Help setting up NAT using packet tracer and setting up Cloud

tecnodog7tecnodog7 Posts: 129Member


Doing the lab using packet tracer AND I want to test NAT using Cloud.

Can anyone help set that up so that I can ping 4.2.2.2 and 8.8.8.8

This is a picture of my network topology i been using so far.
Set up base config, Ip address , vpn , ospf now it's time for nat and i'm stuck. Any help would be awesome.

Thanks in advance.
1.JPG 72.6K

Comments

  • JeanMJeanM Posts: 1,117Member
    Where is 4.2.2.2 and 8.8.8.8 ? Are these loopbacks you've added somewhere, like on the 2811?

    On the R1 the .173 interface (let's assume it's FastEthernet0) would be the ip nat outside interface, and the .1 would be ip nat inside.

    Then something like - ip nat inside source list MYNATLIST interface FastEthernet0 overload
    Then create the ACL, somehting like

    ip access-list extended MYNATLIST
    permit ip any any

    add/remove your permit/denys.
    2015 goals - ccna voice / vmware vcp.
  • tecnodog7tecnodog7 Posts: 129Member
    Jean,
    I am not having a problem on the R1 side. I have created an ACL and set up s0/0 as ip nat outside and fa0/0 as ip nat inside. Also have set up a pool of address.

    The issue I'm having is setting up the loopback address so that when i use NAT from pcA or B i can get a response back from Cloud
  • tecnodog7tecnodog7 Posts: 129Member
    I got the loopback address set up.

    I was configuring it in correctly. I have configured it on 2811 which i'm calling cloud with the 4.2.2.2 so that now when i'm pinging it's coming back

    Thanks
  • theodoxatheodoxa Posts: 1,340Member
    The Cloud (Cloud 0) isn't connected to anything. Normally, you would configure the Cloud to act as an ISP network. For example, you could configure it for Frame Relay and connect Customer routers to it. By Cloud, do you mean the 2811 which you also have labelled as CLOUD? If so, just make sure your NAT ACL is configured to include the Loopbacks and that all the relevant routers have routes to and from those Loopbacks. I don't know what kind of routing you're using, but the easiest way would be to simply configure EIGRP on all your routers (except the 2811 CLOUD) and add network commands for all of the interfaces (including the Loopbacks). This would eliminate any routing issues, leaving only the NAT ACL.

    [EDIT] Never Mind. I just saw that you got it fixed.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • tecnodog7tecnodog7 Posts: 129Member
    theodoxa thank you so much for taking the time out and adding a solution.

    Initially I tired the cloud way but then I just went with the a router and labeled it as cloud.

    My plan was to do what you mentioned but couldn't figure it out.
    I had configured ospf on it. This is the way i accomplished it

    I'm sure there is better and more efficient way of doing it, but since i just started studying for ICND2 i haven't gotten to frame relay topic yet so I had to use what ever limited knowledge I had to accomplish this. This lab was just a review of ALL ICND1 topics.

    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname R1
    !
    !
    !
    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
    !
    !
    ip dhcp excluded-address 10.24.0.2 10.24.0.10
    ip dhcp excluded-address 10.24.2.0 10.24.2.99
    ip dhcp excluded-address 10.24.2.151 10.24.2.255
    ip dhcp excluded-address 10.24.5.0 10.24.5.99
    ip dhcp excluded-address 10.24.5.151 10.24.5.255
    !
    ip dhcp pool ITTeam
    network 10.24.2.0 255.255.255.0
    default-router 10.24.2.1
    dns-server 4.2.2.2
    ip dhcp pool Accounting
    network 10.24.5.0 255.255.255.0
    default-router 10.24.5.1
    dns-server 4.2.2.2
    !
    no ip cef
    no ipv6 cef
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain-lookup
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 10.24.0.1 255.255.255.0
    ip nat inside
    duplex full
    speed 100
    !
    interface FastEthernet0/0.2
    description ITTeam
    encapsulation dot1Q 2
    ip address 10.24.2.1 255.255.255.0
    ip nat inside
    !
    interface FastEthernet0/0.5
    description ACCOUNTING
    encapsulation dot1Q 5
    ip address 10.24.5.1 255.255.255.0
    ip nat inside
    !
    interface Serial0/0
    ip address 188.23.163.173 255.255.255.248
    ip access-group INTERNET_ACCESS out
    ip nat outside
    clock rate 2000000
    !
    router ospf 1
    router-id 1.1.1.1
    log-adjacency-changes
    network 10.24.0.0 0.0.0.255 area 0
    network 188.23.163.168 0.0.0.7 area 0
    network 0.0.0.0 255.255.255.255 area 0
    default-information originate
    !
    ip nat pool NAT_OUTSIDE 188.23.163.173 188.23.163.173 netmask 255.255.255.248
    ip nat inside source list NAT_ADDRESSES pool NAT_OUTSIDE overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 188.23.163.174
    !
    ip flow-export version 9
    !
    !
    ip access-list standard NAT_ADDRESSES
    permit 10.24.0.0 0.0.255.255
    permit 10.23.0.0 0.0.255.255
    permit 10.15.1.12 0.0.0.3
    permit 10.24.2.0 0.0.0.255
    permit 10.24.5.0 0.0.0.255
    ip access-list extended INTERNET_ACCESS
    permit tcp any any eq www
    permit tcp any any eq 443
    permit icmp any any
    ip access-list standard VTY_ACCESS
    permit 10.0.0.0 0.255.255.255
    !
    banner motd ^C
    Private router. Unauthorized entry punishable by law
    ^C
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    password NuggetLove
    logging synchronous
    login
    !
    line aux 0
    !
    line vty 0 4
    access-class VTY_ACCESS in
    password NuggetLove
    logging synchronous
    login
    line vty 5 15
    password NuggetLove
    logging synchronous
    login
    !
    !
    !
    end
  • JeanMJeanM Posts: 1,117Member
    tecnodog7 wrote: »
    I got the loopback address set up.

    I was configuring it in correctly. I have configured it on 2811 which i'm calling cloud with the 4.2.2.2 so that now when i'm pinging it's coming back

    Thanks

    Yeah, see you didn't provide enough information in the original post for us to understand what you've done so far :)

    Does PCA and PCB have connectivity to/from R1 inside and outside interfaces?

    Does the inside and outside interface of the R1 have connectivity to the loopback addresses on the 2811?
    2015 goals - ccna voice / vmware vcp.
  • tecnodog7tecnodog7 Posts: 129Member
    Sorry JeanM,

    Yes PCA and PCB have connectivity and once i used a loopback address on "Cloud"(2811) and applied my ACL on outbound on R1 I was able to get a reply back without an issue. And so now I am a happy camper.

    I was following this with the videos from CBT nugget so this could be a refresher combining everything learned from icnd1
Sign In or Register to comment.