Home > Ticket 4 – NAT Outside

Ticket 4 – NAT Outside

May 3rd, 2018 in TSHOOT v2 Go to comments

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

interface Serial0/0/0
  description Link to R2
  ip address 10.1.1.1 255.255.255.252
  ip nat outside
  ip ospf message-digest-key 1 md5 TSHOOT
  ip ospf authentication message-digest
!
interface Serial0/0/1
  description Link to ISP
  ip address 209.65.200.225 255.255.255.252
  ip nat outside
!

Ans1) R1
Ans2) NAT
Ans3) Under the interface Serial0/0/0 configuration enter the ‘ip nat inside’ command.

Comments (26) Comments
Comment pages
1 5 6 7 28
  1. passed2k18
    January 14th, 2018

    Pass Friday with perfect score. This question is still bugged where the Show Run is S0/0/1 as outside interface, but the show ip nat statistics exposes the NAT issue with s0/0/0 and s0/0/1 as both inside.. Trust show ip nat statistics not show run.

  2. bubu2018
    January 16th, 2018

    all tickets were like at 9tut? it’s something changed?

  3. passed2k18
    January 16th, 2018

    @bubu2018 Well Networktut, not 9tut :) All MCP, BGP Sim, and Tickets are valid. There are 2 bugs though. This Nat question and the OSPF to EIGRP question. Look at the comments on both tickets and you will be fine.

  4. Hunter
    February 9th, 2018

    Anyways trust the “sh ip nat statistics” on R1 which will show no outside interface.. Easiest way to solve this TT. But this is a very tricky TT to spot as 209.65.200.241 pings from everywhere else except client1..

  5. Run
    February 28th, 2018

    @furqan
    @ccnp-men
    Copy below Link:
    docs.google.com/document/d/1pvlIKZxcJaYV7h7meFP0Cy5odjqhI-HSIn-akmBM79s/edit

    thnku all
    passed with 9xx no removed lab..
    12 ticket
    4 dnd
    2 mcq
    i lab bgp

    thnx all who cmnt and share experience here..
    All this files in link above enough to secure pass easily.

  6. Anonymous
    March 1st, 2018

    I’m not understanding the problem here…sh run shows s0/0/1 as an inside interface as does sh ip nat stat…so the answer is:

    1) R1
    2) NAT
    3) Under s0/0/1 delete “ip nat inside” and add “ip nat outside”?

  7. Will
    March 4th, 2018

    In the exam, when you enter show ip nat statistic both interface are in nat inside. You need to change interface s0/0/1 to ip nat outside.

  8. hresp
    March 26th, 2018

    Hi, I pass the exam yesterday and in this ticket I found both interfaces s0/0/0 and s0/0/1 with “ip nat outside” configuration. Have changed the s0/0/0 to inside.

  9. this is…
    March 29th, 2018

    under NAT access list, enter the command permit 10.2.0.0 0.0.255.255”

  10. Anonymous
    March 29th, 2018

    The config for this ticket is f-ked up and misleading and leaves no alternative but to learn by heart like parrot!!!

    Regardless, this is way ping is failing: on R1 NAt access list won’t allow traffic from the network 10.2.0/24 to pass:
    ip access-list standard Nat_Traffic
    permit 10.1.0.0 0.0.255.255
    permit 192.168.1.128 0.0.0.31

    Add : permit 10.2.0.0 0.0.255.255 to the access list and ping form the Client 1 will be successful.

    If you want to mimic exam environment, on the interface connecting to ISP replace ip nat outside with ip nat inside.

    config t 0
    interface Serial 0/0/0/1
    no ip nat outside
    ip nat inside

    end

    wr mem

    The above config change will cause ping from any device to fail.

    There is no such thing as bug in exam, everything is very intentionally tricky

    show ip nat will show the miss configuration

  11. O_sal
    April 3rd, 2018

    Yesterday I got this ticket in the exam, exactly as it is here, the only thing confused me was DSW1 was pinging the internet server 209.65.200.241, while R4, R3, & R2 were not, I thought there was some other issue or a change, it took me 40 minutes to check everything from A to Z.

    At the end I decided to go with nat out side as an issue for the local interface of R1.

    I guess that was a bug.

  12. lucifuge21
    April 3rd, 2018

    Passed today with perfect score. In my exam both interfaces had outside NAT so I had to choose the inside option.
    If ping from client to R1 is successful, check “ip nat stat”. If both interfaces are outside, check inside.

    Good luck.

  13. Asbestos Watch Adelaide
    April 23rd, 2018

    Youre so cool! I dont suppose Ive read something like this before. So nice to find somebody with some original thoughts on this subject. realy thank you for beginning this up. this web site is one thing that’s needed on the web, somebody with a bit of originality. helpful job for bringing one thing new to the internet!

    https://degreed.com/asbestoswatchadelaide/index/1#/collection

  14. phylon
    May 1st, 2018

    Presented today the ticket they inverted the simulation now the 2 interfaces are nat inside and the s0/0/1 need to be change to NAT outside instead NAT inside

  15. smk
    May 3rd, 2018

    Pass with 97x/1000

    Thanks for all your comments,
    the Tickets are still vaild.
    had total 22Q
    new D&D & MCQ – valid
    HSRP SIM – valid (including the 4q R5 & R4 – DHCP issue)
    Other tickets were
    Ticket 1 – IPv4 OSPF Routing (R1: Add “ip ospft Authentication message-digest” under S0/0/0/0)
    Ticket 3 – BGP (R1: wrong Neighbor address)
    Ticket 4 – NAT (R1: IP NAT inside on S0/0/0/1 (both interfaces IP NAT Inside)
    Ticket 8 – Access VLAN (ASW1: switchport mode trunk; change to switchport mode access)
    Ticket 9 – Switch to switch connectivity (ASW1: Switchport trunk allowed vlan 10 200)
    Ticket 11 – IPV4 Redistribution (R4: Wrong Route-map name OSPF->EIGRP changed to OSPF_TO_EIGRP)
    Ticket 12 – IPv6 OSPF routing (R2: add “ipv6 ospf 6 area 0” under S0/0/0/0.23)
    Ticket 13 – DHCP Helper (DSW1: wrong address based on what R4 loopback – change 10.2.21.129 to 10.1.21.129)
    Ticket 15 – IPv6-IPV4 connectivity (R3: Remove “tunnel mode ipv6 under tunnel34)
    Ticket 16 – IPV6 RIPng OSPFv3 Redistribute

  16. Marty
    May 7th, 2018

    SMK – which D&D did you get? Did you have the GRE packet/header sequence? If so, what order did you place it in? Thanks

  17. Anonymous
    May 7th, 2018

    SMK , can you please share the link for the dump you studied ?

  18. Anonymous
    May 8th, 2018

    Is anyone else not able to see the questions and answers or is it just me?

  19. ccnpbotswana
    May 9th, 2018

    if both interfaces in the configuration in the exam are IP NAT INSIDE which answer do we choose on the third option when selecting answers.???

  20. ccnpbotswana
    May 9th, 2018

    if both interfaces in the configuration in the exam are IP NAT INSIDE which answer do we choose on the third option when selecting answers.???

    which is the correct option between the two;

    under the interface s0/0/0 configuration enter the ‘ip nat inside’ command

    or

    under the interface s0/0/1 configuration enter the ‘ip nat outside’ command

  21. 46598dasd
    May 14th, 2018

    2018 Latest Update CCNP Dumps 300-135 100% Valid
    stumbleupon.com/su/1xowyV

  22. CCNP2k
    May 24th, 2018

    This IP NAT inside ticket #4 is actually a Nat access-list issue.

    The broken access list:
    !
    ip access-list standard Nat_Traffic
    permit 10.1.0.0 0.0.255.255
    permit 192.168.1.128 0.0.0.31
    access-list 30 permit 209.65.200.224 0.0.0.3
    access-list 30 permit host 209.65.200.241
    access-list 30 permit host 15.15.15.15
    access-list 30 deny 10.1.0.0 0.0.255.255
    access-list 30 deny 10.2.0.0 0.0.255.255
    !

    Good access-lists
    !
    ip access-list standard Nat_Traffic
    permit 10.1.0.0 0.0.255.255
    permit 10.2.0.0 0.0.255.255
    permit 192.168.1.128 0.0.0.31
    access-list 30 permit 209.65.200.224 0.0.0.3
    access-list 30 permit host 209.65.200.241
    access-list 30 permit host 15.15.15.15
    access-list 30 deny 10.1.0.0 0.0.255.255
    access-list 30 deny 10.2.0.0 0.0.255.255
    !
    This caused the traffic from vlan10 to get all the way to R1 10.1.1.1 interface but no further.

  23. Yammer
    May 28th, 2018

    For those who have this ticket recently, has this changed?

  24. X
    June 6th, 2018

    @ ccnpbotswana May 9th, 2018

    “if both interfaces in the configuration in the exam are IP NAT INSIDE which answer do we choose”

    Answer:
    under the interface s0/0/1 configuration enter the ‘ip nat outside’ command

    @CCNP2k May 24th, 2018
    Thank you for the feedback. It looks like this is an NAT ACL issue and that makes sense, the fist ACL “ip access-list standard Nat_Traffic” does not allow the network 10.2.0.0 (hit the implicit deny at the end of the ACL), the second one has an explicit permit entry:

    ip access-list standard Nat_Traffic
    permit 10.1.0.0 0.0.255.255
    permit 192.168.1.128 0.0.0.31

    ip access-list standard Nat_Traffic
    permit 10.1.0.0 0.0.255.255
    permit 10.2.0.0 0.0.255.255 <<<
    permit 192.168.1.128 0.0.0.31

    Thank you team.

  25. X
    June 6th, 2018

    Does anyone know if in the same ticket we can skip question 1 and 2 so that we can have an insight in question 3 were the issue might be and troubleshoot from there?

  26. sybabe
    July 7th, 2018

    Did anyone notice that the network command statement 10.1.1.0 0.0.0.252 area 12 was missing from R1?

Comment pages
1 5 6 7 28