Lab 16 - Many to One NAT

Daniel333 · May 2007

Alright, so i think I have static NAT down, along with who gets ip nat inside/outside. So I moved to the next lab.

I have a simple network in my lab.. 192.168.x.x /24

hostA---101.1 RouterA 1.1---1.2 RouterC 100.1 ---100.2 hostB

I have set RouterA's E0 as inside and it's S0 as the outside. I have not added RouterA's subnet to RIP, but everything else I have and they are communicating fine.

access-list 10 permmit 192.168.101.0 0.0.0.255
ip nat inside source list 10 int serial 0 overload

But still hostA cannot ping any farther than RouterA's S0.

Any idea what I might be doing wrong?

Paul#4 · May 2007

Issue an extended ping command with the source address as E0 and destination Router C 1.2...
...if you don't get anything back this means the routers could not get the traffic back to you...
this means you have an issue with routing table...could be a few things...

Do you know how to use extended ping commands?

Try to ping the Router C 198.168.1.2 interface...
You should be able to ping this interface...you might have problems pinging on Router C's 100.1...
give em both a try and let us know....sounds like a routing issue...

Everything else looks good with NAT and access lists...

Daniel333 · May 2007

From RouterA I can ping both of RouterC's interface's and the node on it's E0

The extended ping coming from E0 fails to anything beyong RouterA's E0.

Just to check, I SHOULDn't add RouterA's e0 to rip, right? shouldn't matter since I am translating on the S0?

Paul#4 · May 2007

That means there is no route back to your E0 network 192.168.101.x

I learned this from Odom's CCNA book(Intro and ICND)...

The extended ping from that interface tests the remote routers routing table...as it stands the remote router(Router C) has no way to get back the 192.168.101.x...

RIP would definitely help with this...

You need to advertise the 192.168.101.x network to Router C so you will have to use RIP to distribute that route.

You can also mess around with default routes while you're at it, just for fun

Try this on Router A while RIP is running

RouterA#config t
RouterA(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.1

See if this default route gets sent to Router C...this should allow Router C to send traffic back to Router A as long as you have ip classless command enabled on Router C.

Or you can just add this under RIP
network 192.168.101.0
and everything should work...

If you want to disable RIP updates on your E0 interface just use the passive-interface command

Good luck...

I'm taking the ICND tomorrow, I will let you know how it goes..

mwgood · May 2007

Daniel333 wrote:

From RouterA I can ping both of RouterC's interface's and the node on it's E0

The extended ping coming from E0 fails to anything beyong RouterA's E0.

Just to check, I SHOULDn't add RouterA's e0 to rip, right? shouldn't matter since I am translating on the S0?

It sounds like NAT isn't working properly. You should NOT need to add the inside NATed network to your routing protocol.

Try running the show ip nat translations command or post your config on RouterA.

tech-airman · May 2007

Daniel333 wrote:

Alright, so i think I have static NAT down, along with who gets ip nat inside/outside. So I moved to the next lab.

I have a simple network in my lab.. 192.168.x.x /24

hostA---101.1 RouterA 1.1---1.2 RouterC 100.1 ---100.2 hostB

I have set RouterA's E0 as inside and it's S0 as the outside. I have not added RouterA's subnet to RIP, but everything else I have and they are communicating fine.

access-list 10 permmit 192.168.101.0 0.0.0.255
ip nat inside source list 10 int serial 0 overload

But still hostA cannot ping any farther than RouterA's S0.

Any idea what I might be doing wrong?

Daniel333,

For PAT, you need to configure at least five statements:

(config)# ip nat pool
(config)# access-list
(config)# ip nat inside source
(config-if)# ip nat inside
(config-if)# ip nat outside

To help guide you to the answer, I've left some hints above. Use "?" to complete the statements. Good luck.

rossonieri#1 · May 2007

Daniel333 wrote:

access-list 10 permit 192.168.101.0 0.0.0.255
ip nat inside source list 10 int serial 0 overload

But still hostA cannot ping any farther than RouterA's S0.

Any idea what I might be doing wrong?

pls check the bold line

cheers.

rossonieri#1 · May 2007

tech-airman wrote:

Daniel333,

For PAT, you need to configure at least five statements:
(config)# ip nat pool

(config)# access-list

(config)# ip nat inside source

(config-if)# ip nat inside

(config-if)# ip nat outside

To help guide you to the answer, I've left some hints above. Use "?" to complete the statements. Good luck.

missing one important keyword : overload
because if you dont do that -- you will fall into dynamic NAT with pool.

cheers;)

tech-airman · May 2007

rossonieri#1 wrote:

tech-airman wrote:

Daniel333,

For PAT, you need to configure at least five statements:
(config)# ip nat pool

(config)# access-list

(config)# ip nat inside source

(config-if)# ip nat inside

(config-if)# ip nat outside

To help guide you to the answer, I've left some hints above. Use "?" to complete the statements. Good luck.

missing one important keyword : overload
because if you dont do that -- you will fall into dynamic NAT with pool.

cheers;)

rossonieri#1,

That's why I said " Use "?" to complete the statements."

Lab 16 - Many to One NAT

Comments