CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

  #1  
Old 03-05-2009, 10:07 AM
Tigerprawn Tigerprawn is offline
Junior Member
 
Join Date: Mar 2009
Posts: 7
Default NAT practice

Can someone pose a NAT problem for me? I need practice. Thanks!
Reply With Quote
  #2  
Old 03-06-2009, 10:17 AM
Fuzz Fuzz is offline
Cisco Veteran
 
Join Date: Nov 2008
Location: Birmingham, UK
Posts: 1,413
Default

Get packet tracer if you don't already have it and try this, 2nd post.

http://www.lammle.com/discussion/showthread.php?t=1212
__________________
CCNP R&S, CCNA DC
Currently studying: CCIE R&S, CCNP Data Centre
Follow my CCIE progress with study notes on my blog: http://beyondccna.blogspot.co.uk/
Reply With Quote
  #3  
Old 03-06-2009, 04:29 PM
Tigerprawn Tigerprawn is offline
Junior Member
 
Join Date: Mar 2009
Posts: 7
Default

Thanks, Fuzz.

PacketTracer said the .pkt file wasn't a valid file. Maybe I have an old version of PacketTracer. I have 4.1.

So, I made myself a similar scenario that I can do with Dynamips. I couldn't figure out any way to test HTTP, so I said the server is a TFTP server (because I can cause a router or switch to be a TFTP server.) So, here's what I tried.

Topology:


Core Router--Fa0/0 Network 10.1.1.0/24 with 10.1.1.1 TFTP server
S1/0
|
|
S1/0
RouterA--Fa0/0 Network 10.2.2.0/24
S1/1
|
|
S1/1
RouterB--Fa0/0 Network 10.3.3.0/24


Challenge:

1) Deny all except 10.3.3.11/24 telnet/ssh into routers

2) Deny traffic from network 10.3.3.0/24 accessing network 10.2.2.0/24

3) Permit 10.3.3.11/24 full IP access to 10.1.1.1/24 TFTP server

4) Deny all except TFTP traffic access to TFTP server

5) Use NAT overload for all addresses on the Fast Ethernet LAN on Router A going out s1/0.


Anyone want to take a stab at it? You could dry lab it (write the config statements) if you don't have access to routers.

I dry labbed it first and then tried it on Dynamips and got everything right!

I'll post my solution later...

Thanks again Fuzz!
Reply With Quote
  #4  
Old 03-07-2009, 08:28 PM
Tigerprawn Tigerprawn is offline
Junior Member
 
Join Date: Mar 2009
Posts: 7
Default

Here are my answers!

1) Deny all except 10.3.3.11/24 telnet/ssh into routers
On all routers:
access-list 1 permit 10.3.3.11 0.0.0.0
line vty 0 4
login local
transport input telnet ssh
access-class 1 in

2) Deny traffic from network 10.3.3.0/24 accessing network 10.2.2.0/24
RouterA
access-list 101 deny ip 10.3.3.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 101 permit ip any any
int s1/1
ip access-group 101 in

3) Permit 10.3.3.11/24 full IP access to 10.1.1.1/24 tftp server
CoreRouter
access-list 101 permit ip 10.3.3.11 0.0.0.0 10.1.1.1 0.0.0.0
int fa0/0
ip access-group 101 out

4) Deny all except tftp traffic access to tftp server
CoreRouter
access-list 101 permit udp any 10.1.1.1 0.0.0.0 eq tftp

5) Use NAT overload for all addresses on the Fast Ethernet LAN on Router A going out s1/0.
int fa0/0
ip nat inside
int s1/0
ip nat outside
access-list 1 permit 10.2.2.0 0.0.0.255
ip nat inside source list 1 interface s1/0 overload


Thoughts, comments? Thanks.
Reply With Quote
Reply

Bookmarks
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on Lab Practice Scenario for Configuring NAT gauthierda General Questions (Any Chapter) 1 08-27-2013 11:43 AM
Help with NAT overload (PAT) eduardo Network Address Translation 0 08-11-2011 01:22 AM
Help me with NAT bjgodby Network Address Translation 3 11-28-2009 08:32 PM
NAT practice Xfilers Network Address Translation 2 05-03-2009 01:23 PM
Dynamic NAT config: Difficulty in viewing results of the command - 'sh ip nat trans' v4net Network Address Translation 0 04-21-2009 07:15 PM


All times are GMT -5. The time now is 03:24 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
css.php