CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Pages (2): [1] 2 »
| Author |
Question about NAT
|
networxing
Junior Member
Registered: Sep 2005
Location:
Country:
State:
Certifications:
Working on:
Total Posts: 6
|
|
 Question about NAT
Hi all,
Just have a quick question. To set up NAT will i require a "registered" global IP address? Like i have been trying to setup NAT on my 2503 router--well i do set it up but it wont work in that i cant ping the " global ip adress" from my another router or from another Pc which are both connected to this 2503 router.
what iam doing is on 2503 iam giving the the local ip as 192.168.1.1(the ip of the pc the router is connected to) and global ip as 203.x.x.x. the ip nat transalation/stat commands shows the configurion to be saved.
when i ping the local ip from another pc or router its working(like the way it works when i dont have any NAT at all) but global ip doesnt. it say "dest not reachable". i have configured both ips as inside ips, as in inside local and inside global, isn't that correct? and also when do we use outside local and outside global, under what circumstances?
what am I missing here? can someone help pls?
Report this post to a moderator
|
|
 10-15-05 02:33 PM
|
|
chitownsvt
Member
Registered: Mar 2004
Location:
Country:
State:
Certifications:
Working on:
Total Posts: 33
|
|
|
try putting in 'ip nat outside' on the WAN interface, and 'ip nat inside' on the LAN interface. It would also help if you could post your config, I don't know what you've configured already...
Report this post to a moderator
|
|
|
10-15-05 02:52 PM
|
|
networxing
Junior Member
Registered: Sep 2005
Location:
Country:
State:
Certifications:
Working on:
Total Posts: 6
|
|
|
thanks for your reply.
ok, after i setup static route b/w 2503 and 2513 and get both the routers and pcs that connected to them ping each other...this is what i put in one of the router which is connected to a pc with ip addres 192.168.1.1
ip nat inside source static 192.168.1.1 200.200.200.1
interface ethernet 0
ip nat inside
exit
interface serial 0
ip nat outside
exit
also tried this
ip nat inside source list 1 pool nat-pool
access-list 1 permit 192.168.1.1 0.0.0.0
ip nat pool nat-pool 200.200.200.1 200.200.200.1 netmask 255.255.255.0
interface ethernet 0
ip nat inside
exit
interface serial 0
ip nat outside
exit
both of the time same result--cant ping global ip.
Report this post to a moderator
|
|
|
10-15-05 03:10 PM
|
|
JPaper007
Shaken not stirred
M
Registered: May 2001
Location:
Country: United States
State:
Certifications: CCNA, MCSA
Working on: MCSE 2K, CCNP
Total Posts: 84
|
|
|
Try this...
interface ethernet 0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface serial 0
200.200.200.1 255.255.255.0
ip nat outside
ip nat inside source list 1 interface serial 0
access-list 1 permit 192.168.1.0 0.0.0.255
If you only have 1 global IP address there is no ned to creat a NAT pool. Just point to the NAT outside interface. Also your access list was set up to only allow 192.168.1.1 out because of how you had your wildcard subnet mask setup. This is why you could not ping the outside from any internal IP address unless you did a extended ping and originated the ping from that address.
Good luck and let us know if this worked.
Report this post to a moderator
|
|
|
10-15-05 06:09 PM
|
|
johnaspen
Pi=3.14159265358979323846
M
Registered: Mar 2004
Location: Sioux Falls
Country: United States
State:
Certifications: CCNP, MCSA, Server+, Security+, Network+, A+, i-Net+, CIW-a
Working on: I hear NetWare's hot - might go for that ;)
Total Posts: 200
|
|
|
Looks like JPaper did all the work so that the rest of us can sit back and relax on this one . I didn't delve into it, but his config looks solid. He knows his stuff.
Only question I saw unanswered was about needing a registered global IP address. Inside your test network you can assign any address you want, so you don't have to worry about using that 200 public address. Typically most people do stick with private ranges though (10,172.16/12,192.168/24); that's what they're there for.
Report this post to a moderator
|
|
|
10-15-05 10:04 PM
|
|
JPaper007
Shaken not stirred
M
Registered: May 2001
Location:
Country: United States
State:
Certifications: CCNA, MCSA
Working on: MCSE 2K, CCNP
Total Posts: 84
|
|
|
Yea after I failed my first attempt at the 640-801 exam because of a NAT sim, I spent a lot of time reading and practicing NAT with my routers.
Here is a very useful link from Cisco on NAT
http://www.cisco.com/en/US/products.../>
091cb9.shtml
After your configuration is set you can use
Show ip nat statistics
and/or
Show ip nat translations
These commands will help you see what is going on with you NAT config.
You do not need a registered global IP address if you are doing offline/lab enviroment testing. So if your routers are not connected to the internet in any way then you can use private IP address for both inside and outside NAT interfaces.
Report this post to a moderator
|
|
|
10-16-05 07:50 AM
|
|
networxing
Junior Member
Registered: Sep 2005
Location:
Country:
State:
Certifications:
Working on:
Total Posts: 6
|
|
|
Tried many things---still no luck..same thing cant ping the global ip from my other router and pc
however i noticed one thing new--when iam pinging the local interface, it goes
reply from 200.x.x.x(which is the global ip iam setting)
but when i ping 200.x.x.x itself
result = dest not reachable
even from the pc the router is connected to directly its the same.
jpaper007--is your config instructions step by step?--it cant be cus that would actually setup router interface's ips. although i tried figuring out the steps you were directing me to but didnt get much out of it
any more suggestions pls any one?
Report this post to a moderator
|
|
|
10-17-05 06:00 PM
|
|
JPaper007
Shaken not stirred
M
Registered: May 2001
Location:
Country: United States
State:
Certifications: CCNA, MCSA
Working on: MCSE 2K, CCNP
Total Posts: 84
|
|
|
Can you paste your entire running configuration here? I would like to look at exactly what you have running. Also what IOS version are you running?
Thanks
Report this post to a moderator
|
|
|
10-17-05 06:15 PM
|
|
darthfeces
Senior Member
Registered: Mar 2001
Location: somewhere, NJ
Country: United States
State:
Certifications: A+, N+, I-net+, CCNP, CCDP, CCSP, CISSP
Working on: CCIE R&S Lab CCIE-S, PMP, CISM
Total Posts: 1786
|
|
|
|
10-17-05 07:25 PM
|
|
johnaspen
Pi=3.14159265358979323846
M
Registered: Mar 2004
Location: Sioux Falls
Country: United States
State:
Certifications: CCNP, MCSA, Server+, Security+, Network+, A+, i-Net+, CIW-a
Working on: I hear NetWare's hot - might go for that ;)
Total Posts: 200
|
|
|
|
10-18-05 02:38 AM
|
|
|
Click here for list of CCNA study
guides
Cisco exam notes
CCNA(tm) exam details
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
