Home > Ticket 4 – NAT ACL

Ticket 4 – NAT ACL

May 3rd, 2018 in TSHOOT v2 Go to comments

Note: Although in our ticket we cannot ping the Web server from DSW1 (as the NAT configuration is wrong) but in the exam we can. This is a bug in the exam so be careful with it.

In this ticket we may see one of two cases below:

Case 1:

Configuration of R1

!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/0 delete the ip nat outside command and add the ip nat inside command.

Case 2:

Configuration of R1

!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat inside
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/1 delete the ip nat inside command and add the ip nat outside command.

Comments (30) Comments
Comment pages
1 2 3 14 28
  1. Anonymous
    September 4th, 2010

    R4, R3, R2 can ping 209.65.200.226

  2. Anonymous
    September 8th, 2010

    config fromTT

    ip nat inside source list nat_pool interface Serial1/1 overload .

    ip access-list standard nat_pool
    permit 10.1.0.0
    permit 10.2.0.0 (fail)

  3. mema
    September 8th, 2010

    @anonymous,
    what do you mean by “permit 10.2.0.0 (fail)”? appears this statement in the ACL from TT?

  4. kk
    September 8th, 2010

    permit 10.2.0.0 is n t appears in this statement in the ACL

  5. nick
    October 11th, 2010

    ya… it isnt there.. and when we put the list there it works fine…
    so y do u get it lailed??

  6. DavidM
    October 12th, 2010

    you guys need to learn how to type english, WTF, how can i cheat without you guys knowing english

  7. CamHarkey
    October 12th, 2010

    wow i still don’t get this, WTF, i think i am just retarded, someone explain to be 10.2.0.0 fail i am a failure :(

  8. terc
    October 13th, 2010

    I think they’re pointing out that in the TT, they failed to put the permit 10.2.0.0 that’s why we need to choose the answer that will enter the said command.

  9. Manju
    October 14th, 2010

    is that permit 10.2.0.0 0.0.255.255 or permit 10.2.1.0 0.0.0.255 can any one reply ?

  10. kk
    October 14th, 2010

    permit 10.2.0.0 0.0.255.255 is not appear in the ip access-list standard nat_pool

  11. Davidlin
    October 19th, 2010

    i try to add permit 10.2.0.0 0.0.255.255 to the access-list 30 but it still fail to ping web server before i delete deny 10.2.1.0 0.0.0.255 why?

  12. SeanC
    October 20th, 2010

    This ticket is dumb and is below me.

  13. JACK
    October 20th, 2010

    啊啊啊啊啊 啊

  14. Tictac
    October 24th, 2010

    I think the access-list looks like this

    access-list 1 permit 10.1.0.0 0.0.255.255
    (implit deny)

    thereby only the routers are allowed through the NAT translation, but adding the
    access-list 1 permit 10.2.0.0 0.0.255.255
    will permit the clients and the ftp server.

    All tho i would make the list like this to permit everything
    access-list 1 permit 10.1.0.0 0.0.255.255
    access-list 1 permit 10.2.0.0 0.0.255.255
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 1 deny any

    I dont know why network tut first say “Answer:add to acl 1 permit ip 10.2.1.0 0.0.0.255”
    The in ans3 says
    “Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255”

  15. mml
    October 25th, 2010

    regarding to
    @tictac question why ur answers are deferent networktut can u explain thank u

  16. mml
    November 4th, 2010

    to those who passed the exam congrats and i am really confused cuz on cisco site they said there are 35-40 questions in the exam and all who passed they took about 12 tt, 3-4 mcq, and 1-2 DnD so here is where i get confused this all together not more than 20 q ,,is there another lab or just this one big topology for TT
    so plz some one post about this and which dump is valid and the link for it
    thank u so much guys this site is very helpful

  17. Buddy
    November 4th, 2010

    Dont fet confused man. So far the exam comprises of 12 tt and 4mcq and 1-2 dnd.
    just overlook what was mwntioned before

  18. cisco guru
    November 5th, 2010

    @mml confised because you are dumb as shite

    take it with all this god willing shit , half you lot are cheating Muslims.. read the Koran brother and you will see that the profit said ” at the point of stealing, cheating the Muslim is no longer a believer”

    you have just become a infidel for the sake of a cert. well done

  19. sisko
    November 5th, 2010

    @ cisco guru: i urge u to keep focus on what this forum is meant for so everyone gets benefited. plz avoid religious and political comments. Thnx

  20. Naveed
    November 8th, 2010

    @CCIE interested people
    This is an open invitation for the serious people about CCIE. You are advised to send an email to the below mentioned address for enrolling your willingness. We’ll be utilizing the concept of 1+1 = 11 by putting our minds together to study/practice the right thing. Here it doesn’t require a mention for a CCIE candidate but let me clear one thing, ‘THERE IS NO SHORTCUT TO CCIE’, so any body looking for shortcuts, please accept my advance excuse. However, we’ll try to do our best to find out the fastest way and most effective material of practice/study.
    Kindly, enroll your willingness at following email address. Also if you have any question, send to the same address.
    ask_ccie@yahoo.com

    @networktut
    I wish you could have a managed discussion forum for CCIE as you have for CCNP

  21. Peter
    November 12th, 2010

    Pass today 642-832 now NP next friday
    CCDP hopefully

  22. naggi
    December 4th, 2010

    hi guys how do i know this lay2 or la3 topology is related to this problems plz i need u help guys

  23. naggi
    December 5th, 2010

    hi guys somebody help i am tr to do the demo but there is only 4 tt qu and all releated to l3 topology plz help is there more or just this is it
    and how i know this q releated to which topology my cordial thanks to u guys

  24. CCNP Aspirant
    December 6th, 2010

    Hey Guys. I must say that this blog is truely awesome.I had no idea how to take TSHOOT exam but now things are crystal clear to me. I am planning to take my exam next week, so will appreciate if anyone can provide me for GNS3 topology of the real scenario and its config.

    Congratualtions to all of you who cracked this exam :)

  25. David
    December 18th, 2010

    @networktut

    In the config, i think the IP of serial0/0/0/1 is 209.65.200.225, instead of 209.65.200.224:

    interface serial0/0/0/1
    ip address 209.65.200.224 255.255.255.252
    ip nat outside

  26. matrix
    December 18th, 2010

    @ David,

    Yea u r right. Its just typo mistake.

  27. Gandmaroo of cisco_guru
    December 18th, 2010

    @ cisco guru

    chootya, lund dharya, madarchod, randi ke bacche, bhadwe ki aulaad kahin ja ke aur apni maa chuda… yahan aake apni ma ko randi mat banayiu… madarchod.

  28. Kaibigan
    December 19th, 2010

    @networktut

    ur correct BUT:

    i think better to use access-list 1 permit 10.2.0.0 0.0.255.255 than
    access-list 1 permit 10.2.1.0 0.0.0.255

    to fully justify the exact answer…

  29. kumar
    December 26th, 2010

    Hi,
    In exam the permit 10.2.0.0 is already configured correctly.

    p access-list standard nat_pool
    permit 10.1.0.0
    permit 10.2.0.0 ———>It is preconfigured so, whats the problem
    !
    interface serial0/0/0/1
    ip address 209.65.200.224 255.255.255.252
    ip nat outside
    !
    interface Serial0/0/0/0.12
    ip address 10.1.1.1 255.255.255.252
    ip nat inside
    ip ospf message-digest-key 1 md5 TSHOOT
    ip ospf authentication message-digest

  30. David
    December 27th, 2010

    @kumar,

    Maybe its a typo, IP address of s0/0/0/1 should be ‘209.65.200.225’ instead of ‘209.65.200.224’

Comment pages
1 2 3 14 28