Вы находитесь на странице: 1из 2

DAY 6: NETWORK ADRESS TRANSLATION

Troubleshooting NAT
Nine times out of ten, the router administrator has forgotten to add the ip nat
outside or ip nat inside command to the router interfaces. In fact, this is
almost always the problem! The next most frequent mistakes include the wrong
ACL and a misspelled pool name (it is case sensitive). You can debug NAT
translations on the router by using the debug ip nat [detailed] command,
and you can view the NAT pool with the show ip nat translations command.
Day 6 Questions
1. NAT converts the _______ headers for incoming and outgoing traffic and keeps
track of each session.
2. The _______ address is the IP address of an outside, or external, host as it
appears to inside hosts.
3. How do you designate inside and outside NAT interfaces?
4. Which show command displays a list of your NAT table?
5. When would you want to use static NAT?
6. Write the configuration command for NAT 192.168.1.1 to 200.1.1.1.
7. Which command do you add to a NAT pool to enable PAT?
8. NAT most often fails to work because the _______ command is missing.
9. Which debug command shows live NAT translations occurring?
Day 6 Answers
1. Packet.
2. Outside local.
3. With the ip nat inside and ip nat outside commands.
4. The show ip nat translations command.
5. When you have a web server (for example) on the inside of your network.
6. ip nat inside source static 192.168.1.1 200.1.1.1.
7. The overload command.
8. The ip nat inside or ip nat outside command.
9. The debug ip nat [detailed] command.

TE 1

Static NAT Lab

1) Add IP address 192.168.1.1 255.255.255.0 to Router A and change


the hostname to Router A. Add IP address 192.168.1.2
255.255.255.0 to Router B. Add a clock rate to the correct side
and ping from A to B or from B to A. Check the previous labs if you
need a reminder.
2) You need to add an IP address to Router A to simulate a host on
the LAN. You can achieve this with a Loopback interface:
3) For testing, you need to tell Router B to send any traffic to any
network back out towards Router A. You will do this with a static
route:
4) Test to see whether the static route is working by pinging from
the Loopback interface on Router A to Router B:
5) Configure a static NAT entry on Router A. Using NAT, translate the
10.1.1.1 address to 172.16.1.1 when it leaves the router. You also
need to tell the router which is the inside and outside NAT
interface:
6) Turn on NAT debugging so you can see the translations taking
place. Then issue another extended ping (from L0) and check the
NAT table. Your output may differ from mine due to changes in
IOS.
7) Bear in mind that the router will clear the NAT translation soon
afterwards in order to clear the NAT address(es) for use by other

JFM

DAY 6: NETWORK ADRESS TRANSLATION


IP addresses:

NAT Pool Lab

The source list command tells the router which ACL to look at.
The ACL tells the router which networks will match the NAT pool.
6) Turn on NAT debugging so you can see the translations taking
place. Then issue extended pings (from L0 and L1) and check the
NAT table. You should see two addresses from the NAT pool being
used.

NAT Overload Lab

1) Add IP address 192.168.1.1 255.255.255.0 to Router A and change


the hostname to Router A. Add IP address 192.168.1.2
255.255.255.0 to Router B. Add a clock rate to the correct side
and ping from A to B or from B to A. Check the previous lab if you
need a reminder.
2) You need to add two IP addresses to Router A to simulate a host
on the LAN. You can achieve this with two Loopback interfaces.
They will be in different subnets but both start with a 10 address:
3) For testing, you need to tell Router B to send any traffic to any
network back out towards Router A. You will do this with a static
route:
4) Test to see whether the static route is working by pinging from
the Loopback interface on Router A to Router B:
5) Configure a NAT pool on Router A. For this lab, use 172.16.1.1 to
172.16.1.10. Any address starting with 10 will be a NAT.
Remember that you MUST specify the inside and outside NAT
interfaces or NAT wont work:

Repeat the previous lab. This time, when referring to the pool, add the
overload command to the end of the configuration line. This instructs the
router to use PAT. Leave off Loopback1.
Please note that , in the real world, your pool will usually have only one
address or you will overload your outside interface.

The ip nat pool command creates the pool of addresses. You


need to give the pool a name of your own choosing.
The netmask command tells the router which network mask to
apply to the pool.

TE 1

JFM