Greetings, and welcome to Seeseenayy.
Packet Tracer Details: Someone messed up the network and we need to diagnose, then correct, all issues within this network.
A contractor restored an old configuration to a new router running NAT. But, the network has changed and a new subnet was added after the old configuration was backed up. It is your job to get the network working again.
Below you will find a download of the completed packet tracer file. It is recommended that you read the tutorial or so.
Packet Tracer Details: Someone messed up the network and we need to diagnose, then correct, all issues within this network.
A contractor restored an old configuration to a new router running NAT. But, the network has changed and a new subnet was added after the old configuration was backed up. It is your job to get the network working again.
Below you will find a download of the completed packet tracer file. It is recommended that you read the tutorial or so.
Download(s)
Alternatively, you may use the commands from the tutorial to complete this PT.
Tutorial / Walk-through
First, lets see our current configuration by utilizing the 'show run' command.
R2>en
R2#show run
By a closer inspection of the following:
ip nat pool R2POOL 209.165.76.195 209.165.76.223 netmask 255.255.255.224
ip nat inside source list 101 pool R2POOL
ip classless
ip route 10.0.0.0 255.0.0.0 10.4.1.2
ip route 0.0.0.0 0.0.0.0 209.165.76.193
!
ip flow-export version 9
!
!
access-list 101 permit ip 10.4.10.0 0.0.0.255 any
!
It is able to be determined that:
1a. There is a missing statement for the second network.
1b. That missing statement needs to be translated.
1c. The address in question is the "10.4.10.0" address.
i. for later notice, the wildcard masks for both networks is 0.0.1.255 which covers both 10.4.11.0 and 10.4.10.0
Upon further inspection of the config, we can observe this segment:
interface Serial0/0/0
ip address 209.165.76.194 255.255.255.224
ip nat inside
clock rate 2000000
!
interface Serial0/0/1
ip address 10.4.1.1 255.255.255.252
ip nat outside
clock rate 2000000
!
It is able to be determined that:
2. They witched outside and inside interface types.
Lets resolve this issue by editing the present access list within R2.
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#no ip access-list extended 101
R2(config)#ip access-list extended 101
R2(config-ext-nacl)#permit ip 10.4.10.0 0.0.1.255 any
R2(config-ext-nacl)#exit
R2(config)#int s0/0/0
R2(config-if)#ip nat outside
R2(config-if)#ex
R2(config)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#
So essentially what we did is we: modified the access list to correct an invalid IP address, and changed the direction of the serial NAT faces (outside and inside switched).
Both PCs should be able to ping the designated objects.
ip nat inside source list 101 pool R2POOL
ip classless
ip route 10.0.0.0 255.0.0.0 10.4.1.2
ip route 0.0.0.0 0.0.0.0 209.165.76.193
!
ip flow-export version 9
!
!
access-list 101 permit ip 10.4.10.0 0.0.0.255 any
!
It is able to be determined that:
1a. There is a missing statement for the second network.
1b. That missing statement needs to be translated.
1c. The address in question is the "10.4.10.0" address.
i. for later notice, the wildcard masks for both networks is 0.0.1.255 which covers both 10.4.11.0 and 10.4.10.0
Upon further inspection of the config, we can observe this segment:
interface Serial0/0/0
ip address 209.165.76.194 255.255.255.224
ip nat inside
clock rate 2000000
!
interface Serial0/0/1
ip address 10.4.1.1 255.255.255.252
ip nat outside
clock rate 2000000
!
It is able to be determined that:
2. They witched outside and inside interface types.
Lets resolve this issue by editing the present access list within R2.
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#no ip access-list extended 101
R2(config)#ip access-list extended 101
R2(config-ext-nacl)#permit ip 10.4.10.0 0.0.1.255 any
R2(config-ext-nacl)#exit
R2(config)#int s0/0/0
R2(config-if)#ip nat outside
R2(config-if)#ex
R2(config)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#
So essentially what we did is we: modified the access list to correct an invalid IP address, and changed the direction of the serial NAT faces (outside and inside switched).
Both PCs should be able to ping the designated objects.
0 comments:
Post a Comment