Home > Ticket 4 – NAT Inside

Ticket 4 – NAT Inside

March 27th, 2015 in TSHOOT v2 Go to comments

Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.

NAT problem on R1’s ACL. (use IPv4 Layer 3)

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

ip access-list standard nat_pool
  permit 10.1.0.0
  permit 10.2.0.0
!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

 

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command.

Comments (9) Comments
Comment pages
1 4 5 6 28
  1. SATCOM
    August 1st, 2017

    If I see the IP NAT OUTSIDE under Serial0/0/1, will I find under the access-list standard nat_traffic, will permit 10.2.0.0.0.0.255.255 be missing?

  2. sdb
    August 1st, 2017

    I do see the misconfigured NAT on R1. But, shouldn’t that cause the pings sourced from all the routers and switches to fail also?

  3. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  4. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  5. coco-NAT
    August 3rd, 2017

    It seems there are two versions of NAT tickets. NAT Inside & NAT ACL.

    NAT Inside (this ticket – T04)
    > The ticket problem states other routers and DSW are able to ping the server which theoretically it can’t because the routers and DSW have private IP address configured.
    Ans3) Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command.

    NAT ACL (the one in TSHOOT_Feb_2017.pdf)
    > In this ticket, it’s more convincing that the other routers and DSW can ping the web server because it’s an ACL issue
    Ans3) Add the command permit 10.2.0.0 in the nat_pool access-list

    question 1: what is the correct/updated ticket?
    question 2: what is the correct problem statement?

  6. Anonymous
    August 4th, 2017

    Same question as coco-NAT mentioned here. which one is the current answer?

    Another question in the exam can i answer the solution first- then technology -and then the device for tickets??

  7. coco-NAT
    August 6th, 2017

    it’s device, technology then solution in that order…

    if you choose the wrong device, the choices for technology will be different…

  8. AKA
    August 10th, 2017

    The solution and options offered is different on this ticket. There is no interface Serial0/0/0.12 on R1. Please Correct the ticket.

  9. coco-NAT
    August 10th, 2017

    @AKA: this has been answered in last month comments “In the exam it is s0/0/0, not s0/0/0.12. It is a typo in the topologies. But we still mention S0/0/0.12 here so that you are not confused with the topologies.”

    also regarding my own question above: it was answered after I took Premium membership

Comment pages
1 4 5 6 28