Home > Ticket 4 – NAT ACL

Ticket 4 – NAT ACL

May 3rd, 2018 in TSHOOT v2 Go to comments

Note: Although in our ticket we cannot ping the Web server from DSW1 (as the NAT configuration is wrong) but in the exam we can. This is a bug in the exam so be careful with it.

In this ticket we may see one of two cases below:

Case 1:

Configuration of R1

!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/0 delete the ip nat outside command and add the ip nat inside command.

Case 2:

Configuration of R1

!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat inside
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans1) R1
Ans2) NAT
Ans3) Under interface Serial0/0/1 delete the ip nat inside command and add the ip nat outside command.

Comments (30) Comments
Comment pages
1 5 6 7 8 9 14 28
  1. Tank
    August 2nd, 2015

    @bs – Thanks so much. Didn’t think of using the show nat commands. Will use these going forward. I was thinking of using ping with source, but that’s disabled from what I understand.

  2. bs
    August 3rd, 2015

    @Tank:

    You’re welcome –

    Sorry, just found:
    It’s the 10.2.1.0 to 209.65.200.xxx (overload) Translations that is missing within the output, when running the:
    R1#show ip nat translations command
    (By mistake, I mentioned the 10.1.2.0 prefix to be missing in the sh nat output above – It was a fault by me)

    Good luck @ exam!

  3. jnbasstango
    September 9th, 2015

    I can ping 209.65.200.241 from DSW1 without putting a source address,what does NAT on R1 has to do with client1 not being able to reach 209.65.200.241? is there something wrong with this sim?

  4. js
    September 10th, 2015

    Try wait a moment (about a minute after ticket start) until topology is fully converged (eBGP needs at least 1 min. to converge)

  5. Chia’tAtA
    October 22nd, 2015

    Took me about 45min to cleared the Tshoot exams today with a 100% score.
    This was one of the questions.
    Thanks Networktut

  6. Zoya
    December 18th, 2015

    Is there any PRC law that provides for the mechsniam for the state to cancel the nationality of a PRC national, like the powers HM possesses to deprive a British citizen of his or her citizenship?

  7. Katerina
    December 18th, 2015

    I’ve changed a lot since u left me, being so seihlflsh all the time. Now i even miss when u look away, miss how you call my name, miss the way you stand in the mirror and do something, miss the way kiss me, the way you love me, miss you so (U)

  8. Anonymous
    January 2nd, 2016

    @katerina:::: what are you talking about here???? this aint a love blog

  9. Aditya
    January 4th, 2016

    @networktut
    ON R1–show ip nat statistics
    No display of the dynamic mapping??—we should be able to see the pool/acl/interface(for pat)??

    Visible only in show running-config?

    Is this a bug???And what happens in the real exam…am noticing lot of bugs in many tickets with the show commands–show command doesnt display whole thing and then checking show running displays it??

  10. Marc
    January 4th, 2016
  11. CCNP-TSHOOT-EXAM
    January 5th, 2016

    Hi can anyone tell me is this website questions are enough to clear CCNP Tshoot V2 exam or not if I take premium membership ? I am planning to sit for the exam in the next few days(within next month) ? What else is required to clear the exam ? any suggestion pls ?

  12. deeb
    January 7th, 2016

    @Katerina he cheated on you with nat pool or what ? !

  13. tena
    February 4th, 2016

    I’m preparing to take the exam next week plz plz send me the Vaild DUMP PDF CCNP TSHOOT 300-135

    tena.1993@yahoo…

    Appreciate ur support

  14. king al
    February 13th, 2016

    what are the new four tickets

  15. aida
    March 17th, 2016

    still valid

  16. need help
    April 25th, 2016

    Dears
    In the test does the Q will be :- Client 1 is not able to ping the web server 209.65.200.241 (only) or
    Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.

  17. Bonez_UK
    April 26th, 2016

    Hi all,

    Can someone advise, when performing traceroute to 209.65.200.241 from DSW1 & R1, pings fail at 209.65.200.226.

    However, when pinging from PC1 pings fail at 209.65.200.225, Im currently using the premium membership.

    From R1
    1 209.65.200.226 68 msec 542 msec *

    Should the pings not fail at the same IP address ?

  18. Completed
    May 5th, 2016

    need help,
    There are two versions of these tickets: one version has both clients connected to the same ASW and another version has Client 1 connected to ASW1 and Client 2 connected to ASW2. This version also may have different routing protocols between R4, which is usually the DHCP Server, and the two ASW branches. In this version when the ticket specifically mentions Client 1, or Client 2 as the case may be, it is the cue to indicate that the problem is between R4 and the associated client only. For example if the ticket says Client 1 cannot reach the ISP, it is possible to use Client 2 as part of the investigation.
    But when the ticket mentions that clients cannot assess the web server, then the problem is usually between R4 and the ISP.
    In another version of these tickets, Client 1 and Client 2 are connected to the same ASW. In this case, the questions always say clients cannot access the ISP.
    In real life, there is no clear-cut distinction. In the exam environment, there is symmetry in the topology because of limitation on time, but in real life troubleshooting, there is nothing like that. If we consider that hardware issues are usually overlooked in exam environments, and knowing that hardware issues have no respect for symmetry, then this point becomes clearer.

  19. asobeidat
    May 24th, 2016

    I’m preparing to take the exam next week plz plz send me the Vaild DUMP PDF CCNP TSHOOT 300-135
    {email not allowed}

  20. Jor-2016
    June 13th, 2016

    I’m preparing to take the exam next month please send me the valid DUMP PDF CCNP 300-135

  21. shaig
    June 16th, 2016

    Hi can someone tell me please in the real exam will the tickets be labelled that it is a OSPF Authentication or HSRP or BGP Neighbor or NAT ACL ticket. Or do I have to work it out myself ? if not how is the best way to find out? thanks

  22. iread
    June 22nd, 2016

    well now which one is static IP and which one is dynamic IP. 209.65.200.241 is dynamic or 10.2.0.0 is dynamic. Please help

  23. vl
    June 25th, 2016

    @iread:
    Not quite sure what you mean by your question above, however in general you can say that:
    IP: 209.65.200.241
    is the (statically assigned) IP for the external WEB Server within BGP AS 65002
    Then the IP route towards IP Net: 209.65.200.240 is dynamically learned on CE Router R1 from ISP PE Router via eBGP.
    TSHOOT Client Adresses within IP-net: 10.2.0.0 was originally dynamic setup via DHCP in the former 642-832 exam, but statically assigned on the clients within the current 300-135 exam of today.
    Don’t know if this answers your question?

  24. Jamel
    July 19th, 2016

    There are not where can i buy cheap jerseys online for sale, but best shop to buy discount nfl jerseys china for cheap free shipping.

  25. Adam
    July 24th, 2016

    Dear friends and exam takers,,,,
    Just for information please can you tell me that ticket and configs, M.C.Q,s and simulations are different in premium and normal account? Or they are same,,,,, what is difference in premium and guests account? what is benefit of premium account?
    Please reply ASAP
    Regards,

  26. Joesph
    August 15th, 2016

    Amazing things here. I am very happy to look your post.
    Thanks a lot and I am taking a look forward to contact you.
    Will you please drop me a e-mail? nba jersey shorts sale

  27. Fermin
    August 17th, 2016

    I am really enjoying the theme/design of your weblog.

    Do you ever run into any web browser compatibility issues?
    A handful of my blog audience have complained about my website
    not working correctly in Explorer but looks great
    in Safari. Do you have any ideas to help fix this problem?
    kevin durant pokemon master

  28. Buster
    September 12th, 2016

    Go online find the elite dri fit softball jerseys
    for football,basketball and baseball. And the Rams Fans Burning Jerseys,too.

  29. Dinesh
    September 13th, 2016
  30. CCNP-1000
    September 15th, 2016

    I pass the exam today with score of 1000/1000 it took me 70 minute to finished it.

    I had the latest dumps all off them was garbage. I just study this website go for premium.
    I read all the comments and practice all the tickets on website and PT and gns3.

    To pass the exam with score of 1000 this website it’s enough but to survive out there you have to study hard, by hard i mean hard! Out there the person who knows one line more its the winner so passing this exam its jut the beginning of your study’s.

    Enough said this is how i did it : (i found this strategy on this website bye the ccnp-guy)
    ______________________________________________________________________

    You have to ask your self Is it ipv4 or ipv6?

    If IPv6 you have these 3 questions, 1 each on
    R2: (T12) IPv6: enable ospf 0
    R3: (T15) IPv6: remove “tunnel mode ipv6″
    R4: (T16) missing Redistribution from RIPng to OSPFv3

    If its IPv4 do the following to narrow it down:

    From Client 1 ping 10.1.1.1 if its :

    OK? = 3 tickets on R1:
    (T03) Wrong IP of BGP neighbour
    (T04) NAT – ACL mis-configured
    (T05) WAN ACL statement missing

    If you cant ping 10.1.1.1 try to ping 10.1.1.2 from client 1

    OK? = 1 ticket on R1:
    (T01) OSPF Authentication

    If you cant ping 10.1.1.2 try to ping 10.2.1.1 from client 1

    OK? = 2 tickets on R4:
    (T11) Redistribute ospf to eigrp (“to” & -> )
    (T14) EIGRP Passive Interface

    If you cant ping 10.2..1.1 you have 4 ticket as follow:

    NO? = 1 ticket on DSW1:
    (T06) VLAN filter

    or = 3 tickets on ASW1:

    (T08) Access port not in VLAN 10
    (T09) Port Channel not allowing VLAN 10,200
    (T07) Port Security

    I also had multiple choice questions and Eigrp and ospf simlets

    Good luck to you all.
    This is just the beginning so study hard.

Comment pages
1 5 6 7 8 9 14 28