Hi !

I'm currently studdy for CCNP TSHOOT CCNP Exam.

I had setuup a small lab with Cisco router to test lab...

in the attached file the configuration of the 2611 router...  with is currently doing the NATTING between 2 others routers (a 2501 which is basically acting as a standart host, and 4500 routeur which is acting as a router on the Internet).

I used ping command to generate traffic between my 2501 and 4500 router.  For testing I'm send my ping request to the interface connected to the 2611 on the wan side.

I had received some reply from 4500 on my 2501 router, but I also lost some of them, and I do not understand.  With sniffer software placed between 2611 and 4500, I see ping request with source interface of my 2501 router but not NAT (in it's original state) when I see test on sniffer software I did not received reply on my 2501 for my ping request (that normal, but why something the IP address of my 2501 is not NAT and sometimes not ?)

I was defined my access-list on my 2611 as is to defined which traffic should be NAT :

ip access-list extended INTERNE
permit ip 192.168.2.0 0.0.0.255 any log
permit icmp  192.168.2.0 0.0.0.255 any log
deny   ip any any log
deny   icmp any any log

Because I do not defined very often access-list and to make sampler all test I had redefined the same access-list, but by defining each specific host in the LAN.  I was look like working a little bit better, but it's do not always gave the intended behavior.

Also, I had done "show ip nat translation" I seen my NAT entry, I again later and I did not seen any entry.  I was pass maybe 5 min. between I issued those command.

I had also done same test with 1605 router to doing NAT, but I do not received very better result, is possible for some one to help me ?

my 2611 router is currently running IOS : c2600-i-mz.122-8.T5.bin

my 1605 router is currenly running IOS : c1600-y-mz.122-26c.bin

Thanks a lot !