NAT overload question

Hi guys,
This is my first post here, I got to the forum today while looking for some answer, I'm very happy that I found it!. I'm taking 640 801 in a couple of weeks so I will be checking the forum daily. I went through the practice exam just quickly (CCNA 55 questions) and got 89.1, what is the passing percentage? I'm not sure if I'm gonna be ready for the exam!

Here the question about NAT overload (PAT).
I was setting up NAT in my home lab, did Static mapping and worked OK. I did dynamic mapping with a pool of many global addresses and it also worked fine. But when i tried to configure dynamic PAT it just didn't work. I tried with standard and extended access list and nothing. I just couldn't get connectivity and the access lists didn't seem to work. I then applied the access list to the Outside interface (ip access-group 101 out) and it started to work!! any idea of why this is happening? I can post configs if needed.
Thanks a lot!
Ernesto

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

david_r

wolf,
Do post your configs. NATing and ACLs are difficult enough with everything in front of us.

loboernesto

Thanks David,

I've been testing further on it and I found a few things that were confusing me. First of all is that while I thought i could ping any host in the "inside" of the NAT network when apparently (correct me if I'm wrong, all this is my conclusion and i could be wrong) i can only ping the first address that appears in the NAT table and because ICMP timeout (default) is 60 seconds i could ping one host sometimes and then a different one but never two at the same time. Another discovery was that there seems to be a problem when i have the wireless card enable since i can only ping the default getaway and nowhere further than that, but i have no problems when it's disabled! does anybody knows about that and how to fix it? it's quite annoying because it means i can't have my laptop connected to both the network and the Internet at the same time!. maybe a loop?

I was thinking, says do want to be able to ping or have access to certain host in the inside network. Is it possible to have static NAT matching those specific hosts and dynamic NAT for the rest at the same time?

thanks a lot.

BTW: David: good Spanish!

david_r

lobo,
post your config.

On your static and dynamic question, what exactly are you trying to do?

david_r

I think I understand your question now. Read through this stolen config and see if this is what you want to do.
This will setup a static nat entry 192.168.0.25 -- 24.1.1.2, exclude the .25 from the PAT and setup PAT between 192.168.0.1-255 and 24.1.1.3-6.

access-list 1 deny host 192.168.0.25
access-list 1 permit 192.168.0.0 0.0.0.255
ip nat inside source static 192.168.0.25 24.1.1.2
ip nat pool MyPool 24.1.1.3 24.1.1.6 netmask 255.255.255.0
ip nat inside source list 1 pool MyPool overload
interface e0
ip nat inside
interface serial0
ip nat outside

loboernesto

Yep, that's exactly what I had in mind...thanks.
I'm gonna focus now on ISDN, it's the only thing I can't practice in my home lab and therefore my weakest point. Isn't there any software capable of simulate a ISDN modem out of 1 or 2 network cards in pc? I know that although the connectors are the same the pins used are different on a bri port...but I thought maybe somebody got a way to force the network card to use the pins matching an ISDN port and thus with some others configuration simulate a ISDN modem. Maybe just something simple that would allow you to use the commands and verify that the configuration is OK... well, just a thought. I don't really like the boson netsim but i will have to try on that one.

thanks again!.