Help setting up NAT using packet tracer and setting up Cloud

tecnodog7

Doing the lab using packet tracer AND I want to test NAT using Cloud.

Can anyone help set that up so that I can ping 4.2.2.2 and 8.8.8.8

This is a picture of my network topology i been using so far.
Set up base config, Ip address , vpn , ospf now it's time for nat and i'm stuck. Any help would be awesome.

Thanks in advance.

JeanM

Where is 4.2.2.2 and 8.8.8.8 ? Are these loopbacks you've added somewhere, like on the 2811?

On the R1 the .173 interface (let's assume it's FastEthernet0) would be the ip nat outside interface, and the .1 would be ip nat inside.

Then something like - ip nat inside source list MYNATLIST interface FastEthernet0 overload
Then create the ACL, somehting like

ip access-list extended MYNATLIST
permit ip any any

add/remove your permit/denys.

tecnodog7

Jean,
I am not having a problem on the R1 side. I have created an ACL and set up s0/0 as ip nat outside and fa0/0 as ip nat inside. Also have set up a pool of address.

The issue I'm having is setting up the loopback address so that when i use NAT from pcA or B i can get a response back from Cloud

tecnodog7

I got the loopback address set up.

I was configuring it in correctly. I have configured it on 2811 which i'm calling cloud with the 4.2.2.2 so that now when i'm pinging it's coming back

Thanks

theodoxa

The Cloud (Cloud 0) isn't connected to anything. Normally, you would configure the Cloud to act as an ISP network. For example, you could configure it for Frame Relay and connect Customer routers to it. By Cloud, do you mean the 2811 which you also have labelled as CLOUD? If so, just make sure your NAT ACL is configured to include the Loopbacks and that all the relevant routers have routes to and from those Loopbacks. I don't know what kind of routing you're using, but the easiest way would be to simply configure EIGRP on all your routers (except the 2811 CLOUD) and add network commands for all of the interfaces (including the Loopbacks). This would eliminate any routing issues, leaving only the NAT ACL.

[EDIT] Never Mind. I just saw that you got it fixed.

tecnodog7

theodoxa thank you so much for taking the time out and adding a solution.

Initially I tired the cloud way but then I just went with the a router and labeled it as cloud.

My plan was to do what you mentioned but couldn't figure it out.
I had configured ospf on it. This is the way i accomplished it

I'm sure there is better and more efficient way of doing it, but since i just started studying for ICND2 i haven't gotten to frame relay topic yet so I had to use what ever limited knowledge I had to accomplish this. This lab was just a review of ALL ICND1 topics.

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
ip dhcp excluded-address 10.24.0.2 10.24.0.10
ip dhcp excluded-address 10.24.2.0 10.24.2.99
ip dhcp excluded-address 10.24.2.151 10.24.2.255
ip dhcp excluded-address 10.24.5.0 10.24.5.99
ip dhcp excluded-address 10.24.5.151 10.24.5.255
!
ip dhcp pool ITTeam
network 10.24.2.0 255.255.255.0
default-router 10.24.2.1
dns-server 4.2.2.2
ip dhcp pool Accounting
network 10.24.5.0 255.255.255.0
default-router 10.24.5.1
dns-server 4.2.2.2
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.24.0.1 255.255.255.0
ip nat inside
duplex full
speed 100
!
interface FastEthernet0/0.2
description ITTeam
encapsulation dot1Q 2
ip address 10.24.2.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.5
description ACCOUNTING
encapsulation dot1Q 5
ip address 10.24.5.1 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 188.23.163.173 255.255.255.248
ip access-group INTERNET_ACCESS out
ip nat outside
clock rate 2000000
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.24.0.0 0.0.0.255 area 0
network 188.23.163.168 0.0.0.7 area 0
network 0.0.0.0 255.255.255.255 area 0
default-information originate
!
ip nat pool NAT_OUTSIDE 188.23.163.173 188.23.163.173 netmask 255.255.255.248
ip nat inside source list NAT_ADDRESSES pool NAT_OUTSIDE overload
ip classless
ip route 0.0.0.0 0.0.0.0 188.23.163.174
!
ip flow-export version 9
!
!
ip access-list standard NAT_ADDRESSES
permit 10.24.0.0 0.0.255.255
permit 10.23.0.0 0.0.255.255
permit 10.15.1.12 0.0.0.3
permit 10.24.2.0 0.0.0.255
permit 10.24.5.0 0.0.0.255
ip access-list extended INTERNET_ACCESS
permit tcp any any eq www
permit tcp any any eq 443
permit icmp any any
ip access-list standard VTY_ACCESS
permit 10.0.0.0 0.255.255.255
!
banner motd ^C

---

Private router. Unauthorized entry punishable by law

---

^C
!
!
!
!
line con 0
exec-timeout 0 0
password NuggetLove
logging synchronous
login
!
line aux 0
!
line vty 0 4
access-class VTY_ACCESS in
password NuggetLove
logging synchronous
login
line vty 5 15
password NuggetLove
logging synchronous
login
!
!
!
end

JeanM

tecnodog7 wrote: »

I got the loopback address set up.

I was configuring it in correctly. I have configured it on 2811 which i'm calling cloud with the 4.2.2.2 so that now when i'm pinging it's coming back

Thanks

Yeah, see you didn't provide enough information in the original post for us to understand what you've done so far

Does PCA and PCB have connectivity to/from R1 inside and outside interfaces?

Does the inside and outside interface of the R1 have connectivity to the loopback addresses on the 2811?

tecnodog7

Sorry JeanM,

Yes PCA and PCB have connectivity and once i used a loopback address on "Cloud"(2811) and applied my ACL on outbound on R1 I was able to get a reply back without an issue. And so now I am a happy camper.

I was following this with the videos from CBT nugget so this could be a refresher combining everything learned from icnd1