Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT issue for TSHOOT Exam

Hi !

I'm currently studdy for CCNP TSHOOT CCNP Exam.

I had setuup a small lab with Cisco router to test lab...

in the attached file the configuration of the 2611 router...  with is currently doing the NATTING between 2 others routers (a 2501 which is basically acting as a standart host, and 4500 routeur which is acting as a router on the Internet).

I used ping command to generate traffic between my 2501 and 4500 router.  For testing I'm send my ping request to the interface connected to the 2611 on the wan side.

I had received some reply from 4500 on my 2501 router, but I also lost some of them, and I do not understand.  With sniffer software placed between 2611 and 4500, I see ping request with source interface of my 2501 router but not NAT (in it's original state) when I see test on sniffer software I did not received reply on my 2501 for my ping request (that normal, but why something the IP address of my 2501 is not NAT and sometimes not ?)

I was defined my access-list on my 2611 as is to defined which traffic should be NAT :


ip access-list extended INTERNE
permit ip 192.168.2.0 0.0.0.255 any log
permit icmp  192.168.2.0 0.0.0.255 any log
deny   ip any any log
deny   icmp any any log

Because I do not defined very often access-list and to make sampler all test I had redefined the same access-list, but by defining each specific host in the LAN.  I was look like working a little bit better, but it's do not always gave the intended behavior.

Also, I had done "show ip nat translation" I seen my NAT entry, I again later and I did not seen any entry.  I was pass maybe 5 min. between I issued those command.

I had also done same test with 1605 router to doing NAT, but I do not received very better result, is possible for some one to help me ?

my 2611 router is currently running IOS : c2600-i-mz.122-8.T5.bin

my 1605 router is currenly running IOS : c1600-y-mz.122-26c.bin

Thanks a lot !

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: NAT issue for TSHOOT Exam

Hi,

The config looks normal to me.

Can you please enable "debug ip packet detail " and "debug ip nat" on 26xx router and then test ping from 2501? Pls capture and paste the information over here along with "sh ip nat translations". The "acl-num" is a new ACL permitting only ICMP traffic from/to 192.168.2.x so that we can limit the packets for our requirement.

Regards...

-Ashok.

With best regards... Ashok ----------- Pls kindly rate if helpful or answered your question.
3 REPLIES
Cisco Employee

Re: NAT issue for TSHOOT Exam

Hi,

So you tested on 192.168.2.2, and ping 192.168.200.2? It sometimes works, sometimes doesnt?

Your IOS is very old; regarless that is a software defect or not, I think you should upgrade the code first.

HTH,

Lei Tian

Bronze

Re: NAT issue for TSHOOT Exam

Hi,

The config looks normal to me.

Can you please enable "debug ip packet detail " and "debug ip nat" on 26xx router and then test ping from 2501? Pls capture and paste the information over here along with "sh ip nat translations". The "acl-num" is a new ACL permitting only ICMP traffic from/to 192.168.2.x so that we can limit the packets for our requirement.

Regards...

-Ashok.

With best regards... Ashok ----------- Pls kindly rate if helpful or answered your question.
New Member

Re: NAT issue for TSHOOT Exam

Hi !

for some reason I did not able to reproced the problem.....

313
Views
5
Helpful
3
Replies