Official Lammle User Forum
|
#1
03-05-2009, 10:07 AM
|
|||
|
|||
NAT practice
Can someone pose a NAT problem for me? I need practice.
 Thanks!
|
|
#2
03-06-2009, 10:17 AM
|
|||
|
|||
|
Get packet tracer if you don't already have it and try this, 2nd post.
http://www.lammle.com/discussion/showthread.php?t=1212
__________________
Comptia: Network+, Server+; Cisco: CCENT, CCNA, CCNP; Microsoft: 70-291 Currently studying: CCNA Security Follow my CCNP progress with study notes on my blog: http://beyondccna.blogspot.co.uk/
|
|
#3
03-06-2009, 04:29 PM
|
|||
|
|||
|
Thanks, Fuzz.
PacketTracer said the .pkt file wasn't a valid file. Maybe I have an old version of PacketTracer. I have 4.1. So, I made myself a similar scenario that I can do with Dynamips. I couldn't figure out any way to test HTTP, so I said the server is a TFTP server (because I can cause a router or switch to be a TFTP server.) So, here's what I tried. Topology: Core Router--Fa0/0 Network 10.1.1.0/24 with 10.1.1.1 TFTP server S1/0 | | S1/0 RouterA--Fa0/0 Network 10.2.2.0/24 S1/1 | | S1/1 RouterB--Fa0/0 Network 10.3.3.0/24 Challenge: 1) Deny all except 10.3.3.11/24 telnet/ssh into routers 2) Deny traffic from network 10.3.3.0/24 accessing network 10.2.2.0/24 3) Permit 10.3.3.11/24 full IP access to 10.1.1.1/24 TFTP server 4) Deny all except TFTP traffic access to TFTP server 5) Use NAT overload for all addresses on the Fast Ethernet LAN on Router A going out s1/0. Anyone want to take a stab at it? You could dry lab it (write the config statements) if you don't have access to routers. I dry labbed it first and then tried it on Dynamips and got everything right! I'll post my solution later... Thanks again Fuzz!
|
|
#4
03-07-2009, 08:28 PM
|
|||
|
|||
|
Here are my answers!
 1) Deny all except 10.3.3.11/24 telnet/ssh into routers On all routers: access-list 1 permit 10.3.3.11 0.0.0.0 line vty 0 4 login local transport input telnet ssh access-class 1 in 2) Deny traffic from network 10.3.3.0/24 accessing network 10.2.2.0/24 RouterA access-list 101 deny ip 10.3.3.0 0.0.0.255 10.2.2.0 0.0.0.255 access-list 101 permit ip any any int s1/1 ip access-group 101 in 3) Permit 10.3.3.11/24 full IP access to 10.1.1.1/24 tftp server CoreRouter access-list 101 permit ip 10.3.3.11 0.0.0.0 10.1.1.1 0.0.0.0 int fa0/0 ip access-group 101 out 4) Deny all except tftp traffic access to tftp server CoreRouter access-list 101 permit udp any 10.1.1.1 0.0.0.0 eq tftp 5) Use NAT overload for all addresses on the Fast Ethernet LAN on Router A going out s1/0. int fa0/0 ip nat inside int s1/0 ip nat outside access-list 1 permit 10.2.2.0 0.0.0.255 ip nat inside source list 1 interface s1/0 overload Thoughts, comments? Thanks.
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help with NAT overload (PAT) | eduardo | Network Address Translation | 0 | 08-11-2011 01:22 AM |
| Help me with NAT | bjgodby | Network Address Translation | 3 | 11-28-2009 08:32 PM |
| NAT practice | Xfilers | Network Address Translation | 2 | 05-03-2009 01:23 PM |
| Dynamic NAT config: Difficulty in viewing results of the command - 'sh ip nat trans' | v4net | Network Address Translation | 0 | 04-21-2009 07:15 PM |
| Question on Lab Practice Scenario for Configuring NAT | gauthierda | General Questions (Any Chapter) | 0 | 04-03-2009 01:15 PM |
All times are GMT -5. The time now is 03:39 AM.