CCNA NAT SIM Question 2

Updated from latest CCNA exam (updated on Jan-09-2010)

Question:

ccna_nat_sim_lab_3

You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range.
9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 - 192.168.6.126/26 range.
You need to configure Router1 using the PC1 console.
You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.
Now you are required to finish the configuration of Router1.

Solution:

The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)

Double click on PC1 to access Router1's command line interface

Router1>enable
Router1#configure terminal

Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)

Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Establish dynamic source translation, specifying the access list that was defined in the prior step

Router1(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.

This is how to configure the NAT inside and NAT outside, just for your understanding:

Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside

Router1(config-if)#exit

Router1(config)#interface s0/0
Router1(config-if)#ip nat outside

Before leaving Router1, you should save the configuration:

Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config

Check your configuration by going to PC2 and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

Other lab-sims on this site:

CCNA Access List Sim

CCNA NAT SIM Question 1

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)

CCNA VTP SIM

CCNA EIGRP LAB

CCNA Drag and Drop SIM

CCNA Implementation SIM

Comments

alienchipmunk 09-17-2008

with the following command:

ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248

is it necessary to use both ISP addresses since we are using PAT? since a single ISP address can support the block of users.

please explain.

thanks

9tut 09-18-2008

In fact, one IP address 198.18.32.65 is enough because we are using PAT, but we have to do what the question requested!

Please notice that the command
ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248 creates a pool of ip addresses from 198.18.32.65 to 198.18.32.70 (6 ip addresses, not 2)

draven06 09-19-2008

Guys I need your help. When I try to do this in Packet Tracer I couldn't ping the router named ISP. I could ping the hosts inside NAT from the ISP router but I couldn't ping the ISP router from PC2. I even added the default route still it doesn't work. Any thoughts please? Thanks!

9tut 09-21-2008

You can check your nat configuration with the "show ip nat translation" on your router. If it works well, you will see some information about your configuration. If not, please double check the configuration with the "show running-config" command

Yg@l 10-30-2008

HI ,

My question is from where is coming the 0.0.0.63 ??

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63.

Thank you .

Yg@L

9tut 10-30-2008

A wildcard mask is referred to as an inverse mask. In this case, it is the inverse mask of /26 ( = 255.255.255.192 )

192=1100 0000
63 = 0011 1111

yG@L 11-02-2008

Thanks mate ...now I understand .

mod 11-05-2008

plz i want to know if i need to write access-list 1 deny any to prevent any other ip not in the range to go througe the internet

is this correct or i dont need to write this command in this question

9tut 11-06-2008

Please remember that there is an implicit "deny any" at the end of each
access list- this means that your access list will deny all traffic that fails
to match any of your access list lines. So you don't need to write
"access-list 1 deny any"

Aq. 11-23-2008

If in this case we use :
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63.

the above range will permit ip's from 192.168.6.64 to 192.168.6.127 , right ? but the questions says 'private IP addresses in the 192.168.6.65 - 192.168.6.126/26 range.'So dont we have to deny these two ip's 192.168.6.64 and 192.168.6.127 particularly. ?
And we have to add further two commands before permiting :

*
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.0

Router1(config)#access-list 1 permit 192.168.6.127 0.0.0.0.

Please make me correct if am wrong ?

Aq. 11-24-2008

If in this case we use :
Router1(config)#access-list 1 permit 192.168.6.64
0.0.0.63.

the above range will permit ip's from 192.168.6.64 to 192.168.6.127
, right ? but the questions says 'private IP addresses in the 192.168.6.65 -
192.168.6.126/26 range.'So dont we have to deny these two ip's 192.168.6.64 and
192.168.6.127 particularly. ?
And we have to add further two commands before
permiting :

*
Router1(config)#access-list 1 deny 192.168.6.64
0.0.0.0

Router1(config)#access-list 1 deny 192.168.6.127 0.0.0.0.

Please
make me correct if am wrong ?

9tut 11-24-2008

No, you don't need to deny those 2 IP addresses. Please notice that the IP address 192.168.6.64 is the network address and the IP address 192.168.6.127 is the broadcast address of this sub-network. So hosts can not be assigned these addresses

Aq. 11-25-2008

Oh okie, thanks 9tut...
Just give me advise that am about to give CCNa exam in few days so if i jus go through these simulations and PASS4SURe will be enough for it and i have conducted training of CCNa as well..

9tut 11-26-2008

Yes Aq, it is enough! Make sure you understood all the questions and solutions

Aq. 11-26-2008

okie i'll try my level best...Thanks 9tut !!

mon3m 11-28-2008

thnks too too too much 9tut about this information i ave exam after few hours thanks again pray to me

kelbin 12-14-2008

Hi,
Can i check if at the end of

Router1(config)#interface s0/0
Router1(config-if)#ip nat outside
do i need to type #end and copy running congif startup config

9tut 12-15-2008

Yes, you should type them. I updated the page!

kelbin 12-16-2008

Thanks a all for yr quick reply!

ranel tellis 12-28-2008

hi just want to say that u are an " EXPERT '

thanks for all your information it makes us easy to pass the exam

may god help u and may all your dreams come true

keep up the good work.

kent 12-31-2008

Guys I need your help. When I try to do this in Packet Tracer I couldn't ping the router named ISP. Can help me see if the nat translations are correct?

Router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 198.18.32.65:100 192.168.6.66:100 192.0.2.114:100 192.0.2.114:100
icmp 198.18.32.65:101 192.168.6.66:101 192.0.2.114:101 192.0.2.114:101
icmp 198.18.32.65:106 192.168.6.66:106 192.0.2.114:106 192.0.2.114:106
icmp 198.18.32.65:98 192.168.6.66:98 192.0.2.114:98 192.0.2.114:98
icmp 198.18.32.65:99 192.168.6.66:99 192.0.2.114:99 192.0.2.114:99

Australia 01-13-2009

Did anyone get this question in CCNA? It looks like, not many ppl got it.

sarath 01-27-2009

do we want to add " ip access-group 1 in " in the interface ????

hieund83@yahoo.com 01-29-2009

Dear Kent
on Router of ISP you must config: IP route 0.0.0.0 0.0.0.0 s0/0
in order to it reply your ICMP Echo request.
^_^

Shehan 02-01-2009

can you tell the steps how to configure the router using PC?

mamado 02-09-2009

why u named pool (my pool)

Nilesh 02-12-2009

hi,
i have config nat on router 1 correctly, & had assigned ip add. 192.168.6.65/26 to 192.168.6.68/26 to five hosts connected on rouer1 lan

on the isp router when i hv config the default route as mentioned below i am able to ping isp router from all the host pcs & vice-versa.

Router(config)#ip route 0.0.0.0 0.0.0.0 192.0.2.113

but when i config the below mentioned route i am able to ping isp router from all the host pcs but the reverse i.e., ping from isp router to host pcs are unsuccessful, what may be the reason for this ?

Router(config)#no ip route 198.18.32.64 255.255.255.248 192.0.2.113

what correct route can be config on isp router other than default route ?

True 02-27-2009

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

this commands Not working dear all PLS. Be Inform.

BB61 03-17-2009

You should be prepared for this kind of simulation on the exam. the voice of experience says you might see on like this...

harmful 04-20-2009

i toke the exam 4/20/2009 passed 846

I remember Sim NAT, Access list, Rip protocol and many question about leyer 2: MAC address, Switching, WAN Protocol, etc

Good luck

just-pass 04-23-2009

Hi Guys

I got NAT , RIP and Acces list SIM, IT was very easy all from P4S V3.22. But don't rely on it.

Do your home work. You may get it different questions.

Finally thanks for your informations

Good Luck

Wadzki 05-05-2009

I was trying to clairify somehting.

Why do we need to use the OVERLOAD statement making it a Pat? I understand its for simutanious connections.

Would any of addresses in the pool get used aside from the first one if Pat is being used?

9tut 05-05-2009

The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29, so we have to use PAT.

When using the OVERLOAD statement, you will only use the first ip address. It is a bit weird, but it satisfies all the requirements and it is the only way we can do.

Wadzki 05-06-2009

Thanks 9tut

jo 06-09-2009

hi, 9tut, if we compare this q with q1, why in q1 we writing command to name the router and in this q we dont. Why do we need to double click pc 1 to access router 1 command interface and in q1 we just double click the router and not the pc console. Under save the configuration command, why do we write extra router1(config)#end and router1#copy running-config startup-config and in q1 you just write weaver#copy running-config stratup-config. Do we also need to configure the nat inside and outside in test or we dont have to. Someone please explain. Thanks

Harry 07-04-2009

I gave my CCNA exam yesterday but unfortunately I failed in the exam. All the sims and 80% of the questions were from the dump. I dont know where I got less marks. I scored only 804 marks. I just want to know is there any negative marketing in the sims. Because I completed the the sims successfully. Please tell me is there something else I need to do after completion of the sims.

One more question, is that necessary to enter all the commands shown above in the sim?? because without entering the commands I answered the questions. I had memorized all the questions and answers.

Please help me my exam retake date is 9th july. Please help me.

vp 07-08-2009

DON"T MEMORIZE LEARN HOW THE NETWORK WORKS!! YOU'll be considered a fool in the network industry!! if you don't know how a single network works! and make sure you fight for every answer! some of the answer are wrong so, take a month and find out which are wrong and which are correct! and know your SUBNETTING please! don't rush into things! take your time breathe and eat yogurt before exam! good luck sir!

Mt 07-15-2009

In the exam is it necessary to type full commands such as copy-running config startup-config or will "copy run start" be acceptable? Thanks

WH 07-21-2009

Shortcuts work on most sims. did for me anyway. I had this sim on 7/20/09. I wish I had went over it more, missed this one. :(

Madmal 08-04-2009

For all those who set this up in packet tracer and could not ping the ISP router. You need to add a static route on the ISP router that includes the mypool subnet with a route back s0/0 of router 1. U think this is becuase when the NATed traffic leaves router1 the source address on the packets is changed to an address from mypool.

Can someone else please confirm this.

Thanks

pillychops 08-05-2009

I had this Sim in my exam last thursday 30th july 2009, scored 100% for this Sim and i used shortened commands .

hashim 08-07-2009

Hii 9tut i was able to ping my ISP but i cant ping my defoult gateway ip address 192.168.6.126 and i gave my pc2 ip address 192.168.6.128 with mask of 255.255.255.0 can you explain why i cant ping my default gateway.

jara 08-15-2009

I did the exam on Friday and this lab was the same (of course ips are different)

al 08-18-2009

Hi all,

I think Madmal is right. I tried and worked. Here is how I think it works:

When you use some addresses other than the address you have given to s0/0 of Router 1 for your pool, you have to provide a static route in the ISP telling it how to direct the ICMP reply packets back to Router 1. S0/0 changes the source ip address of the packets which are leaving the Router 1 to something that ISP do not have clue. So you need to tell the ISP that the replies should be sent addressed to 198.18.32.64 subnet via 192.0.2.113(s0/0 of ISR). If you use the IP address of 192.0.2.113 for your pool, then you do not need to provide the static route as ISR knows that address. So in above case, the following should be entered in ISP router:
ISP(config)#ip route 198.18.32.64 255.255.255.248 192.0.2.113
or ISP(config)#ip route 198.18.32.64 255.255.255.248 s0/0

Silumko 08-29-2009

Thanks 9tut...i did my exam yesterday and I got the sim...i passed my CCNA with 944

latest pass4sure 08-30-2009

Pass4sure v7.63 and 7.58 as a PDF

http://www.4shared.com/file/126220438/f79c0752/P4S_640-802_v763-New_Questions.html

http://www.4shared.com/file/126964515/aafcb20e/P4S_640-802_v758_PDF.html

HELP ! 09-03-2009

I got my Exam next week.... really stressed out.... :(
m doin my revision with the help of 9tut and killtest V13.02 [1]... are they enough?...

I want to download P4S V758 but cant find it from no where... The files are restricted!!!... :(

please WRITE BK SOON!!!.....

mani 09-28-2009

hey guys pass4sure dumps hav update on 23 sept does any1 has da link ??? i need it.. searched all da engines but cant..

ltrevino18 10-08-2009

Hi ! 9tut and all members
I just passed my CCNA exam, I got 986/1000 marks.

Some of the highlights of the exam:
NAT Lab Sim
Ripv2 Lab Sim
Frame-Relay Sim

And also a couple of normal questions that I didn't not see
during my study journey.

The exam is not too dificult. I studied Pass4sure v8.14 and Lab sims
from this Site.

Thanks 9tut, you're the man!
Oh! by the way , I would like you to give me your address I got some furniture to send you!! lol.
Peace Folks

ERIC 10-29-2009

Even if we fail in CCNA exam will be get the certificate from cisco . I got 804 . Jus missed by a silly mistake . I made a blunder in NAT simulation . Made a mistake in wild card mask . I wanna know will i get certi from cisco . plz reply

thx 11-08-2009

i passed Today with 986 score

48(3LABs) questions 2 hrs

frame-relay hotspot question
Question 4:

If required, what password should be configured on the router in the MidEast branch office to allow a connection to be established with the Dubai router?

A - No password is required
B - Enable
C - Scr
**D - Telnet
E - Console

NAT
RIP v2

99% questions are from 56CTO Ti v26[293q].pdf
http://rapidshare.com/files/301364902/CCNA_640-802.pdf
The chinese forum URL (56CTO v26.vce) !!!
login:
username:229263457
password:229263457
Latest [56CTO]Ti VCE(V26): http://bbs.56cto.com/thread-34570-1-1.html

3'Labs are from 9tut.com!!!

exam was too easy !!! Easy!!!

THANKS 9tut.com,THX http://bbs.56cto.com

all the best!!!

Zeus 11-17-2009

Hello All,

I cleared my CCNA Exam with a score of 1000/1000 recently.

I would sincerely like to Thank 9tut admins and tech guys for providing very good explanations to the questions especially LAB SIMS.

Some highlights of my EXAM.

Lab Sims:

Frame Relay
RIPv2
NAT with 32 host addresses

Split:

70% Questions came from Pass4sure 8.14
15% LAB SIMS given in 9tut.com
15% Questions came from TCP/IP basic concepts and WLAN, VLan concepts

Suggestions to Test Takers:

Read and Practice from the following resources and you will definitely score 100%

1. CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802, 6th Edition, Todd Lammle
2. CCENT/CCNA ICND1 Official Exam Certification Guide, 2nd Edition
3. CCNA ICND2 Official Exam Certification Guide (CCNA Exams 640-816 and 640-802) (2nd Edition)

4. Pass4sure : Latest Dumps. See pass4sure site for the Latest dumps version.

5. 9tut : LAB SIMS. These guys have accurate explanations.

Also, Practice Subnetting very very hard. Understand the concepts and practice daily on subnetting

That's it.

Happy certification.

Cheers ! ! !

Antony 11-19-2009

Hi guys,

I passd the exam today.930/1000 (3rd attemp) 9tut the savior and built confidence for this exam. I wished I shoud have known this site when I first sat the exam. I was relying on Testking I have been using testking for last 12 months and it is useles they did not update the new questions at all and the the service and the customer support is below the standard. ( The way answer your emails ) They waisted my time and money.

"I would not recomend anyone forTestking"

The most updated multiple choice are in - I strongley recomend

http://www.4shared.com/file/143743996/bb7cbc51/Ti_CCNA_640-802_v26__293q_.html

The lab Questions

Nat and Pat - Rip v2 - Frame Relay all in 9tut

So please study these and master in subnetting - you will pass the exam for sure -

Antony 20-11-2009

raghav 11-21-2009

what is the latest version of pass4sure ccna please please tell...i have 7.73

sleading 11-27-2009

thnx 9tut,

just passed the ccna with 860... lucky escape. had a 100% in this lab

funny 12-01-2009

@9tut

Please let me know as my exam will be on 3 DEC. the sequence of commands you have given on this NAT lab can we use the same sequence in our real exam as I have seen other dumps they are doing the same lab with other scenario mention below:

Router # conf t
Router (config)# interface fa0/0
Router (config)# ip nat inside
Router (config)# interface s0/0
Router (config)#ip nat outside
Router (config)#exit

Router (config)# access-list 1 permit 192.168.6.65 0.0.0.63
Router (config)# acess-list 1 deny any
Router (config)# ip nat pool nat_test 198.18.32.70 prefix-length 29
Router (config)# ip nat inside source list 1 pool nat_test overload

Please help me out as i have done the practice as per your given routine i really appreciate you will reply me asap.

Vikxon 12-02-2009

9tut ,please sm1 tell me the latest dumps please i have exams this december

nisha 12-11-2009

hello
Do we need to configure lab questions in the real exam or just mark the right answer.any 1 please tell me pleaseeee

boris 12-14-2009

dynamic nat

Does prefix-lengtf always defined or sometimes I nedd select?

P4S question

ip nat pool SOS 192.0.2.161 192.0.2.165 netmask 255.255.255.224

OK, in this question answer is not enough ip addresses...

but this netmask correct or need to be 255.255.255.192?

subnets 192.0.2.32 - 192.0.2.63
192.0.2.64 - 192.0.2.96

horrible english, sorry

boris 12-14-2009

but this netmask correct or need to be 255.255.255.128?

nochi 01-04-2010

nochi 01-04-2010
Hi!

in this command:

" Router1(config)# access-list 1 permit 192.168.6.64 0.0.0.63 "

I know thats the network address and wild card bits. But I found out in TestInside that they used 192.168.1.65 0.0.0.63. Im just quite confused. Do we really type the network or the ip address? I really need your reply. Im about to take the exam next week.

P.S - I tried 192.168.6.65 with the same wild card bits and it worked. So which one is more reliable? The network address or the Ip address of 192.168.6.65?

Thanks!

nochi 01-06-2010

please help me with my question. i need your comment asap.

thanks!

nochi 01-06-2010

help please! i need your answers asap.

9tut help,i need your answer for my question.

thanks.

9tut 01-07-2010

You have to use 192.168.6.64 in your command as the access-list needs a network address, not a host address.

nochi 01-07-2010

Thank You Very Much 9tut!

BodyGuard 01-11-2010

For Nochi => Read a bit about ACL, and NAT ( all types - static, dynamic, PAT ( overload ) will help u to understand better relieing in simulators won't help you to understand the concepts. And if u know the concepts even if they change the question u will be able to figure out easily.

Al-kebsi 01-14-2010

Attention!!!!!!!!!!

Pass4sure CCNA have been updated on Jan 2010

Anyone can share the new version please?

many thanks in advance

burak 01-20-2010

This lab completely valid in exam and correct. ı took the exam this morning and one of the lab question was this lab. good luck all.

Al-Kebsi 01-22-2010

Hi again everybody,

here is the latest P4S and TI,

http://www.ccna4u.net/category/ccna2/

you gonna find just the latest question that have been updated for P4S and Testinside

Good luck for every1

and many thanks of course to the admin of this fantastic website, and 9tut

hope 01-22-2010

hi i am so confuse

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63 why we

change 192.168.6.65 to 64

vbvaldez 01-25-2010

Just passed the ccna exam today. this site is a great help..I encountered NAT, Frame Relay, RIP2 & EIGRP ( same as the examples provided on this site but w/ different IP address ).

If you want to pass this exam you need to master subnetting...watch and study the CBTnuggets by Jeremy, P4S and TEst inside. I did'nt use the P4S 2010 version. I would suggest that you study and master the Test inside v26 w/ 293 questions.. and of course lots of subnetting practice..Subnetting is the key to pass the LAB Sim..

Try this site : http://subnettingquestions.com

Zoltar 01-31-2010

Hi everyone, passed my CCNA exam yesterday with 972, the majority of questions from 9tut and pass4sure, however there were 3 or 4 i have not seen anywhere. 9tut, you are doing a great job!

tanveer 02-06-2010

Kindly send me the latest test in side & pass4 sure.

I have paper of ccna on monday (08-02-10)

Kindly send me

urgent

mtanveer07@gmail.com

GR 02-15-2010

I have a question I should know, but on the NAT SIM I was at the PC1 Console and I remember that I had a problem connecting to the router? I rember being at the C:> prompt and I could not get to the point of enabling the router. This is for the NAT SIM. Maybe I panicked. To ensure was there a process here

prakash 02-16-2010

plz tell me the configuration details for this example. if u having two switch connecting console cable how to configure if inbetween acting as a trunk port ...help me

Anonymous 02-22-2010

hello 9tut

i just wanted to asked you that don't we have to use r(config)#ip acces-list 1 permit ipaddress wildcard

Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63
i have seen this command in the book. please let me know whats wrong if we use ip before access-list command.

thanks in advance

9tut 02-22-2010

By using "ip access-list" you can name the access-list, nothing's different with the "access-list" command but I am not sure if we can use this command in the real exam.

marcus 02-28-2010

is there one for ccnp, anyway syllabus changing.

Rao 03-05-2010

I need latest p4s dumps.. I have my exam this monday.. Please send me the dumps..

subramanirao@yahoo.com

Chamila Dias 03-07-2010

Can we use windows calculator in CCNA exam?
Any pioneer , Just answer this pls?
upadyadias@gmail.com

mohameed 03-09-2010

why you write 192.168.6.64 0.0.0.63 in q 192.168.6.65 help me

arbab 03-13-2010

kindly snd me the latest dumps!
my paper on 19th march!
plz.......
arbabkhan_99@hotmail.com

arbab 03-13-2010

arbabkhan_99@yahoo.com

Real CCNA 640-802 Questions and Answers

CCNA NAT SIM Question 2

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

CCNA Exam 640-802

Network Resources