cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1277
Views
40
Helpful
12
Replies

Nat translation

lucad7846
Level 1
Level 1

Hi 

I have this nat PKT to troubleshoot - it's very similar to a pkt file I posted the other day. 

I created the access list and I can see with the statistics command that I am only getting the translations if I ping from the server to the pc. From pc to server it's not working I get all misses and no hit if I do a show ip nat statistics. 

I am not sure what I have done wrong. 

Any help would be much appreciated 

2 Accepted Solutions

Accepted Solutions

Martin L
VIP
VIP

Notice that your assignment is Troubleshooting one; This means some configs are incorrect on purpose.

I think This one follows ur assignment requirement. 

Regards, ML

View solution in original post

12 Replies 12

remove the second line of the ACL 10 (permit 10.0.0.0) that not correct 

Hi Thanks for that.

when I enter the

show access-list 1

command - it doesn't show the sequence numbers before the permit statements - how would I remove the second line?

Many thanks in advance

 

Martin L
VIP
VIP

Actually the other one is wrong and the whole assignment looks weird and incorrect; 

no access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 10.0.0.0 0.255.255.255

 

I need a bit more time to point all mistakes; I recommend start fresh !

 

Hi

Are you referring to this file I posted or the other one in the other post? 

Basically for this one the goal is to allow all pc's to utilise nat and be able to ping the external server at 10.0.0.2. R1 is supposed to be the gateway router providing nat. 

How would I achieve that? 

I have attached the original file as I first got it. 

Many thanks in advance

I am referring to file named TS3.4B NAT.pkt. I think is the one shared above

1st, Assignment says "All PCs should be able to utilise the NAT service and be able to ping the external server on 10.0.0.2."  This would mean (at least to me) that Server is external device; PCs are internal. So, I think the goal here is that traffic going from PCs to Server should get translated; but not the other way around. 

ip nat inside means take all incoming traffic on local (inside) interface and translate into global one (external). This is sort of one way direction once you apply to router.  You specify interfaces with ip nat inside/outside commands. Traffic coming on outside interface should not be translated with ip nat inside command. All traffic coming on inside should be translated using ip nat inside command. So, right now we have GigabitEthernet0/0 as outside (ip nat outside) interface and GigabitEthernet0/1 10.0.0.1 as inside (ip nat inside).   This does not follow our assignment requirement. 

Does it make sense ?  I am working on pt file that I think it should be correct. will attach it shortly

Regards, ML

 

Hi Martin 

Thanks so much for that I really appreciated your help. I agree with you regarding assignment requirement. It is so weird how they phrase it though. 

Once again thanks for your help

Cheers

Martin L
VIP
VIP

Notice that your assignment is Troubleshooting one; This means some configs are incorrect on purpose.

I think This one follows ur assignment requirement. 

Regards, ML

Hi Martin Thanks so much - I think this configuration meets the requirements. 

On a different note may I ask why there is a need for adding the static route on R1 - I had it configured in my file as well but I still don't understand the reason for it. I mean the server is directly connected. Why we need it? 

Many thanks in advance

you are right no need static route

Thanks so much for the clarification. 

Right, no need for default route (ip route 0.0.0.0 0.0.0.0).  I think it came with file (original one). it could be "left over" from larger topology. 

Gotcha thanks so much for your help Cheers

Review Cisco Networking for a $25 gift card