Dynamic NAT (Cisco packet tracer)

tsftsftsftsf Member Posts: 7 ■□□□□□□□□□
in CCNA & CCENT
Please refer the 2nd Configuration i posted.
· Share on FacebookShare on Twitter

Comments

  • Magic JohnsonMagic Johnson Member Posts: 414
    You only get NAT translations if traffic is NAT'd, if your pings are failing nothing will be getting translated.

    EDIT: How come you are pinging an IP in the NAT pool?
    · Share on FacebookShare on Twitter
  • Admiral AkmirAdmiral Akmir Member Posts: 40 ■■□□□□□□□□
    I just learned NAT myself, maybe I can help.

    As Magic Johnson already said, you shouldn't test your configuration by pinging an address in the pool. A better thing to do is enable icmp debugging on the ISP router, and then ping that and watch to see if the pings are NAT'd or not.

    ISP# debug ip icmp

    Also on the access list, that deny statement is not needed because of the implicit deny that follows any statements in the list.

    What is that 20 net for on the ISP router?
    · Share on FacebookShare on Twitter
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    Hi,

    im no expert to nat.. i have made a packet tracer with your configurations, just copy and paste,
    and i got this.

    Router(config-if)#exit
    Router(config)#exit
    Router#
    %SYS-5-CONFIG_I: Configured from console by console
    sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    icmp 50.0.0.2:2 192.168.8.100:2 20.0.0.100:2 20.0.0.100:2
    icmp 50.0.0.2:3 192.168.8.100:3 20.0.0.100:3 20.0.0.100:3
    icmp 50.0.0.2:4 192.168.8.100:4 20.0.0.100:4 20.0.0.100:4


    when i ping from the isp, i got this

    Router#ping 50.0.0.2


    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 50.0.0.2, timeout is 2 seconds:
    U.U.U
    Success rate is 0 percent (0/5)

    U = destination unreachable

    why i cannot ping 50.0.0.2 from the isp.

    the isp is in the 30.0.0.0/24 network not in the 50.0.0.0/24

    even though with the default route you have on your isp, no one will respond to the 50.0.0.2 request, because the physical address on the other side is 30.0.0.1

    ip nat only work when connections are made from the inside to the outside. not the other way arround.

    another thing i notice in your topology and in my opinion is wrong, is that no ISP will have a default route pointing in the customer direction.

    Try and delete that default route. your topology wont work without that.

    if you use a ip nat pool in the 30.0.0.0/24 network you dont need any default route on the ISP.
    · Share on FacebookShare on Twitter
  • tsftsftsftsf Member Posts: 7 ■□□□□□□□□□
    Hi,

    All, i have done some changes in the config. But still im unable to ping the server
    below is the config.

    Problem: Although NAT Configured on r1 i'm unable to browse Cisco Systems, Inc - Cisco the other PC connected to r2

    Attachements: r1 config,
    r2 config,
    ping results,
    nat translations,
    browser screenshots from pc connected to r2
    browser screenshots from pc connected to r1

    i'm able to ping 20.0.0.1 (public IP) from pc on r2 but unable to ping Cisco Systems, Inc - Cisco

    someone kindly assist how to succeed in ping Cisco Systems, Inc - Cisco or resolve on browser when i enter Cisco Systems, Inc - Cisco


    Below are the configurations as i couldnt attach the txt files
    r1#sh ip int br
    Interface IP-Address OK? Method Status Protocol

    FastEthernet0/0 10.0.0.1 YES manual up up

    FastEthernet0/1 unassigned YES unset administratively down down

    Serial0/0/0 20.0.0.1 YES manual up up

    Serial0/0/1 unassigned YES unset administratively down down

    Vlan1 unassigned YES unset administratively down down
    r1#
    r1#
    r1#
    r1#
    r1#
    r1#sh run
    r1#sh running-config
    Building configuration...

    Current configuration : 764 bytes
    !
    version 12.4
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname r1
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 10.0.0.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface Serial0/0/0
    bandwidth 64
    ip address 20.0.0.1 255.255.255.0
    ip nat outside
    clock rate 64000
    !
    interface Serial0/0/1
    no ip address
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    ip nat inside source list 10 interface Serial0/0/0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0/0
    !
    !



    r1#sh ip nat translations
    Pro Inside global Inside local Outside local Outside global
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1025 30.0.0.10:1025
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1026 30.0.0.10:1026
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1027 30.0.0.10:1027
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1028 30.0.0.10:1028
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1029 30.0.0.10:1029
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1033 30.0.0.10:1033
    tcp 20.0.0.1:80 10.0.0.10:80 30.0.0.10:1036 30.0.0.10:1036

    R2 CONFIGURATION
    r2#sh running-config
    Building configuration...

    Current configuration : 655 bytes
    !
    version 12.4
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname r2
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 30.0.0.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    shutdown
    !
    interface Serial0/0/0
    bandwidth 64
    ip address 20.0.0.2 255.255.255.0
    !
    interface Serial0/0/1
    no ip address
    shutdown
    !
    interface Vlan1
    no ip address
    shutdown
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0/0
    !
    !
    !
    !
    !
    !
    !
    line con 0
    !
    line aux 0
    !
    line vty 0 4
    login
    !
    !
    !
    end

    --More--


    ping results
    Ping results from r1
    1>en
    r1#ping Cisco Systems, Inc - Cisco

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms

    ping results from r2
    r2#ping 20.0.0.1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/22 ms

    r2#ping Cisco Systems, Inc - Cisco
    Translating "www.cisco.com"...domain server (255.255.255.255)
    % Unrecognized host or address or protocol not running.


    ping results from pc connected to r2
    PC>ping 20.0.0.1

    Pinging 20.0.0.1 with 32 bytes of data:

    Reply from 20.0.0.1: bytes=32 time=2ms TTL=254
    Reply from 20.0.0.1: bytes=32 time=3ms TTL=254
    Reply from 20.0.0.1: bytes=32 time=1ms TTL=254
    Reply from 20.0.0.1: bytes=32 time=3ms TTL=254

    PC>ping Cisco Systems, Inc - Cisco
    Ping request could not find host Cisco Systems, Inc - Cisco. Please check the n

    Plz refer image 5 for complete schematic.
    1.PNG 11.7K
    2.PNG 6.6K
    3.jpg 17.5K
    4.jpg 24.1K
    5.jpg 15.4K
    · Share on FacebookShare on Twitter
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    can you post your DNS config???
    · Share on FacebookShare on Twitter
  • tsftsftsftsf Member Posts: 7 ■□□□□□□□□□
    For DNS i have just added a record in the server

    server ip 10.0.0.10
    a record Cisco Systems, Inc

    if i put 10.0.0.10 in the server browser the test page opens.
    if i try Cisco Systems, Inc on the same server no page opens

    same issue from external network also.

    image attached.
    · Share on FacebookShare on Twitter
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    I dont understand very well your topology, and it looks a bit confusing to me.

    1 - your server as the ip address of 10.0.0.10 which is running HTTP and DNS services.

    2 - the DNS address that you have configured on the pc is 20.0.0.1, which is the serial interface on R1.

    3 - your DNS records are pointing to the serial interface on R1 which is 20.0.0.1, where the website is at 10.0.0.10.

    So when your pc is trying to query the DNS server, you get "Request timed out". because there is no DNS or HTTP services at 20.0.0.1

    For this to work the way you have configured your devices, Try to use static NAT on R1 pointing to the server0.

    please post the complete configurations, so i can copy them into to my packet tracer and understand better where the problem is in your topology.

    Thanks.
    · Share on FacebookShare on Twitter
  • mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    Where's the ACL? I must be blind
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
    · Share on FacebookShare on Twitter
Sign In or Register to comment.