I didn't test everything, but what I did try appears to be working correctly.  However, what's "correctly" might be misunderstood.

The two WRT300Ns appear to have a default NAT(actually PAT) setup, and will block unexpected inbound external traffic.

So, for example, from PC0, I can ping any of the Router0's or Router1's interfaces (even loopbacks).  When I ping any of those interfaces, the pinging source IP (for example from PC0 or PC1) will be 10.60.2.2.  However no outside device is able to ping 10.60.2.2 (if port mismatch - normally expected for unexpected traffic) nor any of the wireless IPs assigned, like PC0's 192.168.200.100.

Thank you very much for taking the time to review my file.
I truly appreciate your help, and I don’t want to take more of your time than necessary.

Since this topology was provided by my instructor from the beginning, all students in my class are working with exactly the same structure.
The only difference is that each student must replace the three original IP segments with their assigned ranges (which I did: the two WAN-side networks and the serial network). The LAN networks had to remain in the 192.168.x.x ranges.

I discussed the issue with my instructor twice.
He never mentioned anything about the WRT300N behavior or possible NAT limitations, even though I clearly asked whether that might be the cause.
In both conversations, he simply told me that the problem was in my configuration.

At one point, he said I “had too many OSPF areas,” but when I mentioned that the topology itself includes multiple areas (as provided in the original file), he neither confirmed nor denied it; he just asked me to run a few commands and repeated: “review your configuration.”

At this stage, my understanding is at its limit.
Your observation about NAT/PAT and inbound filtering on the WRT300N helped me consider something I hadn’t before—especially since this was never mentioned in class.

Before giving us the file, the instructor briefly showed the lab working and performing pings from one end to the other, but I honestly don’t know how he achieved that.

Given what you explained, I would like to ask for your recommendation:

What would be the correct approach in this scenario?

• Should I redesign the solution without the WRT300N routers?
  • Should I replace them with standard Cisco routers?
  • Is there any bridge mode or alternative configuration for the WRT300N in Packet Tracer?
  • Or is there a specific configuration step I may still be missing?

I’m not in a hurry, and I genuinely appreciate any guidance you can provide.
Thank you again for your time and for helping me understand this more clearly.

If by any chance you are able to find my mistake, I would really like to show my instructor this time that he might have been mistaken.
Maybe something is placed incorrectly, or maybe it really is my fault (which is probably the most likely scenario, hahaha).

Should I redesign the solution without the WRT300N routers?

Actually, I had considered asking if the WRT300Ns had to be used.

Should I replace them with standard Cisco routers?

If allowed, yes I believe so.  Further, you'll want switches to host the APs.

Is there any bridge mode or alternative configuration for the WRT300N in Packet Tracer?

Not that I've noticed.

Or is there a specific configuration step I may still be missing?

Another not that I've noticed.

At one point, he said I “had too many OSPF areas,” but when I mentioned that the topology itself includes multiple areas (as provided in the original file) . . .

Ok, so is using multiple OSPF areas required?

I was able to update packet tracer and download your file. 

Observations: each WRT300N router has an active ACL 100 that has the rule deny icmp any any. This alone is the reason the packet are timing out from your source. However, this only applies to the packets sources from your PCs and destined for 10.60.X.2. The WRT300N, and they only make this far because the WRT300N have a default GW back to R1/R0. This is the first instance of OSPF and dynamic router with knowledge of the other side of the Serial interface connections with Inter Area routes. I've been trying to access the Web Mgmt. of the WRT300N, and modify the allowed PC and DMZ, nothing has worked so far. 

The next issue the the overall routing. The 192.168.X.0/24 networks can't be reached from Area 1 to Area 2 or vice versa. These packets will make past the WRT only due to Default Route but the R1/R0 will drop as there is no Default Route not entry in routing table for 192.168.x.0/24. Since you cannot do OSPF on WRT300N a static route on both routers to both networks will help, but still won't get past the WRT300N with that persistent access list. 

Still looking but just an update. 

@DRC reading your reply, I truly wonder if we're both looking at the same PT file and/or using the same PT version.

For example, you note each WRT300N has an ACL 100 blocking all ICMP packets sourced from wireless yet I was able to ping the two routers IPs from two wireless clients.

I've been trying to access the Web Mgmt. of the WRT300N, and modify the allowed PC and DMZ, nothing has worked so far.

I get the GUI interface just clicking the device, you don't?  Lots of options locked out though.  How do you access these devices?  How did you see ACL 100?

The WRT300N blocks inbound ICMP traffic only, to be specific the trusted interfaces are the ethernet interfaces associate with LAN. This means the traffic from the wireless access points. Inbound in this context is entering the WRT300N from the internet port and direction coming in from the Switch-TP side. I just made mention of this in a follow up post on how to view ACL issue in port. In this design the internet port is not being used appropriately or it is but ICMP will not enter the interface. I believe other protocols will work mainly 80/443 since that's normal internet traffic. Also I clicked GUI, and each tab, and then under each tab are more minor sub menus.

https://drive.google.com/file/d/18kKGWVvHSmFdLRbgWd_wUybZLZWBcNZv/view?usp=sharing

@DRC thank you for you series of replies.

For whatever reason, on my brower, for attachments, I'm still unable to download attachments.  What I see is something like this:

Except the virus scan never completes.  (Which, I assume, is why I'm unable to download such attachments.)

Anyway, the external reference links work fine, and also thanks for providing those.

Your display of the ACL 100 match is interesting, because on the GUI page, such an (under the covers ACL doesn't seem to be configured:

"Quirks" within Packet Tracer are not unusual, such as the above not showing any actively defined packet filtering.

However, as the WRT300N's Internet interface's address, doesn't respond to pings either (i.e. NAT/PAT shouldn't be an issue), that there's an ACL 100 blocking unsolicited ping requests (type would explain that failure, but, as I've noted, wireless hosts are able to obtain ping replies (type 0).

First issue is physical connection between the WRT300N and the Switch-PT should be a crossover cable not straight through. It is the cable has dashed line.

Not necessarily.  If you had same MDI wired RJ45 on both ends, and if auto MDI not a feature on either end, you would be unable to pass traffic, but I can ping both WAN routers with the solid-line, straight-through, cable.  Also, while working the diagram, I deleted that link and used PT's automatic connection feature, and it inserted the solid-line, straight-through, cable.  Lastly, the "Internet" port might be expected to be used to connect to a router's port, and if so, a straight-though cable would be the expected choice.

Second for the R1/R0 routers they would be assigned the the 192.168.100.1 or 192.168.200.1 IP address depending on which side to be the default GW for the LAN.

That's an "it depends".  As the WRT300N appears to perform NAT/PAT, we don't need external router's to know of those subnets.  We only need to reach the external IP address.  (Again, which is why ping from wireless to WAN router's works fine.  NB: ping requests that hit those routers, regardless of which wireless host is used, show source IP as WRT300N's Internet interface.

Of course if you remove the NAT/PAT, as you did by moving the Internet connection of an interior LAN jack, then those subnets do need to be known to the WAN routers.  (Also BTW, you could, I believe, completely remove the WRT300Ns, connect the AP to the switches, and provide DHCP on the WAN routers.

To summarize, there appears to be a hidden (at least from the GUI) ACL being used on the WRT300N's Internet interface, but we're unable to "see" its complete config.  Even without such an ACL, if the WRT300N's always perform NAT/PAT, they would block unexpected traffic reaching the wireless hosts.

@Yozhz , unless the WRT300Ns are mandated to be used, replace them with "ordinary" router, or just totally remove them and use the WAN routers and their attached switches.

I added in a google link to the ACL 100 here. 

https://drive.google.com/file/d/18kKGWVvHSmFdLRbgWd_wUybZLZWBcNZv/view?usp=sharing

Also did you get my lab file?

https://drive.google.com/file/d/1o6kmIsg9JjtsWaocSBBEWWs99434jES3/view?usp=sharing

The crossover is the only cable that works in this diagram from WRT300N to the Switch-PT, once you connect via the ethernet interface on the WRT300N connecting to the Switch-PT interface. 

Just taking a step back. The LANs in the initial post won't connect until the GW which is R1/R0 know how to route the 192.168.x.0 networks. From LAN to LAN does not work. but R1 to R0 it does and from a LAN PC to a WRT300N it does because like you said it does a NAT. Place a static router on R1/R0 routers and don't worry about ICMP would be the only thing needed to complete the lab. if the goal is ICMP then you need to remove the internet interface from the WRT300N. 

---

@DRC wrote:

I added in a google link to the ACL 100 here. 

https://drive.google.com/file/d/18kKGWVvHSmFdLRbgWd_wUybZLZWBcNZv/view?usp=sharing

Yup, was able to see that earlier.  Thanks again.

---

@DRC wrote:

Also did you get my lab file?

https://drive.google.com/file/d/1o6kmIsg9JjtsWaocSBBEWWs99434jES3/view?usp=sharing

The crossover is the only cable that works in this diagram from WRT300N to the Switch-PT, once you connect via the ethernet interface on the WRT300N connecting to the Switch-PT interface. 

Got it (now).  Also, it took your original statement to also apply to the WRT300N's Internet port.  Fully agree, switch port to switch would need a cross over cable, unless either or both devices support auto-MDI (and in PT, whether it supports that real-world feature too).

The LANs in the initial post won't connect until the GW which is R1/R0 know how to route the 192.168.x.0 networks.

No, they don't need to know those routes, if using the WRT300N's Internet interface, and NAT.

From LAN to LAN does not work. but R1 to R0 it does and from a LAN PC to a WRT300N it does because like you said it does a NAT.

LAN to LAN could work, if NAT not PAT was used.  Don't know if the real WRT300N can run just NAT.

Place a static router on R1/R0 routers and don't worry about ICMP would be the only thing needed to complete the lab.

This assuming you move the WRT300N Internet connection to one of its LAN ports, correct?  If so, yea you could use statics, but if you're going to use the the LAN ports of the WRT300N, why use it at all?  The only other feature it provides is DHCP for for the wireless hosts, which the WAN router(s) could provide.

if the goal is ICMP then you need to remove the internet interface from the WRT300N. 

Fully agree the WRT300Ns are the major problem.  However, if PT supported all their features, possibly they might work, but not with the limited PT implemented features.  Again, unless those devices were mandated to be used, about the only way to use them, is as you suggest, just treat them as L2 switches.  (Also if you did, you could remove Switches 0 and 1.  However, much cleaner, I believe, to remove the two WRT300Ns.)

What I would like to see ( @Yozhz  ) is the Instructor's provided PT lab file and what was lab accomplishment requirements.

BTW, @Yozhz there's more that could be done to the configurations to make them cleaner/better, much of it, I suspect, is due to lack of knowledge, which, when learning networking, is perfectly normal.  However, I didn't want to mention any of those until you had a working lab, and you understood it, before getting into nit picks.

https://drive.google.com/file/d/1OAK5cvAQVi6uGvRUysUqbQO4NLg6kJtT/view?usp=sharing 

Yes, honestly, you have no idea how grateful I am to see that you are helping me and actively looking for solutions.
I’ve only been taking networking classes for almost a month, so I still have a lot to learn. I’ve spent many hours nonstop trying to find the issue, haha.

I try to carefully analyze what you are discussing between yourselves so I can learn from it, and I also look for additional information on my own to better understand and resolve the situation.

As I mentioned before, my instructor hasn’t provided much feedback on this issue yet, and my classmates haven’t run into this level of difficulty so far. I’ve rebuilt the lab multiple times from scratch (always starting from the original clean template provided by my instructor).

I will attach a Word document to give more context about my situation, including the times my instructor “helped” me and the observations he made.
In the meantime, I will continue researching and looking for more information.

https://docs.google.com/document/d/1yYTjjmr8OogITUkRrOiNPTrv60HwQ2Ah/edit?usp=sharing&ouid=111974096362794635806&rtpof=true&sd=true

I will use Google Drive because nothing is downloading from the browser. Curiously, I can see the images from my cell phone.

"Update": Joseph, I left the link with the only instruction given by the professor, apart from watching ospf videos (because my classes are in several languages English/Spanish/French)

Still looking for a copy of whatever the lab looked like, as initially received, from your instructor.

I'm really wondering if you've, inadvertently, made things much more complicated than they need be.

If you're only a month into initial networkimg classes, subjects like dynamic routing (especially using advanced features like multi area), packet filtering and/or NAT/PAT usually come later.

I want to clarify that the clean/original template file my instructor provided is in this link:

https://drive.google.com/file/d/1OAK5cvAQVi6uGvRUysUqbQO4NLg6kJtT/view?usp=sharing

I also uploaded a ZIP that contains the original (untouched) .pkt file, and a Word document where I compiled the instructor’s instructions. The instructions were posted across different platforms, so I gathered them into one document. It’s basically a short paragraph—other than that, there wasn’t any additional guidance.

@Yozhz that was helpful.

You've written your instructor has a fully working version of this lab, yet with the PT implementation of the WRT300N, and using its Internet port to connect to the central portion of your network, don't see how that's possible, assuming "working" means "All networks must be known and reachable by ICMP", and assuming the basic topology and devices remain the same.

As far as I can continue to tell, the fundamental issue is the WRT300N usually (see next paragraph) blocking unsolicited "Internet" port traffic from reaching its LAN ports' network, unless its some kind of response to a LAN network host.  On a "real" WRT300N, doing this might be possible.

On the PT's WRT300N, I have been able to save a router config file to a wireless host after enabling TFTP to transit from "outside" (Internet port) to "inside" (LAN port) to a specific wireless host.  I did that for two reasons.  First, it's a feature the PT version appears to support.  Second, it demonstrates unsolicited "outside" traffic can transit to the "inside" if WRT300N properly configured (and if it supports that configuration option).

Honestly, the original lab topology makes little sense to me, unless its somewhat extensively changed.

I just did what the DRC said.

Before (via WAN/Internet):

The WRT behaves like a "home router." The Internet port acts as a "border" between the inside (192.168.x.x) and the outside (our 10.60.x.x / 167.x.x.x segment). Here, the WRT performs NAT/Firewall, and in Packet Tracer, it seems to block ICMP (pings) when they come "from the outside in." That's why the ping dies upon reaching the WRT.

Now (via LAN/Ethernet):

By connecting it via a LAN port, the WRT is no longer using that Internet port "border." Therefore, it stops applying that blocking/NAT for the traffic and behaves more like a "bridge" (as if it were a mini switch/AP): it only passes the network through to the main router.

The Consequence:

The "disadvantage" is that by doing this, the WRT acts as a bridge/AP (Layer 2), so the WAN networks/segments that were between the WRT and the router are no longer used, because the WRT no longer routes or performs NAT.

In my case, only the following remained active: the LANs $192.168.100.0/24$ and $192.168.200.0/24$, and the serial link $10.60.3.0/30$.

If I do it with my segments (WAN connection), I run into the NAT problem.

If I do it with LAN, the ping works end-to-end, but I stop using two of my segments.

Let me know if you would like me to help you analyze potential solutions to use all your segments and have end-to-end connectivity.

https://drive.google.com/file/d/1iRwY-cHHHcPgLihXoVnrCPtoQ9UD2TkG/view?usp=sharing 

I am attaching my pkt (Packet Tracer file). Some words are in Spanish because of what I mentioned about my classes, but it is understandable