configuration is needed?

We just need to use only one “copy running-config startup-config” command at the end of the process

Hi 9tut,

on p4s Q397 as Hamid mention above it was on exam but there is no answer,

the question is:

which subnet mask it will be appropriate for a network address range to be subneted on up to 8 lans, with each lans contaning 5 to 26 hosts

a: 0.0.0.244
b:255.255.255.252
c: 255.255.255.224

what i have worked out is answer C can you please give me a scond advice? many thanks for all you great support on this side.

thanks
toni

@toni: This question is not clear. But if we have to choose an answer, C is the best one!

can you apply access-list and then apply nat ,,, or both wat are ok ,,,
or apply nat pool then acl…..thanks

You can do either first!

hi 9tut,

” Overload ” command should not be used here as it is reserved for PAT only that use to assign multiple ip addresses into single ip.

as here is being asked to use the ” pool “, so we can just place the range of the pool as being told in the question.

like: ” ip nat inside source list 1 pool mypool ”

i guess it is enough to cover the whole question.

what you say? please answer as soon as possible as i have exams in coming days.

thanks

and for your question ,,, as far as i know ,,, just in case the pool got busier ,or can’t handle the traffic ,as the pool have 5 addresses ,, overload option will be efficient to set ,,
just trying to help ,,

Yes, we surely have to use “Overload” keyword because we have only 6 IP addresses for 30 hosts

hey 9tut,

I think madhav is correct.
access-list 1 permit 192.168.100.17 0.0.0.15

No, 192.168.100.16 is the network address, not 192.168.100.17

Please I have my exam tomorrow and i’m very confuse by this problem.
Are we obliged in the real exam to type : Weaver#, weaver(config), Weaver(config-if) as in the example that follow?

************************************************
e.g:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end

************************************************

or we can only type the command like this:

e-g:
interface fa0/0
ip nat inside
exit
interface s0/0
ip nat outside
end

***************************************************

Let me know if it can work in the real labs

Just type as your second part

Weaver(config)#ip nat inside source list 1 pool mypool overload

we have a nat pool ,we are doing dynamic nat so we don’t need ‘overload’,do we?

ı think we need ‘overload’ in nat overload/pat
ıf we use nat overload/pat the command line will be like this:

Weaver(config)#ip nat inside source list 1 interface s 0/0

plese help me someone

to yeliz: First if you don’t use overload can not be more than 6 users contacted to internet in the same time. The 7th one should wait until one connection is off. Overload means that you can use port number combined with ip address wich allows more connections to internet in the same time. Without overload is a one to one connection ( one inside connection to one global address)
About using s0/0 means that your inside global address will be only one ip which is the interface ip. The interface ip can be a diff. address than the addresses from pool. To get more connections to internet you should use overload too : #ip nat inside source list 1 interface s0/0 overload

thanks to cris. I see, but I want to ask some more
Can I use
Weaver(config)##ip nat inside source list 1 interface s0/0 overload
is ıt true for this question?
Or should I create nat pool and use this:
Weaver(config)#ip nat inside source list 1 pool mypool overload

You have to use “Weaver(config)#ip nat inside source list 1 pool mypool overload”, in which “mypool” is the pool you created in previous step (“ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248″)

can we use the “?” in the CLI in the real exam?

i sometimes forget the exact structure of the codes for NAT.

is okay to use it? are there any deductions when you use the “?” ?

thanks in advance

@PaoL0: Yes, you can. But may be you will lose some points for it, so try to remember the commands. Good luck in your exam!

i have a question here.

when you created the acess-list 1 why did you use this code?

“Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15″

i noticed that you used “192.168.100.16″ where as in the example the starting ip address of the host is 192.168.100.17?

and why is the wildcard bits used here is 0.0.0.15?
my understanding on that is 16+15 (16 taken from the .16 of the first host) which will tell the router to permit ip’s starting from .16 upto .31?

am i getting it right??

We have to use network address in the “access-list” command, although the first host is 192.168.100.17 but its network address is 192.168.100.16.

You can quickly figure out what the wildcard is by reversing the bits from the subnet mask. In this case the subnet mask is /28, its last octet is 1111 0000 so we reverse it into 0000 1111 = 15

the easy way to find the reason for 0.0.0.15:
You can use:
255.255.255.255 – subnetmask
example:
255.255.255.255
-
255.255.255.240
——————————–
0 . 0. 0. 15
Am I right? :D

hi, in nat sim, will tab work? it very hard to remember . ..

@ ryan

hi, in nat sim, will tab work? it very hard to remember . ..

————————————————————————

Two of my batchmates took the exam 2 weeks ago. They say in some questions IOS help, the “?” thing and the “tab” work and in some places they are unavailable. So you would need to remember these commands. They are not very hard to learn.

Try this way:

To define a pool of inside global ip addresses try to say again and again:
Router(config)#ip nat pool prefix-length
OR
Router(config)#ip nat pool netmask

It will ALWAYS be a SIMPLE STANDARD access-list to allow inside local addresses for NAT and you know Standard ACL statement is simple enough:
Router(config)#access-list permit

The final statement for enabling the PAT using above pool and ACL:
Router(config)#ip nat inside source list pool overload
In English it becomes:
ip nat: I would like to nat
inside: from the inside of my network
source list 1: for the address permitted in source list 1
pool mypool: to the addresses defined in the pool named mypool
overload: and also overload

Router(config)# I would like to nat, from the INSIDE of my network, for the address permitted in SOURCE LIST 1, to the adress defined in POOL named mypool, and OVERLOAD as well

I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand “in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t even need the English translation.

Hope that helps.

HEY HEY HEY… READ MY POST NOW. The text editor removed all my greater than and less than symbols and the stuff between them. Replacing them with parentheses now…

————————————————————-

Two of my batch mates took the exam 2 weeks ago. They say in some questions IOS help the “?” thing and the “tab” works and in some places they are unavailable. So you would need to remember these commands. They are not very hard to learn.

Try this way:

To define a pool of inside global ip addresses try to say again and again:
Router(config)#ip nat pool (pool_name) (pool address range) prefix-length (number)
OR
Router(config)#ip nat pool (pool_name) (pool address range) netmask (subnet mask)

It will always be a SIMPLE access-list to allow inside local address and you know Standard ACL statement is simple enought:
Router(config)#access-list (1-99) permit (network address) (wildcard mask)

The final statement for enabling the PAT using above pool and ACL:
Router(config)#ip nat inside source list (ACL list number) pool (pool_name) overload
In English it becomes:
ip nat: I would like to nat
inside: from the inside of my network
source list 1: for the address permitted in access-list 1
pool mypool: to the address defined in in the pool named mypool
overload: and also overload

Router(config)# I would like to nat, from the inside of my network, for the address permitted in ACL 1, to the adress defined in pool named mypool, and overload as well

I myself had problems in remmebering this final nat command until I saw Jeremy Cioara describing the commmand “in English” like I mentioned above. I really like the way and used to apply command that way. Now I don’t even need the English translation.

Hope that helps.

and if you don’t have a pool of public address (a pool of inside global address) but instead have only 1 public IP, it would be configured on the edge serial interface say s0/0. In that case you don’t even need to define a pool.

After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:
Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCE LIST , to the address specified on INTERFACE , and OVERLOAD
Router(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload

O MY GOD… Sorry sorry. Admins would be frowning over my multiple posts for same thing but it again removed my less than greater than symbols!

After issuing “ip nat outside” command under s0/0 interface, go to global config prompt and type:
Router(config)# I would like to NAT, from the INSIDE of my network, for the address permitted in SOURCE LIST (1-99 or name of ACL), to the address specified on INTERFACE (interface type) (interface number), and OVERLOAD
Router(config)#ip nat inside source list private_pool_1 interface serial 0/0 overload

Sorry 9tut. Will now remember that angled-brackets don’t work :-)

thanks uthman, i have exam in coming Thursday.. if u have latest dump plz do post on my mail id i.e rayan.equinox@gmail.com. thanks a lot..

hello rayan ,if u get any dump plz forward to me plz my email id is nayeem_707@yahoo.co.in or nayeem414@gmail.com plz send to me thanx

hi nayeem, posted mail..

rayan young.

Hey 9Tut…Just wanted to say thanks for the great website…..

hi all, got my exam tomorow… every one says that in the exam it will be only sims vtp, eigrp and ACL 2. so is there a chance this could be in the exam instead of one of the other sims???
Kind regards

i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..

i have exam in coming wed…plss suggest me some last moment tips and topics to prepare before the exam…..plss help me out

did any one try this sim on packet tracer?
i tried it and i can’t ping , i don’t know why.

i found my mistake, i didn’t add the static routes
sorry

@Samehesk
I am trying this with Packet tracer, added static routes as follows:
Weaver: ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ISP: ip route 198.18.184.0 255.255.255.248 Serial0/0/0

My pings don’t work, no route back from ISP to Weaver :-(
Any pointers? — thanks

@darkhorse
just make a static default route on isp to serial s0/1
e.g
ip route 0.0.0.0 0.0.0.0 s0/1

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

WHAT WILL HAPPEN IF I WRITE:
Weaver(config)#access-list 1 permit any

ANY PROBLEM?
IF I FORGOT TO CHANGE THE HOST NAME, WILL I LOOSE ALL THE MARK?

hi y’all. what if we were given only one IP Add by the isp……do we still use pool?

I don’t understand how could be different the IP of Weaver Router’s S0/0 (192.0.2.113) and the global adresses’ pool (198.18.184.105-109). How will be routed the data from the inside LAN to the ISP after the NAT-translation?
I think the outside interface of the router should be the part of the global adresses’ pool.

I am still trying the ping with no success. I look at the answer PT file, and it looks exactly the same, but I am still not able to ping. Any suggestions?

OK, I realised I was wrong. It could be any ip addresses in the pool what the ISP gives. Dragonetti, you have to make a route in the ISP’s router, otherwise the ping won’t return to the hosts.

hey do u think this sim will gona come back again need to certify dis jan

thanx

9tut and ACME
i pass today ccna 936
labs
VTP , ACL, Eigrp

zulfiqarsoomro@yahoo.com

dear zulfiqar bhaiya , i wanna sit for the ccna. completed my ccna exploration. can you please send me your dumps to engg.tapu@gmail.com.

what textbook is the best and the latest one can use to prepare for this ccna exam?

could anyone help me with current dumps.
i will appreciate
thanks

can any help me with a new dump i have a test on 11 OF FEB

plz if any body could help me in doing nat i really dont understand plz help me or prefer me any of the free books or sites where i can easily study or plz help me with the notes plz plz help i m preparing for exam or mail me on owais007786@gmail.com
thanks

can you please send me the link where I can download for latest test inside and pass4sure. This is email add tamayao@gmail.com

Hi

There seem to be alot of arabs doing this exam?

Does anyone know where can I found the latest sample test. Thanks

I am just cusrious on what pool name can be used. can we use any name ?

Or there is a given name during the exam

You can use any name for the pool just make sure you use the same name when you enable NAT (case sensitive). Also make sure your name doesn’t include any spaces otherwise the CLI will think you are moving on to the next part of the command. FYI I tested using letters, numbers, and underscore in the name and it worked. Not sure if you can use symbols but I wouldn’t make it unnecessarily complicated on yourself.

@B THANK you for the response –

i’ll continue reviewing Testinside.. I also practice all the labs on packet tracer

hey guys heard from some one that dumps by Mashti is no longer valid

can anyone confirm if it is true … thanks in advance

For those who are confused about the use of the “overload” parameter in this sim, it is necessary because the question states that the 14 users need to access the Internet simultaneously. Since there are only 6 public IP addresses, dynamic NAT without overload would leave 8 users without access at one point or another. Hope this helps.

Hi 9tut i hav 1 big ques the example problems only coming for the real ccna exam plz help me…..reply me

I had my exam today and passed. 9tut, you are my hero. this labs are so much helpfull. God bless you.

How does the ISP router know where to route 198.18.184.105 to 198.18.184.110. Seen as this router has an IP Address of 192.0.1.114.

Where can I DL the NAT SIM .zip folks? thanks guys!!!

Hi all

this simulation is working fine for me. I can see the output of SHOW IP NAT TRANSLATION

but i have a little confusion regarding the NAT pool range

it says ”ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248”

can we not write
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.0 as well.

or is it because ISP given us 6 IP address so the netmask have to be 255.255.255.248, /29 gives us 6 usable hosts.

thanks

I have mistakenly issued
ip nat pool me 198.18.184.105 198.18.184.110 netmask 255.255.255.0

now i want change it to

ip nat pool me 198.18.184.105 198.18.184.110 netmask 255.255.255.248

but
no ip nat pool me 198.18.184.105 198.18.184.110 netmask 255.255.255.0

doesnt work .

it says pool in use, what to do, please help

Hi,may you please send me the link where I can download for free latest test inside and pass4sure. This is my email clintkiv@gmail.com

Thanks

@tay
hi y’all. what if we were given only one IP Add by the isp……do we still use pool?
——————————————–
if ISP gives only one inside global IP address, then there is no need for pool.
That address has to be configured on S0/0 of the router:

Weaver(config)# interface s0/0
Weaver(config-if) ip address 198.18.184.105 255.255.255.248

Next will be mapping :

Weaver(config) ip nat inside source list 1 interface s0/0 overload

am writing mine next week pls what information do u ave 2 give me………and what labs wuld come out..inbox me pls….demex20022002@yahoo.com

I am failed in exam only Frame-relay question is different

ohterwise all sims are same

I got 745/1000

:(

@a.g

Don’t worry yar… best of luck next time….

What simulations are currently beind asked in the exams, I’m going to write in two weeks, pls let me know.

hi guys,

why I could not ping any IP of my nat pools 198.18.184.105 198.18.184.110 from router and any host ??

Can someone please explain this NAT-proccess…
You have been provided an ip-range (198.18.184.105 – 198.18.184.110) from the ISP, but the assiged outside-local address for the S 0/0 interface doesn´t fit into this range?
Isn´t this necessary?
Is this a common senario even in real life?
How does the ISP handle the routing? 198.18.184.104/29 —> 192.0.2.113?

outside-local = inside-global

@a.g koi nai yaar m b dene ja rha hu exam on 23rd, wish me luck bhai……….

after all, i done it
took around 1.30 hrs and i am able to ping from the pc meant for testing the connectivity with ISP
Weaver(config-if)#do sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:10 192.168.100.18:10 192.0.2.114:10 192.0.2.114:10
icmp 198.18.184.105:11 192.168.100.18:11 192.0.2.114:11 192.0.2.114:11
icmp 198.18.184.105:9 192.168.100.18:9 192.0.2.114:9 192.0.2.114:9

miftaul

just create a new pool – one with a different name – with the correct address range

;)

Passed Today. Questions from acme (10-15) other new..sims were vtp, acl, eigrp…You sould have deep knowledge and engineering understanding in telecommunication field to pass the exam…Dumps are just for revision…Greeting from MACEDONIA…Thanks to 9tut :)

hi guys,
I just got a question.

I am confused with the terminology.
you put Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

I thought we were supossed to use named access list for NAT and PAt like this:

ip access-list NAME..xxx xxx

is it the same ? does it make any difference if I use named acls? would I get scored down?

dear brother

u can use a named ACL but must be (standard)

ip access-list standard name

weaver(config)#ip nat inside source list sheno pool friends overload
weaver(config)#ip access-list standard sheno
weaver(config-std-nacl)#permit 192.168.100.16 0.0.0.15
weaver(config-std-nacl)#exit

Can someone kindly send me the latest dumps for CCNA 802 exam to cts1234586@hotmail.com
Many Thanks

Send me please the latest dumps sbbhkk@hotmail.es Thx!

Hi,

Can help me about this point, if we configure NAT on real network we need to configure default route or static route to destination. but in the answer about this sim I don’t see you configure default route. is it enough answer for exam?

Best regards,
Meun Dol

pls send me latest domes my email id : aamer.maik89@yahoo.com pls pls ……………………

Yuupppyyyyy,Thxxxxxx God,Thxxxxxxxxxxx 9tut for your help,i passed my ccna 2day with 857 ;)))))))))))))

which one should i use “netmask” or ” prefix-length” ? and how will i know which to use?

plz tell me the way to pass in ccna xam. i have 15 days for my xams

dear jeni no need to wory for exam first prefrence u should give to labs..becoz its having more points…defintly eigrp lab ll come..and vtp sim also I got 973 points..so all the best for ur exams…any clarification cal me or mail me riyasdheen1988@gmail.com

why are we using 255.255.255.248 subnet mask for 14 hosts?
shud it be 255.255.255.240?

I know you can summarize with access lists. So which process do we use for coming up with “192.168.100.16 0.0.0.15″? The first half is the network for the range .17-.30 (last octet) with a /28 prefix, but it’s also the summary for that range. The wildcard mask can also be obtained by reversing 1s and 0s in the subnet mask, but also through the summarization…

In this sim Why we didn’t issued the command ” ip access-group 1 in” on fa0/0 &
when I issue the command ” sh ip nat stat ” its showing me Hits =4 n Misses =4
pls help.