Home > Ticket 4 – NAT Inside

Ticket 4 – NAT Inside

March 27th, 2015 in TSHOOT v2 Go to comments

Client 1 & 2 are not able to ping the web server, but all the routers & DSW1,2 can ping the server.

NAT problem on R1’s ACL. (use IPv4 Layer 3)

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

ip access-list standard nat_pool
interface Serial0/0/1
ip address
ip nat outside
interface Serial0/0/0.12
ip address
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest


Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command.

Comments (23) Comments
Comment pages
1 4 5 6 28
    August 1st, 2017

    If I see the IP NAT OUTSIDE under Serial0/0/1, will I find under the access-list standard nat_traffic, will permit be missing?

  2. sdb
    August 1st, 2017

    I do see the misconfigured NAT on R1. But, shouldn’t that cause the pings sourced from all the routers and switches to fail also?

  3. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  4. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  5. coco-NAT
    August 3rd, 2017

    It seems there are two versions of NAT tickets. NAT Inside & NAT ACL.

    NAT Inside (this ticket – T04)
    > The ticket problem states other routers and DSW are able to ping the server which theoretically it can’t because the routers and DSW have private IP address configured.
    Ans3) Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command.

    NAT ACL (the one in TSHOOT_Feb_2017.pdf)
    > In this ticket, it’s more convincing that the other routers and DSW can ping the web server because it’s an ACL issue
    Ans3) Add the command permit in the nat_pool access-list

    question 1: what is the correct/updated ticket?
    question 2: what is the correct problem statement?

  6. Anonymous
    August 4th, 2017

    Same question as coco-NAT mentioned here. which one is the current answer?

    Another question in the exam can i answer the solution first- then technology -and then the device for tickets??

  7. coco-NAT
    August 6th, 2017

    it’s device, technology then solution in that order…

    if you choose the wrong device, the choices for technology will be different…

  8. AKA
    August 10th, 2017

    The solution and options offered is different on this ticket. There is no interface Serial0/0/0.12 on R1. Please Correct the ticket.

  9. coco-NAT
    August 10th, 2017

    @AKA: this has been answered in last month comments “In the exam it is s0/0/0, not s0/0/0.12. It is a typo in the topologies. But we still mention S0/0/0.12 here so that you are not confused with the topologies.”

    also regarding my own question above: it was answered after I took Premium membership

  10. Laticia
    August 30th, 2017

    Is the day for this celebration Saturday the 24th, or Sunday the 25th I am Really fascinated, still this invitation incorporates the dates merged up. Due as a result a lot!


  11. s
    September 1st, 2017


    i had same question as you did. can you please explain how did you understand this ?

  12. Anonymous
    September 7th, 2017

    in my exam today, I had

    interface Serial0/0/0.12
    ip nat outside

    but _was_ able to ping the webserver from R1-R4 in the simulation.

  13. katany
    September 22nd, 2017

    If I remember the real configuration for each device and on exam just see the differences, what do you think it gonna work? thanks

  14. Anonymous
    September 25th, 2017

    R1-R4 can ping the Webserver. How can that be happening if the Se0/0/0.12 is configured as NAT outside? Really weird. This problem can mislead you to finding the problem device in the first place. Can some one explain?

    interface Serial0/0/0.12
    ip nat outside

    On R4

  15. ASD
    September 29th, 2017

    Dear Fallows,
    I had taken this exam. If you follow the show running configuration you will see IP NAT OUTSIDE configured but If you follow SHOW IP NAT STATISTICS you will find that both interfaces are configured on inside. the right answer is to configured IP NAT OUTSIDE on the ISP connected interface.

  16. ASD
    September 29th, 2017

    It is a bug in the exam. And the shared answer is the right one.

  17. sekosta
    October 12th, 2017

    So, what is the correct answer?

  18. Anon
    October 16th, 2017

    Just passed with 1000/1000 mark today. Can vouch on ASD’s answer.

    The sh run configuration is wrong, just use the ip nat stat to see the location of the interface and answer accordingly. In my case, the serial interface for the ISP is shown as INSIDE, so the answer is to delete the ip nat inside from the serial interface and change it to ip nat outside.

  19. Lelee
    October 16th, 2017

    @Anon is it any change for MQC, please confirm?

  20. ajdar_anik
    October 17th, 2017


    After show ip nat statistics command, if the s0/0/0 interface is IP NAT OUTSIDE, the answer will be delete the “ip nat outside” command and add the “ip nat inside” command. Otherwise, the answer will be delete the “ip nat inside” command and add the “ip nat outside” command. Right?

  21. Peter1218
    October 17th, 2017

    I just present the exam today and I failed.
    although the tickets are the same, the exam have many bugs, the clients has always a valid ip address even when the fail is because teh Access VLAN.

    In the ticket of “NAT inside” the interface is serial 0/0/0 but the answer don`t show the options
    delete the “ip nat outside”, can anyone explain if it`s just adding the “ip nat inside” is enough.


  22. Anon
    October 19th, 2017

    @ajdar_anik Uhh, sorry I might have worded it wrong. The problem is not where s0/0/0 is located, but which of the 2 serial interface for NAT in R1 is wrong.

    R1 uses 2 serial interface for NAT, 1 for connecting with the ISP, and 1 for the inside. FOR EXAMPLE, let’s say that s0/0/0 is for the ISP and s0/0/1 for the inside. Now, show the ip nat stat.

    If both serial interface is listed as INSIDE, then s0/0/0 is in the wrong since it should be OUTSIDE. Therefore the answer is in int s0/0/0, delet the ip nat inside then enter the ip nat outside command.

    If both serial interface is listed as OUTSIDE, then s0/0/1 is in the wrong since it should be INSIDE. Therefore the answer is in int s/0/0/1 delete the ip nat outside then enter the ip nat inside command.

  23. ajdar_anik
    October 19th, 2017

    Thank you Anon, it’s clear now :)

Comment pages
1 4 5 6 28