[Lab Problem] IP NAT on 3640 routers

SteveThingSteveThing Member Posts: 42 ■■□□□□□□□□
in CCNA & CCENT
Hey gang,

I'm attempting this lab on IP NAT via Cisco Learning. I'm having trouble with something very basic and for some reason, I can't seem to figure it out. Probably something simple, but would appreciate another set of eyes on the issue.

I setup both routers as per the pdf, running-configs (interesting stuff only) below:

Gateway: 
version 12.4
no service password-encryption
!
hostname Gateway
!
enable secret 5 $1$547r$Ie6vnl7DwlvdMphtaoB0Y/
enable password cisco
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 speed 100
 full-duplex
!         
interface Serial0/0
 ip address 200.2.2.18 255.255.255.252
 clock rate 64000
!         
interface TokenRing0/0
 no ip address
 shutdown 
 ring-speed 16
!         
interface Serial0/1
 no ip address
 shutdown 
!         
ip default-gateway 200.2.2.17
!
ip route 0.0.0.0 0.0.0.0 200.2.2.17
!
line con 0
 password cisco
 logging synchronous
 login    
line aux 0
line vty 0 4
 password cisco
 login
!
end

ISP: 
version 12.4
no service password-encryption
!
hostname ISP
!
enable secret 5 $1$EsId$25IJ3FekNDR.SdGcQV4/l0
enable password cisco
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.255
!         
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface Serial0/0
 ip address 200.2.2.17 255.255.255.252
!
interface TokenRing0/0
 no ip address
 shutdown
 ring-speed 16
!
interface Serial0/1
 no ip address
 shutdown
!
ip route 199.99.9.32 255.255.255.224 200.2.2.18
!         
line con 0
 password cisco
 logging synchronous
 login
line aux 0
line vty 0 4
 password cisco
 login
!
end

Now I am unable to ping from the 10.10.10.0/24 network to the ISP router or vice versa. I've attempted a few things, but I'm getting annoyed and most likely overlooking something very basic.

Am I dumb?
CompTIA: Net+, Sec+
Aruba: ACMA, ACMP
Air Force:
2E251, 3D152, Fiber Installation Expert, Certified Cryptographic Network Professional, and a couple hundred useless certs on nothing important in real life (aka, Tree Killing+)
· Share on FacebookShare on Twitter

Comments

  • mella060mella060 Member Posts: 198 ■■■□□□□□□□
    For NAT, you need to configure NAT statements to NAT or translate your private addresses to the public address. You would also need an access list to map to your NAT statement.

    Heres some config that might be useful...

    Create an access list for your internal private network...

    ip access-list standard NAT_ADDRESSES
    permit 10.10.10.0 0.0.0.255


    Create a NAT statement to include the access list you created

    ip nat inside source list NAT_ADDRESSES interface serial0/0 overload



    Set your inside and outside interfaces...

    interface FastEthernet0/0
    ip nat inside

    interface Serial0/0
    ip nat outside
    · Share on FacebookShare on Twitter
  • SteveThingSteveThing Member Posts: 42 ■■□□□□□□□□
    I am aware of the NAT commands I need. I was commenting on not being able to ping from the 10.10.10.0 network to the ISP router. Later it dawned on me and I face palmed. Of course it won't ping. Routers drop private IPs instead of routing them (unless explicitly told not to). DOH!

    More to come as I attempt this lab.
    CompTIA: Net+, Sec+
    Aruba: ACMA, ACMP
    Air Force:
    2E251, 3D152, Fiber Installation Expert, Certified Cryptographic Network Professional, and a couple hundred useless certs on nothing important in real life (aka, Tree Killing+)
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    A Cisco router drops a packet it doesn't have a destination for. It has nothing to do with private/public addressing.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.