CCNA NAT SIM Question 2

guys is there any deffrent when u configur ip nat inside or outside at any interface?

when u have to apply nat on inside interface we use nat inside,and when we have to apply nat on outside interface we use nat outside.inside and outside are interfaces!

Hey all, Am I the only one who is not able ping from the ‘host for testing’ PC1 to 192.0.2.114 ? I have configured the exact same steps on the Weaver, still not able to ping .. Someone please help.

@9tut
hello i have a doubt that in the exam in the simulation question once if we enter the router’s CLI then if we have some doubt on the diagram can we get back to diagram and verify and then enter the routers CLI again.. please help

@9tut
Is there a need in the exam to add a default route in some way?

@ 9tut This configuration that you said is for UNDERSTANDING. DO WE HAVE TO TYPE THIS CONFIGURATION IN THE EXAM (IT IS NECESSARY TO PUT IT) ?

Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside

Router1(config-if)#exit

Router1(config)#interface s0/0
Router1(config-if)#ip nat outside

@emb: In the exam you don’t need to put these commands. Just do the “show run” and you will see these commands were configured.

@9tut,
I recently missed the passing score by just a little the last time I took it. I am signed up to take again this week and want to know if the sims will be the same with just a few modifications, or if the exam will have completely different sims? My sims were VTP, EIGRP, and ACL2. Had I known about this site earlier, I may have had a better shot, but want to know if others have not passed, and how their second exam looked like. I really want this so much, but concerned if I may be studying the wrong material. Thank you.

hello guys, i just want to ask if the subnetmask of inside global address is given in the real exam? because some lab sim question that i encounter about the nat, the subnetmask is not given, so i wonder if in the real exam the subnetmask in really given?. thank you very much.

would this be in icnd? or just ccna

Hi…I will soon appear for CCNA exam could any one plz tell who has given the paper in last 1 week what all labs are there in exams.

Ur revert would really help..

Thanks.

Does cisco give partial credit for incomplete answers on simulation questions. Thanks in advance for your help.

for the ISP router,sombody suggested u hav to configure a default route on it before u can ping the isp router but i cant even log on into the router,its not accepting the “cisco” password.
somone who has succedded in this should pls help.thanks

i got same problem as mike………””Hi. I dont understand the NAT pool configuration. From my studies, I learned when you use PAT you apply it to the interface or one IP address. The IP NAT pool starts with the address 198.18.32.65 – 70 but the serial interface is IP address 192.0.2.113. How can the pool “mypool” be natted to a different IP address (192.0.2.113)? why wouldnt you just use the command “ip nat inside source list 1 s0/0 overload” instead? How does the router know how to match the 198.18.32.65- 70 network to the s0/0 192.0.2.113 address? Thanks for any information.””’ plz answer

hey
plz help with latest new n dumps my exam held on 1 AUG 2011 plz plz plz
Mubaher95@gmail.com
Regards.

kindly let me know , how we can open the .Pkt extension file.

i also don’t understand about ip addresss range in “ip nat pool…” command, plz help me !

The public interface on the router doesn’t need to be configured with the public addresses provided by the ISP, hence when trafic leaves the interface in question, the ISP already knows from whence it came and also knows how to direct returning packets to the same interface to reach the private LAN. Your responsibility however is simply to configure NAT correctly with the provided addresses and also the inside and outside interfaces. The ISP does the rest.

@9tut
Thanks! can you just go ahead and remove all my post? thanks allot !

hello To all there,

i have configured the same commend but i am not able to ping sueccesfully, i dont know why, is there any one to guide me about it,
AbdulAhmad.barakzi@yahoo.com

Hi there,
Some other solutions state that
access-list 1 permit 192.168.6.64 0.0.0.63
access-list 1 deny any
…
Is it necessary for a “deny any” in the real exam?

i have configured it too but is not pinging…can somebody please help with this or do we need to configure a routing protocol on the routers…

Some other testkings say:
access-list 1 permit 192.168.6.65 0.0.0.62, what is it correct?

Is necesary writte access-list 1 deny any at final?

@claudio from chile
when you use wildcard masks it’s like writing down a subnet.

our subnet is
192.168.6.64 /26
192.168.6.64 255.255.255.192

the wildcard that would represent this entire subnetwork is… 255-192 = 63.
192.168.6.64 0.0.0.63

hey
plz help with latest new n dumps my exam held on 29 Sep 2011 plz plz plz
srajabu@gmail.com
Regards.

I recreated this network in Packet Tracer and it did not work. I had to add a default route to Router1 (config)#ip route 0.0.0.0 0.0.0.0 192.0.2.114 and a static route on the ISP router to the ouside global address the network was using
(config)#ip route 198.18.32.64 255.255.255.248 192.0.2.113
After entering these, then the pings would work. Then I could use the show ip nat translations and show ip nat statistics commands. Part of the problem may be that the default routes are preconfigured in the exam so we do not see them and can’t copy them.

Taking the exam in a few hours. Nervous as hell.

taking exams in 2 weeks time plz help with new n dumps…exam on 16 sept

wondering why answer didn’t include statement (ip access-group 1 out) on the s0/0 interface. Any comments/explanation to this, ta.

pls help with latest dumps, didnt finish on first try….osa_ed@hotmail.com

Wondering Isn’t suppose to use ip nat inside source list 1 interface s0/0 overload instead bcoz
question is asking 62 host to simultaneous access to internet .

@laonglan no need that statement because we apply this list on ip nat inside source list 1 pool mypool overload. list 1 indicates access list 1

Any one can tell me..on what basis we give the subnet mark for our Dynamic Pool..?? and PAT pool?

Taking my exams tomorrow, excited hope i could pass it.

Cleared CCNA today, so funny 1000/1000 is my score, ACL, EIGRP, VTP (all here in 9tut), 53 questions, about 3 to 5 question not in collisio/acme but manageable anyway. Thanks 9TUT CCIP here i come.

guys wrong packet tracer was posted here this is the same one from the other NAT SIM

congratulation to my friend M.Ishaq he passed tha exam of ccna with 841.cong…. to you my loving friend…………………….

@Sajid
You get that pool and all that address information from your the ISP. And we put that in our configuration. The ISP handles that some how. So it is just to accept that address space and put it in the configuration. I hope that was a little help.

Weaver#copy running-config startup-config
Destination filename [startup-config]?

how to copy the file !!!please help

@tornado
press Enter or write the desired destination file name

Do we need not bind the access list to any interface while using it for NAT over load? In the above example, they haven’t done any binding of the access list to any interface. Kindly confirm

@ MARK: Thanks, it worked. Default route on “Weaver” RTR is needed and just had to configure another 2811 with static route.

@ MAS: You may want to configure another 2811 since the “cisco” password is not valid on ISP router.

-518

@xallax
I need your help, if you have the time.
The question comes with a diagram, but since I can’t bring up the diagram, I’m going to write it out in the best way I can.

Host A, a PC has IP address 10.1.1.2 is connceted via Fa0/0 interface to a router R1. R1 Fa0/0 IP address is 10.1.1.1. R1 Se0/0 is connected to router R2 Se0/0. R1 Se0/0 IP address is 172.30.20.1. R2 Se0/0 has IP address 172.30.20.2. A Web server is connected via Fa0/0 interface to router R2. Web server IP address is 192.168.1.2. R2 Fa0/0 has IP address 192.168.1.1

Question read: R1 is performing NAT for the 10.1.1.0/24 network, and R2 is performing NAT for the 192.168.1.2/24 network. What would be valid destination IP address for Host A to put in its IP header when communicating with the Web server?

1. 10.1.1.1
2. 172.30.20.2
3. 192.168.1.2
4. 255.255.255.255

It will be helpful if the answer comes with some explanations. Thanks.

@Kofty: Strange question.
1. Incorrect. It’s IP address of F0/0 R1 but we need to connect to WEB server.
2. Incorrect. It’s IP address of S0/0 R2.
3. Correct. It’s IP address of WEB server.
4. Incorrect. It’s broadcast address and it has no use in the unicast packet.

Where is NAT here? I don’t see it.

@DimS
Maybe the question is misleading without the diagram. I am going try to recreate it the best way I can.

The diagram has A PC Host A. This PC is connected to router R1. R1 has a serial connection to a router R2(serially). A Web server is connected to the router R2. Between the PC and R1 is Fa0/0 connection. The two routers has serial connection (R1Se0/0, R2 Se0/0). Between the Web server and R2 is a Fa0/0 connection. (R1Fa0/0 is the gateway to the PC, and R2Fa0/0 is the gateway to the Web server)

Now the IP addresses assignment: PC has IP add. 10.1.1.2, R1 Fa0/0 has IP add. 10.1.1.1, R1 Se0/0 has IP add. 172.30.20.1. R2 Se0/0 has IP add. 172.30.20.2, R2 Fa0/0 has IP add. 192.168.1.1, Web server has IP add. 192.168.1.2

The question reads: R1 is performing NAT for the 10.1.1.0/24 network. And R2 is performing NAT for the 192.168.1.0/24 network. What would be valid destination IP address for Host A (PC) to put in its IP header when communicating with the Web server.

A. 10.1.1.1 B. 172.30.20.2 C. 192.168.1.2 D. 255.255.255.255

Actually the asnwer is B. I just needed a second opinion with some explanation. I believe the question is more focus on PC and its IP header. Any one with some opinion is welcome. Thans.

@koffy
please upload the pic to imageshack or similar and post a link to it next time, it would be far easier to get an answer :)

@xallax
Thanks. I will do that next time.

Guy i take ccna soon but diarrea all over and quick tell me how to ccna in 3 hours. faster i exam and diarrea

@ all
How would you enter this on the access-list 1 if you have 254 host 192.168.6.1 192.168.6.254?

access-list 1 192.168.6.0 0.0.0.254
Is this right?

Thanks,

Sorry what I mean is this.

access-list 1 permit 192.168.6.0 0.0.0.254

I’m confuse on the wild card mask…

Thanks again,

@bunso
so…
wildcards are the opposite of subnets.
you can’t use wildcard at random.

for a subnet of 255.255.255.128 the wildcard would be….
255.255.255.255 -
255.255.255.128
______________
000.000.000.127

for a subnet of 255.224.0.0 it would be 0.31.255.255
for a subnet of 255.255.192.0 it would be 0.0.63.255 and so on

now… you gave us these pieces of information:
network: 192.168.6.0
number of hosts: 254
well… you would have a problem using exactly 254 hosts + 1 router interface as default gateway on a single class C network… the IPs wouldn’t suffice.

anyway, to answer your question i have to ask you this: what is the best subnet mask to use for 254 hosts on the 192.168.6.0 network?
answer: 255.255.255.0 (/24)

knowing the subnet mask makes it easy to figure out what wildcard mask is needed on the ACL.

255.255.255.255 -
255.255.255.0
______________
000.000.000.255

that is 0.0.0.255

your ACL line would be “permit 192.168.6.0 _ 0.0.0.255″

@xallax
On the problem above regarding NAT Sim it should be like this right
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.64
not .63
in my case as you said this would be right
Access-list 1 permit 192.68.6.0 0.0.0.255
not .254

This access list will be input in the Nat pool problem.

Thanks,

Oh yeah this is one of the question on my CCNA test last friday which i failed 815 score. That why im asking, it called for 254 clients that need to access the internet simultaneously.

The rest of the number on the sim problem above are the same except for the client.

So this what I put on the access list
access-list permit 192.168.6.0 0.0.0.254

which i’m not sure about.
Thanks,

@bunso, ei let me share my idea about this “wild card bits” cause i think you only making it harder for you. actually wild card bit is just the reverse of the subnet mask… so in short if you’re given a subnet mask of 255.255.255.0 its wild card mask is 0.0.0.255 . to make it more simpler rather than the use of binary bit just subtract the given subnet mask to 255.255.255.255. example 62 users were i think the subnet mask should be 255.255.255.192 or /26 then just do this 255.255.255.255 – 255.255.255.192 = 0.0.0.63 . . . hope it lighten up even a little…

and for your CCNA situation should’ve use wild card bits of 0.0.0.255 . always remember your VLSM to make it easier…

@Bunso

Am assuming the mask is /24 which is 2^8=256(254 clients to access internet simultaneously)
Therefore inside local address is 192.168.6.0/24…..255.255.255.128
access-list 1 permit 192.168.6.127 0.0.0.126
Mathematically:lets focus on the forth octet……127+126=253, this will allow 254 client to access internet simultaneously…..0 to 253 equals 254
ip nat inside source list 1 pool mypool overload
This will instruct NAT to map ACL 1 to the pool (inside global addresses)
Remember to use the word “OVERLOAD” at the end of. the instruction.
Frankly, this is a very tight scenario for a Class C network….(127 is broadcast address)
Any suggestion from anyone? Thanks.

@all

Ip range 10.0.0.16 – 10.0.0.20

Hey can u tell me the wildcard address of this ip range

I guess it should be 0.0.0.7

@Newbie

Am guessing this is a /28
10.0.0.16-10.0.0.20…….255.255.255.240……0.0.0.15

I hope am right. Any ideas?

So while most people have been getting VTP, ACL2, and EIGRP sims, NAT is still a possibility? Who had NAT come up?

@Newbie

Ip range 10.0.0.16 – 10.0.0.20

Hey can u tell me the wildcard address of this ip range

I guess it should be 0.0.0.7

It is correct, subnet no’s, 8, 16, 24 etc..increment of 8, so wildcard mask is 0.0.0.7.

hey
plz help with latest new n dumps my exam held on after eid 2011 plz plz plz
parvezcs@yahoo.com
Regards.

can any one please tell me what and all should a valid dump contain.thank you.i am just a begginer.
boxerbolt@gmail.com

@xallax
This question came up on share your ccna experience. I tried explaining it, but am not sure if I was on the right track. Can you please help. Thanks.

please anyone can xplain…thanks

Refer to the exibit. Which command would allow the translations to be created on the router?

Router#show ip nat translations

ip nat pool mynats 1.1.128.1 1.1.135.254 prefix-length 19 — acme answer

@koffy
i recall the question
everybody picks the answer based on “prefix-length 19″ because it represents the biggest number of bits.
to be honest… i dont know exactly why, i just follow the pack…

@xallax
Thnx.

Weaver#copy running-config startup-config
Destination filename [startup-config]?

what is destination file name???plz help

@abhi
Weaver#copy running-config startup-config
Destination filename [startup-config]?

the destination filename…
you can type in a new name
OR
just press Enter and the value between the brackets (“startup-config”) will be used

hi i’ve been following the exact same steps but unfortunately can’t ping the ISP, ????

sorry found my mistake!!!!!

@Burns: hi i’ve been following the exact same steps but unfortunately can’t ping the ISP, ????

I have the same problem as yours. cant ping ISP, why? can’t find my mistake though.

ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 255.255.255.0
ip nat inside source list 1 pool mypool overload

???

@ cassidy

ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 255.255.255.0 >>> use wildcard mask, it should be 0.0.0.7
ip nat inside source list 1 pool mypool overload

@serial
@Burns
@Cassidy

Your second line doesn’t look right. ie wildcard.

Try it this way:
access-list 1 permit 192.168.100.16 0.0.0.15

Wildcard mask is not base on the ISP pool netmask.
The “pool” is inside global addresses.
access-list is the inside local addresses.
The third line is where you map or translate inside local to inside global…….OVERLOAD.

I TOOK MY CCNA YESTERDAY NOV 30 AND HAD THIS SIM WITH DIFFERENT IP ADDRESS

ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload

I downloaded the sim and I have the same config below but still CANNOT ping. Please help!

ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.16 0.0.0.15
ip nat inside source list 1 pool mypool overload

run rip over router 1 ,it will work…

@TULIPS

You are missing these configurations:

Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside

Router1(config-if)#exit

Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Router1(config-if)#end
Router#copy run start.

This would allow the ping to work. Just as is done in the above example. Thanks.

How about if I use extended access list? in ccna exam we must same typing syntax or funcional??

I use :
access-list 100 permit ip 192.168.6.64 0.0.0.63 any

because we use NAT for accessing internet right, so i think the destination is “any”

please help me to make it clear, or there are another reason why we must use standard access list,

thanks ^_^

The confuguration is fine….. However, you didn’t apply the access list to the Serial interface.
Please let me know if I’m wrong or If i dind’t read the configuration correctly

hmm, are there any candidate ever do this before ? or different person using standard and extended access-list and both of them got 100% ??

is there any rules in CCNA lab that we have used simple way?for decision using extended or standard for NAT lab

help me please..

has anyone seen this question in the exam lately? mostly acl, eigrp and vtp i see people commenting about

Hi,
I configured the NAT SIM using “http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip” dis link in Packet Tracer,same as it is, but at the end the PC did not ping with the ISP. So please may i know what might be the problem.

Thank You in advance.

plz help with latest new n dumps to my exam
izzathkhan119@yahoo.com

why have we used a standard access list instead of a extended access list, worried pliz help l did use any extended my ping works fine but there are no translations being shown.

you dont need to use an extended access list so therefore just use a standard. you are only permitting a single network of hosts. do not get too fancy and stick with what is needed only.

Great WEB SITE. I passed my CCNA exam on 25th January. 90 percent questions are from 9tut. I did got NAT, ACL and EIGRP sims.

Once again thanks.

Krunal

@Sanjeev, you need to configure the IP NAT INSIDE/OUTSIDE to interfaces, that is incomplete in the lab

@Sanjeev, you need to configure the IP NAT INSIDE/OUTSIDE to interfaces, that is incomplete in the lab

pls dis anyone write ccna exams today(february 1).are labs still vtp, acl and eigrp

hi everybody..I downloaded NAT sim from the link and i configured it with the

Weaver(config)#ip nat pool mypool 192.18.184.105 192.18.184.110 netmask 255.255.255.248
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat inside source list 1 pool mypool overload
Weaver(config)#exit

Weaver(config)#int f0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#int s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#exit
commands…
but when i do
PC>ping 192.0.2.114

Pinging 192.0.2.114 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.0.2.114:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Plz some one can explain it.. How i wil solve this problem….