Options

newbie to NAT is this right?

kaynejenkinskaynejenkins Member Posts: 13 ■□□□□□□□□□
in CCNA & CCENT
Maybe someone can help with this, not sure if im missing something or NAT is doing what it is supposed to. On my packet tracer diagram, the pc and server cannot ping each other, but can ping both routers from both sides. And both routers can ping both the pc and server.
Is this normal?


this is the config for router 1

router 1

interface FastEthernet0/0
ip address 10.10.10.5 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 150.0.0.1 255.255.255.0
encapsulation ppp
ip nat outside
clock rate 56000
!
router rip
version 2
network 10.0.0.0
network 150.0.0.0
!
ip nat inside source list 1 interface Serial0/0 overload
ip classless
!
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end


and this is the config for router 2


router 2

interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 150.0.0.2 255.255.255.0
encapsulation ppp
ip nat outside
!
router rip
version 2
network 150.0.0.0
network 192.168.0.0
!
ip nat inside source static 192.168.0.2 150.0.0.2
ip classless
!
!
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end



ive attaced a screenshot of topology

thanks for looking
· Share on FacebookShare on Twitter

Comments

  • Options
    MrXpertMrXpert Member Posts: 586 ■■■□□□□□□□
    Can you post both your routing tables along with the output from "show ip nat statistics"
    Also a debug ip nat translation would be good too as you ping from one to the other.
    I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
    · Share on FacebookShare on Twitter
  • Options
    boredgameladboredgamelad Member Posts: 365 ■■■■□□□□□□
    I just tested in Packet Tracer using your configs. While in simulation mode I went step by step to see where the problem was.

    Router 1's translation table looks like this:

    Pro Inside global Inside local Outside local Outside global
    icmp 150.0.0.1:28 10.10.10.1:28 192.168.0.2:28 192.168.0.2:28

    This is correct. 10.10.10.1 is being translated properly to 150.0.0.1. The problem is when the response is sent by the Server. When the response is sent by the server, Router 2 translates its IP address (192.168.0.2) to 150.0.0.2:

    (from debug ip nat on Router 2)
    NAT: s=192.168.0.2->150.0.0.2, d=150.0.0.1 [14]

    Router 1 is not expecting an echo reply from 150.0.0.2 because it hasn't recently sent an echo-request to 150.0.0.2. It drops the packet in response.

    The problem here isn't that NAT is working incorrectly. NAT is working fine. What I suspect is happening is that you're clicking the "Add Simple PDU" button on the right hand side and then clicking the PC and the Server. This sends a ping from 10.10.10.1 to 192.168.0.2. This is what I did to get the above results, but what you really want to be doing is pinging from 10.10.10.1 to 150.0.0.2--to your PC, that is the IP address of the server. If NAT is functioning properly, your PC shouldn't ever know that the Server's locally assigned IP address is 192.168.0.2.

    What you should do instead of using the Add Simple PDU button is click on the PC, go to the command prompt, and ping 150.0.0.2 manually. Do this in simulation mode and follow the packet using the Capture/Forward button. You'll see it traverse the network from end to end successfully.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.