Nat Sim

@9tut,

just additional question?

why would you configure overload if the you have a pool of 198.18.184.105 to 198.18.184.110 ip’s?

on my config above I use only dynamic nat. please validate guys I need your opinions.

Our pool only has 6 public IP addresses (from 198.18.184.105 to 198.18.184.110) but “the company has 14 hosts that need to access the internet simultaneously”. Therefore the only solution here is to use PAT (NAT overload).

If you use your above configuration, only 6 hosts can access the internet simultaneously.

In the real life, you can use prefix-length keyword but there were reports from CCNA candidates that the “prefix-length” keyword didn’t work, so you should use keyword “netmask” instead.

Okay, I think I got it.

1. If you have an inside pool that is smaller or equal to your outside pool, you don’t need overload.

2. if you have an outside pool of more than one address that is smaller than your inside pool than you need overload and you will need to define a pool and assign the acl to the pool name like above.

3. if you only have 1 outside ip address you still need overload but you do not need to name a pool and you would assign your acl to the interface.

I believe that is correct.

Help, why I got this message in Packet Tracert in Router configuration:

Router(config)#ip nat pool mypool 198.18.184.105 192.18.184.110 netmask 255.255.255.248
%Pool mypool mask 255.255.255.248 too small; should be at least 0.0.0.0
%Start and end addresses on different subnets
Router(config)#

I check and netmask is OK and these 2 IP address are in the SAME network.

Heji – On the first line, check the first octets again. both should match.

….Often I make the same typo as i’m so used to typing 192….

How to summarize or make wildcard mask for this?

192.168.100.17 – 192.168.100.30

Above example says its 0.0.0.15

How do we calculate that thing?

Please tell mee

aaa:

first of all you have to know how wildcard mask works. its just changing the 0s into 1s and 1s into 0s of the subnet mask. so in the sim the subnet mask is 192.168.100.17 – 192.168.100.30/28 which means 11111111.11111111.11111111.11110000
calculate the 1s=128+64+32+16+8+4+2+1=255 so it becomes 255.255.255.
the 1s in the last octate are 1111=128+64+32+16=240
and the remaining 0s are 8+4+2+1=15. So now you have to make the 1s into zero and zero’s into 1. Here how it goes
11111111.11111111.11111111.11110000
00000000.00000000.00000000.00001111
0.0.0.15 -count the last 4 1s which becomes 8+4+2+1=15.
Hope you understand this.

Thanks

Well it’s not an inside pool that refers to private IP addresses that are being translaed but rather an access list specifiying the private IP addresses that are being permitted.

The only pool that was created can be seen in the CLI statement where it shows “mypool” after ip nat pool.

I want to know if there are configurations for the ISP router to assign public IP to the NAT router.i need ur help.Thanks

No, you are not allowed to configure the ISP router.

i have a VPN like this one above,so i was asking to help me with configurations of that router you called “ISP”.Thanks

hi .. shouldn the net mask be 255.255.255.240? … i read that the assigned global addresses (here 198.18.184.105 to 198.18.184.110) should fall under the specific mask range… it would be a conflict if we use /29 right??? /28 will get those addresses within the range …

This example is not using PAT rather dynamic NAT with overload capabilities. When using PAT the following command is used
ip nat source list *access list* interface *inside global* overload

if the source list command is using a pool of addresses then its dynamic NAT with overload

Hey Pav,
When we are defining the pool of address to use we use the following format.

ip nat pool *name* *start ip* *end ip* netmask *ip range*

The netmask command is simply checking that we have used the correct ranges in the start and end ip commands.

Using a netmask of /29 gives an increment of 8 which covers our range of 6 addresses. using a /30 is too small with only 4 in the range and a /28 would give us too many with a range of 16.

I have some photozz from my exam.I can mail to human which post
it to this site.
Sorry for my poor English slavian2004@bk.ru

Just passed the icnd 2 !

Although this site is great for practise exams I dint have any of the material from here in the actual exam.

Thanks 9tut !

got it.. thanks inviz!!! congrats for passin ccna:)

hey inviz,
May i know the resources u used ??

thankss

Took test today 9/6 not on there only had VTP lab sim.

The Q says the nat inside and nat outside have been configured. Is it necessary to int fa0/0,
ip nat inside and int s0/0, ip nat outside? Thanks.

You don’t need to configure nat inside and nat outside!

will these question alone be enough for practicing????

@9tut

I see your ccna website is suspended ,everytime it shows this website as account suspended.what happened to this site?

What`is going on ? ccna website down??

Is the NAT sim part of the ICND1 exam

@ross102865

No.. NAT SIM is only for ICND2

hello Guys,
I am facing one prblm in connecting the the weaver router to ISP router, I configured the router and switch on packet tracer but when I am pinging from the test PC, I cant connect to the ISP router. I gave the default ip gateway as the 192.0.2.113 for the switch. Still I cant ping to the serial interface…

Thanks

You should give the switch the default gateway of 192.168.100.30
And for you to ping the ISP successfuly you should configure a static route
Regards

Really nice post,thank you

This is good practice, but the problems here are a bit out of date, i took ICND2 yesturday and none of the problems on here where on the test. The questions are totally different. all I can say is study study study.

Is this OSPF sim on ICND 1 exam??

please can any one send me the latest sims . please help me i am taking icdn2 exam in 2 days my email is dennistekin@gmail.com

i created this sim in packet tracer and the remote isp router (192.0.2.114) cannot be pringed from the LAN when NAT overload is configured but can be pinged when PAT is configured!!

sh ip nat trans show the attempt to translate inside locals to inside globals but the ping will not reply with NAT overload! tried configuring static routes and rip but still dosnt work!

Any suggestions please?

@9Tut,

Once again thank you for this site and contributions!

I am happy with the sim (i.e. I understand the how to successfully configure NAT / PAT) However, I am encountering the same issue – I able to see a NAT translation but I do not receive a reply from the ping. The request simply timeout with 100% packet loss

I have tried to TSHOOT this myself as far as I can but unable to decipher the issue

Any feedback would be greatly appreciated

p.s. I have configured the “ip nat inside” and ip nat outside” on the correct interfaces

TheSnake,

The reason that you are unable to a recieve a reply to your ping is that there is no route from the ISP back to the host your are pinging from becuase there is no routing protocol configured.
Try creating a static route on the ISP router (ie: ip route 192.135.100.0 255.255.255.0 Serial0/1) so that the ICMP packet knows where to return to ping reply.

worked for me..

Can anyone please send me the latest sims.Taking ICND 2 next week.my email is lyndonkumire@gmail.com

Can anyone please send me the latest sims.Taking ICND2 next week. my email is eng.yase@gmail.com

@CSStudent
ip route 192.135.100.0 255.255.255.0 Serial0/1
That will add a route to the local address. Did not work for me.

I’ve set up this route, and worked great for me.
ISP(config)#ip route 198.18.184.104 255.255.255.248 192.0.2.113

Giving the ISP the route back using the public addresses.

Hi i’m having my exam this Friday….hope this will help…. orrrr i’ll kill someone

please anyone send me the latest ICND1 i will take an exam next two week . my email is :channgak.its@gmail.com

please email me the latest icnd2 exam email lalasoso2@gmail.com

Hi everyone
I need to run these lab questions on packet tracer please help me where are the sources?

im sitting in two weeks tiime pls help me on ICDN1 & ICDN2 (Important notes needed thanks advance

Hi,

I need help here. How did we get this:

Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

I think it should be:

Weaver(config)#access-list 1 permit 192.168.100.17 0.0.0.15

Thanks in advance

a wild card is something like the reverse of the subnet
the subnet used for that address range was 255.255.255.240 (it gives you 16 IPs, 1 is the subnet address, 1 is the broadcast address)
0.0.0.15 covers 16 IPs (count 0.0.0.0 too). it covers the subnet address, 14 possible hosts and the broadcast address.
the range must start at the block size multiplier. the block size number is 16 so the starting number is 0, 16, 32, 48… in our case is 16

long story short:
192.168.100.16 0.0.0.15 covers for the entire subnet that starts at 192.168.10.16 and has a subnet mask of 255.255.255.240

i hope someone can understand something out of it… wildcard masks are the reverse of subnet masks, that’s the most important

This excercise was in my exam today. 933/1000.
Thanks a lot!!

just gotta love all these lazy bums that come on here and post asking for people to send them stuff and teach them.

get off your lazy butt and learn!!!! all that you need is here. jerk-offs!! no one wants to take time out of their busy day to help someone who wont even get on this website and read what is already helping other people do just fine.

@xallax

you are overcomplicating wild cards

all you do is subtract the subnet mask from 255.255.255.255 (courtesy of wendell odom)

255.255.255.255
-255.255.255.240
0. 0. 0. 15

was trying to explain why that wild card was used. anyways, thanks for the simple way of doing it. cheers

np man… i just wanted to help brotha!!

ill even help out a little more… when i was in school my teacher gave us a subnetting chart. it is so awesome that i even made one to put in my wallet and on my wall at home lol… this thing rocks man and can help you subnet like a biotch!!

____128 64 32 16 8 4 2 1
____128 192 224 240 248 252 254 255
2nd /9 /10 /11 /12 /13 /14 /15 /16
3rd /17 /18 /19 /20 /21 /22 /23 /24
4th /25 /26 /27 /28 /29 /30

the 2nd, 3rd and 4th writing on the left represents the octets… if you make a chart of this write 2^7 above the first 128 and above 64 write 2^6 and so on down to 2^0 over one. this will represent the bits borrowed when you are subnetting. memorizing this chart is the fastest way to subnet i have seen. it totally avoids having to calculate binary which takes forever unless you play the binary game like a madman.

____128___ 64_____ 32_____ 16_____ 8_____ 4_____ 2_____ 1
____128__ _192____ 224____ 240___ 248___ 252___ 254___ 255
2nd _/9____ /10 ____/11_____ /12___ /13___ /14____ /15___ /16
3rd _/17___ /18____ /19_____ /20____ /21___ /22____ /23___ /24
4th _/25___ /26____ /27_____ /28____ /29___ /30

should look more like this only ignore the underscores… the numbers should basically be like columns 128, 128 /9 /17 /25 should be column one basically

Check out http://j.mp/ciscoebooks

Hey guys,

I cant seem to get this working….it seems like I have the same configuration as the solution but it doesnt work when I try the ping! Any ideas?

For access-list 1, why couldn’t we use 192.168.100.0 0.0.0.255?

Using 0.0.0.255 may block the testing computer as well depanding upon the ip address stored on the computer and one more thing they asked us to block specifically so ans specifically will be better..

sorry it wont block the testing machine..
so i guess its better to be precise.. why permit extra computers..! when they ask you to allow only 15.. by putting 0.0.0.255 will allow other computers as well..
well the objective will be completed by answering 0.0.0.255 but they may reduce points for not being precice..

AGAIN NOTHING WRONG IN PUTTING 0.0.0.255

this pops up in an ICND1 ebook i have!! some people are saying NAT is only for CCNA and others say it comes up in CCENT…anyone have any concrete info please?

@helblzer
NAT is for ICND2 or CCNA

additional question http://www.9tut.com is not working.why????

@zenith:Which topic in 9tut.com is not working?

@9tut
sorry I’s my fault.thanks for the quick responce .

Hi! Guyz, just want to ask this I’m using a 5.3 ver of packet tracer and I have created a network and apply NAT to it, I already configure all the necessary things like ip address and used dynamic routing protocol such as eigrp, and it work wel (by the way, on my network was consist of two LAN with router on each and that two router was connected via serial cable)l. And to reassure the this network work very well ping all of the client and server both ends and its ok. then i start to apply NAT to the network, I configured the following:
router(config)#ip nat pool testpool 200.1.1.1 200.1.1.2 netmask 255.255.255.252
router(config)#accesslist 1 permit 192.168.10.0 0.0.0.255
router(config)#ip nat inside source list 1 pool testpool
then I configure also the interfaces: s0/0/0 configure with “ip nat outside” then fa0/0 with “ip nat inside”
after that for the 192.168.10.0 network I can’t ping the server Network anymore, but on the other 192.168.20.0 net which is connected on same router with 192.168.10.0 net can ping the server LAN, and I use “show ip nat translation” I could I see the translation occur. please help me guys im very very confuse cause i already change this topology to a more simplier one but still end up with this kind of problem….thnx in advance

@confusion: Please upload your pkt file on http://certprepare.com/forum we will help you!

@9tut Ok i will thnx

@9tut, i already figure it out… NAT only passes thru default route cause all the while i was configuring a dynamic routing thru both routers i guess my clumsiness over think that i just remember that NAT only uses thru the outside network…. but thanks anyway…

confusion, ip nat pool testpool 200.1.1.1 200.1.1.2 netmask 255.255.255.252
does not work! Packet will goes with IP and netmask from pool and never succeeded.
Host pool from mask must be higher than difference between first & last host from pool.
Destination host must be reachable by the way.

I just passed my ccna today, thanks the sim labs helped a lot. I had eigrp, vlan and acl. Make sure to took at interface assignment on the switch. Thaxs

Hi, Can someone please email me the latest dump for ICND2 on rafan.fatima@gmail.com. I hav my exam nxt week
Please
Thanks

interface Loopback0
ip address 1.1.1.5 255.255.255.255
!
interface Serial0/0
ip address 192.168.234.2 255.255.255.0
encapsulation frame-relay
frame-relay map ip 192.168.234.3 203 broadcast
frame-relay map ip 192.168.234.4 204 broadcast
frame-relay map ip 192.168.234.5 205 broadcast
!
router ospf 1
router-id 1.1.1.5
network 0.0.0.0 255.255.255.255 area 0
neighbor 192.168.234.3
neighbor 192.168.234.4
neighbor 192.168.234.5
!

I don’t get it..

According to the picture The Weaver Router has an IP Address S0/0 192.0.2.113 and the ISPs` address S0/1 192.0.2.113.
The task states “The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110″.
How can we configure different public IP addresses from the S0/0 interface on the weaver router?
It is my understanding that the public addresses should be at least from the same range as the outbound interface (in the sim lab in our case that is the S0/0 of the Weaver router)?

OK, i got it
I just rebuild the same topology in packet tracer, and it didn’t worked at first, but then this problem can be solved by just adding a static route on the ISP router for the translated IP addresses:

ISP(config)#ip route 198.18.184.104 255.255.255.248 Se0/1

Thanks 9tut for the great examples and tutorials here