nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

stuck in NAT, How do you simulate internet in packet tracer?

CaptainL

Hi, I'm stuck in NAT, I tried making this topology to study NAT, but whenever I put the IP address of the server into the web browser I'am getting a connection. I haven't yet configured NAT in this scenario. can you help me out?

Untitled.jpg

Untitled1.jpg

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

m3zilla

What makes you think you'll need NAT to make the connection? As long the routers have the route, it's going to, well, route!

You can "simulate the internet" by applying an ACL on the 2nd router to drop 172.16 traffic.

CaptainL

m3zilla wrote: »

What makes you think you'll need NAT to make the connection? As long the routers have the route, it's going to, well, route!

You can "simulate the internet" by applying an ACL on the 2nd router to drop 172.16 traffic.

I'll apply ACL denying 172.16 on the 2nd router then configure NAT to simulate the internet and to allow 172.16 for web browsing?

DANMOH009

You will have to use NAT to translate the 172.16 (inside local) into an Inside Global address to communicate with the web server.

Why dont you kill 2 birds with one stone! set up another LAN one in the 192 range, and the set and ACL to only allow the 192 or the 172 range and translate it to an IP that can communicate with the server.

That way your really concentrating on NAT and ACL (in more depth then normal).

m3zilla

CaptainL wrote: »

I'll apply ACL denying 172.16 on the 2nd router then configure NAT to simulate the internet and to allow 172.16 for web browsing?

By blocking 172.16 on the 2nd router (or only permitting 2.2.2.0/24), you're ensuring that the hosts are not coming in as their original address. You can then focus on the NAT configuration and use sh ip nat translation (I think..haven't done NAT on a router in a while) to verify the NAT translation.

CaptainL

I got this one working. here's what I did

I apply ACL on Router 1
access-list 10 deny 172.16.1.0 0.0.0.255
access-list 10 permit any
Interface FastEthernet 0/0
ip access-list 10 out

then tried to ping the host to the server
result: FAILED

Now, I apply the NAT on Router 1
Ip nat inside source static 172.16.1.2 3.3.3.3
interface fastethernet 0/0
ip nat outside
interface serial 0/0/0
ip nat inside

To test, I've open up the web browser on PC0 and typed "1.1.1.2" then I got a connection.
tried this with the PC1 and It failed. to verify I've used the command show ip nat translation and It shows that the 172.16.1.2 was translated into 3.3.3.3 as it goes out of router 1.

I will try again the other 2 type of NAT. Thank you m3zilla and DANMOH009 for the help. happy me!

DANMOH009

no worries good luck, you've got me playing around with ACLs and NAT again aswell, so cheers.