Home > Ticket 4 – NAT ACL

Ticket 4 – NAT ACL

May 3rd, 2018 in TSHOOT v2 Go to comments

Note: Although in our ticket we cannot ping the Web server from DSW1 (as the NAT configuration is wrong) but in the exam we can. This is a bug in the exam so be careful with it.

Configuration of R1

!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat inside
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/1 delete the ip nat inside command and add the ip nat outside command.

Comments (50) Comments
Comment pages
1 4 5 6 7 8 28
  1. SATCOM
    August 1st, 2017

    If I see the IP NAT OUTSIDE under Serial0/0/1, will I find under the access-list standard nat_traffic, will permit 10.2.0.0.0.0.255.255 be missing?

  2. sdb
    August 1st, 2017

    I do see the misconfigured NAT on R1. But, shouldn’t that cause the pings sourced from all the routers and switches to fail also?

  3. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  4. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  5. coco-NAT
    August 3rd, 2017

    It seems there are two versions of NAT tickets. NAT Inside & NAT ACL.

    NAT Inside (this ticket – T04)
    > The ticket problem states other routers and DSW are able to ping the server which theoretically it can’t because the routers and DSW have private IP address configured.
    Ans3) Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command.

    NAT ACL (the one in TSHOOT_Feb_2017.pdf)
    > In this ticket, it’s more convincing that the other routers and DSW can ping the web server because it’s an ACL issue
    Ans3) Add the command permit 10.2.0.0 in the nat_pool access-list

    question 1: what is the correct/updated ticket?
    question 2: what is the correct problem statement?

  6. Anonymous
    August 4th, 2017

    Same question as coco-NAT mentioned here. which one is the current answer?

    Another question in the exam can i answer the solution first- then technology -and then the device for tickets??

  7. coco-NAT
    August 6th, 2017

    it’s device, technology then solution in that order…

    if you choose the wrong device, the choices for technology will be different…

  8. AKA
    August 10th, 2017

    The solution and options offered is different on this ticket. There is no interface Serial0/0/0.12 on R1. Please Correct the ticket.

  9. coco-NAT
    August 10th, 2017

    @AKA: this has been answered in last month comments “In the exam it is s0/0/0, not s0/0/0.12. It is a typo in the topologies. But we still mention S0/0/0.12 here so that you are not confused with the topologies.”

    also regarding my own question above: it was answered after I took Premium membership

  10. Laticia
    August 30th, 2017

    Is the day for this celebration Saturday the 24th, or Sunday the 25th I am Really fascinated, still this invitation incorporates the dates merged up. Due as a result a lot!

    e343453.com

  11. s
    September 1st, 2017

    @coco-NAT

    i had same question as you did. can you please explain how did you understand this ?

  12. Anonymous
    September 7th, 2017

    in my exam today, I had

    interface Serial0/0/0.12
    ip nat outside

    but _was_ able to ping the webserver from R1-R4 in the simulation.

  13. katany
    September 22nd, 2017

    If I remember the real configuration for each device and on exam just see the differences, what do you think it gonna work? thanks

  14. Anonymous
    September 25th, 2017

    R1-R4 can ping the Webserver. How can that be happening if the Se0/0/0.12 is configured as NAT outside? Really weird. This problem can mislead you to finding the problem device in the first place. Can some one explain?

    interface Serial0/0/0.12
    ip nat outside

    On R4
    ping 209.65.200.241
    !!!!!

  15. ASD
    September 29th, 2017

    Dear Fallows,
    I had taken this exam. If you follow the show running configuration you will see IP NAT OUTSIDE configured but If you follow SHOW IP NAT STATISTICS you will find that both interfaces are configured on inside. the right answer is to configured IP NAT OUTSIDE on the ISP connected interface.

  16. ASD
    September 29th, 2017

    It is a bug in the exam. And the shared answer is the right one.

  17. sekosta
    October 12th, 2017

    So, what is the correct answer?

  18. Anon
    October 16th, 2017

    Just passed with 1000/1000 mark today. Can vouch on ASD’s answer.

    The sh run configuration is wrong, just use the ip nat stat to see the location of the interface and answer accordingly. In my case, the serial interface for the ISP is shown as INSIDE, so the answer is to delete the ip nat inside from the serial interface and change it to ip nat outside.

  19. Lelee
    October 16th, 2017

    @Anon is it any change for MQC, please confirm?

  20. ajdar_anik
    October 17th, 2017

    So,

    After show ip nat statistics command, if the s0/0/0 interface is IP NAT OUTSIDE, the answer will be delete the “ip nat outside” command and add the “ip nat inside” command. Otherwise, the answer will be delete the “ip nat inside” command and add the “ip nat outside” command. Right?

  21. Peter1218
    October 17th, 2017

    I just present the exam today and I failed.
    although the tickets are the same, the exam have many bugs, the clients has always a valid ip address even when the fail is because teh Access VLAN.

    In the ticket of “NAT inside” the interface is serial 0/0/0 but the answer don`t show the options
    delete the “ip nat outside”, can anyone explain if it`s just adding the “ip nat inside” is enough.

    Regards

  22. Anon
    October 19th, 2017

    @ajdar_anik Uhh, sorry I might have worded it wrong. The problem is not where s0/0/0 is located, but which of the 2 serial interface for NAT in R1 is wrong.

    R1 uses 2 serial interface for NAT, 1 for connecting with the ISP, and 1 for the inside. FOR EXAMPLE, let’s say that s0/0/0 is for the ISP and s0/0/1 for the inside. Now, show the ip nat stat.

    If both serial interface is listed as INSIDE, then s0/0/0 is in the wrong since it should be OUTSIDE. Therefore the answer is in int s0/0/0, delet the ip nat inside then enter the ip nat outside command.

    If both serial interface is listed as OUTSIDE, then s0/0/1 is in the wrong since it should be INSIDE. Therefore the answer is in int s/0/0/1 delete the ip nat outside then enter the ip nat inside command.

  23. ajdar_anik
    October 19th, 2017

    Thank you Anon, it’s clear now :)

  24. Kulina
    October 23rd, 2017

    I failed about a month ago, even with using this site. So I must not understand the concepts good enough. But I did take the TSHOOT befor they made changes and it was much much easier before. The new TSHOOT exam is much more difficult. The only one was actually fun while this one just stresses me out. I am thinking about trying one more time but i am afraid of failing again. Not sure how to go about it different this time, but I have been studying the topics more to better understand them

  25. IPV6
    November 1st, 2017

    Passed my Tshoot today and on R1 after I ran the sh ip nat stat command I noticed this was the case as Anon stated:

    If both serial interface is listed as INSIDE, then s0/0/0 is in the wrong since it should be OUTSIDE. Therefore the answer is in int s0/0/0, delet the ip nat inside then enter the ip nat outside command.

  26. asd
    November 1st, 2017

    passed
    and please use sho ip nat stat

  27. Anonymous
    November 10th, 2017

    Hello folks, i paseed today 1000/1000…cisco has a bug on lab regarding Nat.I you do sh ip nat statis and both interfaces are showing as inside, but in show run they are configured as outside…the correct answare is to change ip nat to outside under interface facing to ISP….then use sh ip nat statis to get correct answare

  28. Anonymous
    November 19th, 2017

    This question was still in the exam today.

  29. Fern
    November 20th, 2017

    Please sent me the latest dump PFD file fjsuarez1981 @ yahoo dot com

  30. Nemo
    November 21st, 2017

    Hi asd,

    Do you have the 5 drag n drops questions in the exam? Please share.

  31. Johnny_new
    November 30th, 2017

    Just want to clarify,
    are we required to make changes (like putting the missing configs) to the routers and switches then save? or just analyze the problem and answer the 3 questions after each tickets?
    Thanks a lot.

  32. Tharun
    December 5th, 2017

    @Johnny_new, you won’t make any changes to the configuration. you just need to analyze and answer the questions asked.

  33. GATA
    December 6th, 2017

    So, Anonymous says to trust SH IP NAT STAT and Networktut says trust Sh Run… Please clarify

  34. pscript
    December 6th, 2017

    I passed today and due to my final score I must have been right on this one. I chose to trust “sh ip nat statistics”.

  35. Martin
    December 7th, 2017

    Hi all

    I passed last tuesday with full score:

    the correct answer in my case for TT4 was :

    Ans1) R1
    Ans2) NAT
    Ans3) Under interface Serial0/0/1 delete the “ip nat inside” command and add the “ip nat outside” command.

    you know that this TT has a bug, so , you must think that if all was working fine, on R1 the s0/0/1 interface to ISP will be configured as OUTSIDE, and the s0/0/0 to R2 as INSIDE.

    with this idea clear, you must ckeck the output of the command “show ip nat stat” (what you see in the sh run is wrong) , so … ckeck the output and analyze if both interface appear as inside , then what you need to change is s0/0/1 interface as ouside . That was what happened on my case and it is the same that networktut explains on the TT4.

    good luck everybody

  36. boss
    December 8th, 2017

    Martin you are wrong.

    Networktut says trust “Show Run” and not “sh ip nat stat”
    were as you said to trust “sh ip nat stat”

    we are now confused dear all please advice.

  37. jovana86
    December 9th, 2017

    @boss

    Networktut has changed the explanation for TT4 (you need to trust “show ip nat stat”, NOT “show run”), but on welcome page for Premium member the old explanation for TT4 is left (this needs to be updated as well). Not sure where you have read it, so check under Ticket page not on welcome page.

  38. G-unit
    December 12th, 2017

    Check the bgp neighbor. If it is down and you don’t see the edge security ACL, it’s this ticket.

  39. Anonymous
    December 21st, 2017

    The Options for the answer on https://www.networktut.com/final_flash/flash_simulator/Premium_Sims/TSHOOT_Tickets/Ticket4/ml_ticket4.html doesn’t seem to include the right answer or am I reading it incorrectly , cos the answers are

    1) It’s a NAT Issue

    2) The problem is on R2

    3) The solution is, to remove the “ip nat inside” from under serial 0/0/1 right? but that’s not in the options of your answers

  40. Clicking Here
    January 2nd, 2018

    I am just writing to make you be aware of what a superb encounter my friend’s princess found reading your site. She picked up such a lot of details, most notably what it’s like to possess an incredible coaching nature to make other people just grasp chosen specialized matters. You really did more than my expected results. Thanks for delivering those good, safe, edifying and even easy guidance on the topic to Lizeth.

    http://moreseobacklink.esy.es/story.php?title=click-here-147

  41. CCNP mates
    January 2nd, 2018

    https://www.networktut.com/tshoot-ticket-4
    Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.
    DWS1, ASW1, R4, R3, R2#ping 209.65.200.241
    timeout….Success rate is 0 percent

    R1#209.65.200.241 OK

    I just ping from above link of ticket 4 devices got timeout and only R1 is good
    I got different results.
    Did anyone ping the devices?
    Does it mean when you take exam you can ping “all the routers & DSW1,2 can ping the server.”
    It is NAT inside?

  42. jgsodia
    January 2nd, 2018

    i took the exam last 20th Dec and i failed, i retook the exam 28th Dec and i passed. all you need is here, the exam is the same in both ocasions

  43. Find Out More
    January 4th, 2018

    Well I sincerely liked studying it. This tip offered by you is very helpful for good planning.

    http://certiba.com/story/220263/

  44. Fattah RazzaqghanimughnI
    January 4th, 2018

    The explanation and the answer are wrong, misleading.

    The correct answer for this ticket should be:
    Ans1) R1
    Ans2) Access lists
    Ans3) go into “ip access-list standard Nat_traffic”, and execute command “permit 10.2.0.0 0.0.255.255”

  45. Going Here
    January 6th, 2018

    I want to express my appreciation to the writer just for bailing me out of this type of setting. After looking through the world wide web and getting views that were not beneficial, I assumed my entire life was well over. Existing without the presence of solutions to the difficulties you have solved all through your entire write-up is a crucial case, and ones that might have negatively damaged my entire career if I hadn’t come across your blog. Your own personal mastery and kindness in dealing with all areas was tremendous. I don’t know what I would’ve done if I had not discovered such a step like this. I can now look forward to my future. Thanks for your time very much for this reliable and results-oriented help. I will not hesitate to refer your web site to anyone who requires assistance about this issue.

    http://www.elimentas.com/wiki/index.php?title=All_Natural_Cancer_Remedy__An_Obvious_Way_Forward

  46. CCNP Mates
    January 7th, 2018

    https://www.networktut.com/tshoot-ticket-4

    {Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server}

    I just tried again. None of devices below can ping web 209.65.200.241 BUT R1 (good)
    DWS1, ASW1, R4, R3, R2#ping 209.65.200.241
    timeout….Success rate is 0 percent

    R1#209.65.200.241 OK

    ping from above link of ticket 4 devices got timeout and only R1 is good
    I got different results from networktut

    Did anyone ping the devices?
    Does it mean when you take exam you can ping “all the routers & DSW1,2 can ping the server.”
    It is NAT inside?
    Someone please ping and let me know you pinging results. Thanks

  47. networktut
    January 8th, 2018

    @CCNP Mates: That instructure is old and no long valid so we have just removed it. In practical only R1 can ping to web server. but it is not verified in the exam. So we highly recommend you to verify this ticket with the “show ip nat statistic” command on R1 to see if both interfaces on R1 show “inside” or not.

  48. Ticket question
    January 8th, 2018

    Are the tickets numbered the same in the real exam? Do the questions have titles?

    Thank you,

  49. Ticket question
    January 8th, 2018

    *Do the tickets have titles?

  50. visit
    January 8th, 2018

    I¡¦ve recently started a blog, the info you provide on this site has helped me tremendously. Thanks for all of your time

    http://seonews.esy.es/story.php?title=dog-shock-collar-instructions

Comment pages
1 4 5 6 7 8 28