CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
please some one send me licenced version of visual_certexam_suite_setup .i m thank full 2 u.my mailing add: its_md.5277@yahoo.com.
Mazhar u can download VCE with crack from 4shared, jus click the link. http://www.4shared.com/rar/DtZYr7fc/vce_311.html
passed to day with 947/1000.
thanks 9tut and all of the people who was involved.
acl2, vtp, eigrp same as 9tut.
an extra network was in eigrp. you should apply “no network……”
another everything was same.
now time for CCNP.
is it a must to save the configuration in exam ?? copy run start ??
Pleease reply…
to shuvo_bd :
Would you please expalain exactly how & where to use “no network……” in the eigrp ?
Many thanks in advance
Shuvo means
there is a phantom network on the Main router
better to remove it by using the no network command
e.g
router eigrp 212
no network 192.168.30.0
it will remove the network 192.168.30.0 to be advertise
SilverStone :
How can i know the exact wrong network ?
Thanks in advance FY feedback
Harro, sneeky round eye western dogs, i see you trying to cheat on CCNA, I change exam on you all!
@hammam…
u have to see 1. the directly connected interfaces on the router by typing “show ip interface brief; then 2. show running-config to see which networks are entered under eigrp
solution 1. remove all network addresses that are not directly connected
configure terminal
router eigrp 10
no network [not directly connected network]
network [directly connected network]
@ examtaker : Thanks so much FY help
After permiting in access-list do we have to deny the other traffic because I saw that line in pass4sure question solutions?
access-list 1 permit 192.168.16.33 0.0.0.15
access-list 1 deny any
ip nat pool mypool 198.18.237.225 198.18.237.230 netmask 255.255.255.248
ip nat inside source list 1 pool mypool overload
Please help
Buen dia tengo una duda .
Porque se le da un pool :
mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Aqui estamos diciendo que coga de este rango ip publicas para que sirva de traductor alas IPS de la LAN Privada.
Cuando se coga cada Ip del Pool traducira dinamicamente:
Por Ejemplo :
IP Privada : 192.168.1.65 traducido a 198.18.32.65 (cogido del pool)
despues de esta traduccion con que se enlazara si las ip son 192.0.2.13 y 192.0.2.14…los cuales no estan en el rango de MEJOR DICHO NO CONCUERDAN CON EL POOL QUE TRADUCE CADA Ip Privada.
Alguien me explica . Se lo agradeceria muchisimo o capaz yo estoy en un error …gracias.
PASSED YESTERDAY WITH 894/1000 AND I HAD THIS LAB.
@waqmac u dont have to deny, because its already implicit
just permit the network that will be translated, in this case:
access-list 1 permit 192.168.6.64 0.0.0.63
then create the pool: ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
and link the list and the pool: ip nat inside source list 1 pool mypool overload
Need help : how can nating range 198.18.32.65 —>198.18.32.70 work on serial 0/0 with ip 192.0.2.113 translat … totaly differnt range i am configuring as above but nating doesnt work .. ???
It’s a mistake, use sh run to get the actual IP addresses and use it creat a limited for the outside range.
I hope some contributions are made to these guys? They have been very helpful. Though, I have not contributed, but I look forward to at least give something little to encourage 9tut.
Thanks 9tut
When we get the LAB sims on the exam, do we need to write the whole cmd or can we use TAB to see the cmd?
Yves no, no te permite usar TAB, asi que lo mejor es que te sepas de memoria los comandos
please i need CCNP dumps if any one have ,, i’ll b grareful ,, if any one could sent it to this email add .. burhan.hussaini@live.com
@SilverStone 192.168.6.65/26
access-list 1 permit 192.168.6.64 0.0.0.63
What is the purpose of 0.0.0.63 ???? total addressesof the subnet have to mention, else have to mention the last address of the previous subnet.
e.g 192.168.20.129/26
access-list 1 permit 192.168.20.128 (0.0.0.127 or 0.0.0.63 ) ?????
please guide me dear….
HI I am Saidul Islam Talukder from Bangladesh, I am thinking to sit CCNA exam. so if any one have CCNA current dump. please send me to the below address saidultalukder@yahoo.com and it will be great help if any one send me.
Thanks
Saidul Islam Talukder.
I applied all commands for NAT but ping from PCs could not be successful
ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
access-list 1 permit 192.168.100.17 0.0.0.15
ip nat inside source list 1 pool mypool overload
Interface fa0/0
ip nat inside
interface se0/0
ip nat out
Please help !!
@Raaz i think you should have used access-list 1 permit 192.168.100.16 0.0.0.15 instead of access-list 1 permit 192.168.100.17 0.0.0.15. notice that 192.168.100.16 is the network address
@ Raaz, I agree with iza. When applying an ACL to an interface you have to be careful. If it is for a range of ip’s, you have to use the network address with wildcard mask, if it is for a specific host, you use the host ip.
Hi,
I made this lab but I tried ping to 192.0.2.114, it’s unseccessful. My configuration ise true although not ping. Help please.. I wonder this configuration didn’t run in packet tracer ??
Thanks
iam writing ccna next week- im still preparing. please send me latest sakhar dumps in pdf.
email coodsie@yahoo.com
or vce with crack