Lesson learned today after putting together the stupid network ever envisioned
Pupil
Member Posts: 168
in CCNA & CCENT
I was experimenting and labbing in Packet Tracert trying to get a good grasp of NAT particularly static NAT aka port forwarding. I was testing the placement of servers behind a router and clients accessing them across the WAN. DNS, Web, NTP, Syslog all worked wonderfully. Then, I had the bright idea to try a DHCP server. After successfully working out all of the various NAT mappings and seeing client's DHCP requests make it to the DHCP server, lo and behold it responds back with a destination IP address set to the private IP address of the client which the router quickly drops. Let me tell you, that did not go well at all. See the screenshot for the dumb network that taught me a vital lesson today.
2015 Certification Goals: CCNA: Routing & Switching FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT, CCNA: Security FONT=courier new][SIZE=2][FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT][/SIZE][/FONT, Security+ COLOR=#ff0000]X[/COLOR
Comments
-
Hondabuff
Member Posts: 667 ■■■□□□□□□□
That's why they make vpn's.
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
Pupil
Member Posts: 168
Yup, but even then you'd want your DHCP server as close to the clients as possible.2015 Certification Goals: CCNA: Routing & Switching FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT, CCNA: Security FONT=courier new][SIZE=2][FONT=courier new][SIZE=2][COLOR=#ff0000]X[/COLOR][/SIZE][/FONT][/SIZE][/FONT, Security+ COLOR=#ff0000]X[/COLOR
-
powmia
Users Awaiting Email Confirmation Posts: 322
Yup, but even then you'd want your DHCP server as close to the clients as possible.
As close as reasonably possible. If you have ~50,000 clients... reasonably close typically isn't even close
This is why you run NAT only if absolutely necessary... and never do it between internal clients and internal services. NAT just breaks S#!+