Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Tuesday, August 28, 2012

lab 7-1, cont....

it just never stops... perhaps there is comfort in that...

be sure to have these routes for isp from earlier 7-1

ip route 209.165.200.232 255.255.255.248 Serial1/2
ip route 209.165.200.248 255.255.255.248 Serial1/1

for discussions on nat try this for starters... or elsewhere in the ccna section here...


http://insearchofthecert.blogspot.com/search/label/NAT

it is also covered quite well in the ccna syllabus, cisco.com and a million other sites... nat is not the point of this lab and neither are acl's, gre, vpn, etc... these items will be covered briefly within the context of the lab...

it is a lab... time to put your imagination hat on...

branch

ip access-list ext branch_acl
deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any

ip nat pool branch_nat 209.165.200.249 209.165.200.254 prefix-length 29

ip nat inside source list branch_acl pool branch_nat

int lo0
ip nat inside

int s1/1
ip nat outside

essentially: do not translate branch lan to hq lan addresses but allow branch lan to other internet destinations...

define the translation address pool, set constraints and identify the interfaces...

similarly, with some additions...

hq

ip access-list  ext hq_acl
deny ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip 10.10.0.0 0.0.255.255 any

int lo1
des hq mail
ip add 10.10.20.238 255.255.255.0

ip nat pool hq_nat 209.165.200.233 209.165.200.237 prefix-length 29

ip nat inside source list  hq_acl pool hq_nat
ip nat inside source static 10.10.20.238 209.165.200.238

int lo0
ip nat inside

int lo1
ip nat inside

int s1/2
ip nat outside

branch#sh ip nat stati
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  Serial1/1
Inside interfaces:
  Loopback0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list branch_acl pool branch_nat refcount 0
 pool branch_nat: netmask 255.255.255.248
    start 209.165.200.249 end 209.165.200.254
    type generic, total addresses 6, allocated 0 (0%), misses 0
nat-limit statistics:
 max entry: max allowed 0, used 0, missed 0

hq#sh ip nat stati
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
  Serial1/2
Inside interfaces:
  Loopback0, Loopback1
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list hq_acl pool hq_nat refcount 0
 pool hq_nat: netmask 255.255.255.248
    start 209.165.200.233 end 209.165.200.237
    type generic, total addresses 5, allocated 0 (0%), misses 0
nat-limit statistics:
 max entry: max allowed 0, used 0, missed 0

branch#ping 209.165.200.238 rep 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 209.165.200.238, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 8/11/16 ms

hq#sh ip nat stati
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Outside interfaces:
  Serial1/2
Inside interfaces:
  Loopback0, Loopback1
Hits: 30  Misses: 0
CEF Translated packets: 15, CEF Punted packets: 0
Expired translations: 1
Dynamic mappings:
-- Inside Source
[Id: 1] access-list hq_acl pool hq_nat refcount 0
 pool hq_nat: netmask 255.255.255.248
    start 209.165.200.233 end 209.165.200.237
    type generic, total addresses 5, allocated 0 (0%), misses 0
nat-limit statistics:
 max entry: max allowed 0, used 0, missed 0
hq#

foreach address {
209.165.200.241
209.165.202.129
209.165.200.226
209.165.200.238
} { ping $address source 192.168.1.1 }

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.241, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.202.129, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.226, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.238, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms




No comments:

Post a Comment