Dynamic NAT (Cisco packet tracer)

tsftsf

Please refer the 2nd Configuration i posted.

Magic Johnson

You only get NAT translations if traffic is NAT'd, if your pings are failing nothing will be getting translated.

EDIT: How come you are pinging an IP in the NAT pool?

Admiral Akmir

I just learned NAT myself, maybe I can help.

As Magic Johnson already said, you shouldn't test your configuration by pinging an address in the pool. A better thing to do is enable icmp debugging on the ISP router, and then ping that and watch to see if the pings are NAT'd or not.

ISP# debug ip icmp

Also on the access list, that deny statement is not needed because of the implicit deny that follows any statements in the list.

What is that 20 net for on the ISP router?

Gngogh

Hi,

im no expert to nat.. i have made a packet tracer with your configurations, just copy and paste,
and i got this.

Router(config-if)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 50.0.0.2:2 192.168.8.100:2 20.0.0.100:2 20.0.0.100:2
icmp 50.0.0.2:3 192.168.8.100:3 20.0.0.100:3 20.0.0.100:3
icmp 50.0.0.2:4 192.168.8.100:4 20.0.0.100:4 20.0.0.100:4


when i ping from the isp, i got this

Router#ping 50.0.0.2


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.0.0.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

U = destination unreachable

why i cannot ping 50.0.0.2 from the isp.

the isp is in the 30.0.0.0/24 network not in the 50.0.0.0/24

even though with the default route you have on your isp, no one will respond to the 50.0.0.2 request, because the physical address on the other side is 30.0.0.1

ip nat only work when connections are made from the inside to the outside. not the other way arround.

another thing i notice in your topology and in my opinion is wrong, is that no ISP will have a default route pointing in the customer direction.

Try and delete that default route. your topology wont work without that.

if you use a ip nat pool in the 30.0.0.0/24 network you dont need any default route on the ISP.

tsftsf

Hi,

All, i have done some changes in the config. But still im unable to ping the server
below is the config.

Problem: Although NAT Configured on r1 i'm unable to browse Cisco Systems, Inc - Cisco the other PC connected to r2

Attachements: r1 config,
r2 config,
ping results,
nat translations,
browser screenshots from pc connected to r2
browser screenshots from pc connected to r1

i'm able to ping 20.0.0.1 (public IP) from pc on r2 but unable to ping Cisco Systems, Inc - Cisco

someone kindly assist how to succeed in ping Cisco Systems, Inc - Cisco or resolve on browser when i enter Cisco Systems, Inc - Cisco


Below are the configurations as i couldnt attach the txt files
r1#sh ip int br
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.0.0.1 YES manual up up

FastEthernet0/1 unassigned YES unset administratively down down

Serial0/0/0 20.0.0.1 YES manual up up

Serial0/0/1 unassigned YES unset administratively down down

Vlan1 unassigned YES unset administratively down down
r1#
r1#
r1#
r1#
r1#
r1#sh run
r1#sh running-config
Building configuration...

Current configuration : 764 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 20.0.0.1 255.255.255.0
ip nat outside
clock rate 64000
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 10 interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!



r1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1025 30.0.0.10:1025
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1026 30.0.0.10:1026
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1027 30.0.0.10:1027
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1028 30.0.0.10:1028
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1029 30.0.0.10:1029
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1033 30.0.0.10:1033
tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1036 30.0.0.10:1036

R2 CONFIGURATION
r2#sh running-config
Building configuration...

Current configuration : 655 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 30.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
bandwidth 64
ip address 20.0.0.2 255.255.255.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

--More--


ping results
Ping results from r1
1>en
r1#ping Cisco Systems, Inc - Cisco

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms

ping results from r2
r2#ping 20.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/22 ms

r2#ping Cisco Systems, Inc - Cisco
Translating "www.cisco.com"...domain server (255.255.255.255)
% Unrecognized host or address or protocol not running.


ping results from pc connected to r2
PC>ping 20.0.0.1

Pinging 20.0.0.1 with 32 bytes of data:

Reply from 20.0.0.1: bytes=32 time=2ms TTL=254
Reply from 20.0.0.1: bytes=32 time=3ms TTL=254
Reply from 20.0.0.1: bytes=32 time=1ms TTL=254
Reply from 20.0.0.1: bytes=32 time=3ms TTL=254

PC>ping Cisco Systems, Inc - Cisco
Ping request could not find host Cisco Systems, Inc - Cisco. Please check the n

Plz refer image 5 for complete schematic.

Gngogh

can you post your DNS config???

tsftsf

For DNS i have just added a record in the server

server ip 10.0.0.10
a record Cisco Systems, Inc

if i put 10.0.0.10 in the server browser the test page opens.
if i try Cisco Systems, Inc on the same server no page opens

same issue from external network also.

image attached.

Gngogh

I dont understand very well your topology, and it looks a bit confusing to me.

1 - your server as the ip address of 10.0.0.10 which is running HTTP and DNS services.

2 - the DNS address that you have configured on the pc is 20.0.0.1, which is the serial interface on R1.

3 - your DNS records are pointing to the serial interface on R1 which is 20.0.0.1, where the website is at 10.0.0.10.

So when your pc is trying to query the DNS server, you get "Request timed out". because there is no DNS or HTTP services at 20.0.0.1

For this to work the way you have configured your devices, Try to use static NAT on R1 pointing to the server0.

please post the complete configurations, so i can copy them into to my packet tracer and understand better where the problem is in your topology.

Thanks.

mikeybinec

Where's the ACL? I must be blind