CORRECT TEXT
Lab-NAT
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110.
The company has 14 hosts that need to access the internet simultaneously. The hosts in the
company LAN have been assigned private space addresses in the range of 192.168.100.17 –
192.168.100.30.
Answer: See the explanation
Explanation:
The company has 14 hosts that need to access the internet simultaneously but
we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29.
Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask
255.255.255.248
Create a standard access control list that permits the addresses that are to be
translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined
in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which
means a source address from 192.168.100.17 to 192.168.100.30, into an
address from the pool named mypool (the pool contains addresses from
198.18.184.105 to 198.18.184.110)
Overload keyword allows to map multiple IP addresses to a single registered IP
address (many-to-one) by using different ports
The question said that appropriate interfaces have been configured for NAT
inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your
understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C :\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114Another way
Click Knowledge Base for NAT SIM to learn the concepts before attempting or learning this SIM
Question
NAT SIM Configuration:
The following configuration translates between inside hosts (Weaver LAN) addressed from
192.168.100.16 /28 network (192.168.100.17 – 192.168.100.30) to the globally unique pool of
address provided by ISP 198.18.184.105 – 198.18.184.110/29.
Weaver>enable
Weaver#configure terminal
Before starting the NAT configuration verify that router hostname currently configured is weaver. If
not change hostname to Weaver using the command
Router(config)#hostname Weaver
Step1: Create an access-list to match all the Weaver LAN address that need to be the candidates
for NAT translations
Weaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15
Step2: Create a NAT Pool with pool name isp_adr and specify the pool address range provided by
ISP with their netmask.
Weaver(config)#ip nat pool TestKiss 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Step3: Packets that match access-list 10 will be translated to an address from the pool called
“TestKiss”.
Overload keyword specify to use Port based NATing to support all the Weaver LAN address
range.
Weaver(config)#ip nat inside source list 10 pool TestKiss overload
SIM Question already provides that appropriate interfaces have been configured for NAT Inside
and NAT Outside statements.
For your information configuration would have been like this
Weaver(config)#interface fastethernet 0/0
Weaver(config-if)#ip nat inside
Weaver(config)#interface serial 0/0
Weaver(config-if)#ip nat outside
Weaver#copy run start
Functionality Test:
Our requirements are to allow the hosts (Weaver LAN) the ability to communicate with the
Internet. For this test, we ping the
Internet device (ISP router S0/1) from Host for testing.
Step1:
Go to host for testing:Answer) \>ping 192.0.2.114
PING should be success to 192.0.2.114 since SIM question provides that static route is already
configured on router.
Step2:On console of router (Weaver) :
Issue show ip nat translation command to verify the NAT translations.
Sample output:
Considering host for testing IP address is 192.168.100.17
weaver# show ip nat translation
Pro Inside global Inside local Outside local Outside global
icmp 198.18.184.105:434 192.168.100.17:434 192.0.2.113:434 192.0.2.114:434
icmp 198.18.184.105:435 192.168.100.17:435 192.0.2.113:435 192.0.2.114:435
icmp 198.18.184.105:436 192.168.100.17:436 192.0.2.113:436 192.0.2.114:436
icmp 198.18.184.105:437 192.168.100.17:437 192.0.2.113:437 192.0.2.114:437
icmp 198.18.184.105:438 192.168.100.17:438 192.0.2.113:438 192.0.2.114:438