CCNA NAT SIM Question 2
Question
| You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range. 9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 – 192.168.6.126/26 range. You need to configure Router1 using the PC1 console. You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively. Now you are required to finish the configuration of Router1. |
Solution
Note: If you are not sure how NAT & PAT work, please read my Network Address Translation NAT Tutorial. You can download a similar sim to practice here: http://www.9tut.com/download/9tut.com_CCNA_NAT_sim_question.zip
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1′s command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
Other lab-sims on this site:
CCNA Configuration SIM Question (RIPv2 SIM)
Using packet tracer 5.3.1….nat is not working for me…..only interface nat is working not the pool nat of any kind….
@Josh
No, it doesn’t matter if IP SUBNET-ZERO is enable/disable the result will be the same /29.
Regards
Remeber you always will need to summary the pool of internet range received.
Regards again :p
No I realize the /29 part, I think, though I’m a little confused about the responses to my question!
No, I just want to know the correct way to define a NAT pool if the whole subnet is used for the pool.
“ip nat pool Test .64 – .71/29″
Or
“ip nat pool Test .65 – .70/29″
The example shows the .65 – .70 as the correct answer and I completely understand that you can use whatever range of addresses needed, even if those addresses do not comprise the whole subnet. However, for CCNA purposes, this question would almost always imply the whole subnet – in which case .65 – .70 would not be correct right?
I realize that .64 is the network address in this case and that’s fine – obviously won’t be an issue unless “ip-subnet zero” is used and I also realize that .71 is the broadcast, but the router logic already knows that too. So the question remains, which is correct, in my opinion probably both are correct, but what will the exam say? Do you include the network address and the broadcast, or omit them like is done in the example?
@Josh
In case the whole subnet needs to be defined, you will need to summary from the first Ip to the last.
i cant ping from PC2 to ISP :( destination ip in PC2 packet is 10.0.0.2 i dont know how it comes ..HELP PLZ
@Aerodesliza
Right, but which is first and last? .64 -.71 or .65 -.70? I think .64 – .71/29 is the correct answer because it allows the easiest adaptability to scaling issues and does not have any negative consequences – at least that I can see!
I have used the same commands, but I can not ping from Pc to ISP
if you cant ping from PC to ISP, you just follow the ip addressing in Packet tracer sample…
the packet tracer example is missing a inside statement on F0/0?
Hey guys I want to give my ccna exam in 10 days do you think thats enough time 4 me to study i just started studying dumps, have read todd Lamle earlier. plz plz plz tell me how n what should I study
Hi,
I downloaded the dumps from but its saying that its currupt
http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2011-07-09.by.Collisio.486q.vce.file.html
Hello
Can anybody give me the link to download the latest dumps
@anonymous – there are no nat statements in the fa 0/0 and se 0/0 interfaces as stated in the question. if you include them it works
I can’t ping the ISP may be if there is another way out..
Its able to ping the ISP..You have to fist define the pool name with public address range & netmask of 255.255.255.248.Then apply access-list permit statement & finally apply the overloading….But don forget to mention the inside & the outside interfaces …This SIM is completely working fine !!!! Thanks in Advance.
9tut,
Why is the access list not applied to the inside interface for it to kick in? Is it not needed?
Thanks!
man this nat stuff is really getting me nervous pls help me understand the concept of nat configuration
Do we get NAT SIM for the ccna exam?
de lab get the cbt nuggets and the todd lammle book mate
goodluck to you ^^ im writing my ccna now in a few hours :D
first , thank you god . Second thank you 9tut.com . I passed CCNA today and the questions are vtp, eigrp (12,22) , access-list
In reference to PAT is there a configuration step missing in the above example?? According to the venerable Wendall Odom, ICDN 2 pg. 606, PAT configuration is as follows:
Configure an inside local interface: ip nat inside
Configure an outside local interface : ip nat outside
Configure a standard access list.
Then according to Odom you DO NOT configure a NAT pool but use this command instead:
ip nat inside source list 1 interface [INTERFACE] overload
Any thoughts as to which is correct and why???
can some 1 help with latest pkt player for windows 7 -64bit os plzzz
ASAP plz thnks a ton in advance :)
first , thank you God
Second thank http://www.examcollection.com/cisco and you 9tut.com
i pass the exam march 2012 AND i have got 947 /1000
don’t worry go to the tow website above !!!!!!
best regards
When i am downloading NAT Question 1 & Nat question 2, both are giving me the same SIM with identical questions..!
Can any provide NAT Question 2′s Link?
CCNA exam like SIM’s links will also do. Thanx.*
can some check this for me:
enable
config t
interface fastethernet 0/0
ip nat inside
interface serial 0/0
ip nat outside
access-list 1 permit 192.168.6.65 0.0.0.63
access-list 1 deny any
ip nat pool nat_test 198.18.32.65 198.18.32.70 netmask 255.255.255.248
ip nat inside source list 1 pool nat_test overload
end
copy running-config startup-config
(this for nat sim2 lab i need some one to check my answers for me )
this never come
I HATE NATT, HATE IT, HATE IT, HATE IT, NATT ME BOLL**
Karate Kid :-) POF
Hi samuel,
I think the Inside local network address must be 192.168.6.64 255.255.255.192 instead of 192.168.6.65.
So, access-list 1 permit 192.168.6.64 0.0.0.63
Also the “deny” is implicit, you don’t need to write “deny any”
Thks
Please explain why we use 192.168.6.64 255.255.255.192 instead of 192.168.6.65. Why we need network address to be used, why can’t we begin from first source address?
thank you very much ( Sioelo )
This packet tracer sim doesn’t work…
Question for 9tut and anybody else;
in d real exam sims do we first save our configs (copy running-config startup-config) b4 testing our config(pinging) or do we test our configs 1st b4 saving it?.
@ifyllenium: You should check & test the config first.
got 907/1000 felt like i ws in a game house 2day…gt some new ques bt notin to be scared of….d labs were;
acl:still d same as 9tut bt wit minor changes in ip address.
VTP;Still d same.
eigrp;d same bt d new router was nt configured at all.
Thanks to God and to u gr8 guys in 9tut….ccnp is go down next. :-)
Hi Sam, I passed my exam yesterday with score 973. Good luck to you
@Jam
We use 192.168.6.64 (the network number) to represent all hosts on that subnet or network portion. If we use ony 192.168.6.65 it would only represent the 1st assignable host on that network.
When you configure access-list you want to apply in a interface, this is a reason, nat don’t work good in this lab. For me it’s work very good
I pass my exam today may god help me to have my exam
Weaver(config)#ip nat inside source list 1 interface serial 0/0 overload
and used 192.168.100.16 0.0.0.15 —access-list
after that from any host i can ping the internet address which is 192.0.2.114 it works
Perfeito!!! Tudo pingando direitinho!!!
You got to do whatever it takes, but I altlacuy sleep a lot better now that I gave up caffeine. I altlacuy am more alert in the morning and during the day as well. So, I’m altlacuy really glad that I gave it up as is well worth the effort to kick the habit.
Packet tracer 5.3.3 latest version download from the following link
http://www.techfindings.com/cisco-packet-tracer-5-3-3-free-download-t225.html
Well explanations!! ”Eureka”.
olesimbe@yahoo.com
Remember, remember, remember your ip nat pool is case sensitive!!!!!
If I get, like in simulation: 6 public IP addresses of 198.18.184.105 198.18.184.110, what is appropriate netmask in command where we should define Pool? Is is 255.255.255.0 because it belongs to class C?
Guys what’s the difference between CCNA NAT SIM Question 1 and CCNA NAT SIM Question 2!!
@roxy !!!
The command would be like this:
Lab-NAT
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside.
- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required)
- All passwords have been temporarily set to “cisco”
The task is to complete the NAT configuration using all IP addresses assigned by the ISP to provide Internet access for the hosts in the Weaver LAN. Functionality can be tested by clicking on the host provided for testing.
Configuration Information:
Router name – Weaver
Inside Global addresses – 198.18.184.105 198.18.184.110/29
Inside Local addresses – 192.168.100.17 – 192.168.100.30/28
Number of inside hosts – 14
The command would be like this:
Router>ena
Router#conf t
Router(config)#hostname Weaver
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Weaver(config)#ip nat inside source list 1 pool mypool overload
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Weaver#copy run start