9.3.1.4 Packet Tracer – Verifying and Troubleshooting NAT Configurations
Packet Tracer – Verifying and Troubleshooting NAT Configurations (Answer Version)
Answer Note: Red font color or Gray highlights indicate text that appears in the Answer copy only.
Topology
9.3.1.4 Packet Tracer – Verifying and Troubleshooting NAT Configurations
Addressing Table
| Device | Interface | IP Address | Subnet Mask | Default Gateway |
| R1 | G0/0 | 10.4.10.254 | 255.255.255.0 | N/A |
| G0/1 | 10.4.11.254 | 255.255.255.0 | N/A | |
| S0/0/1 | 10.4.1.2 | 255.255.255.252 | N/A | |
| R2 | S0/0/0 | 209.165.76.194 | 255.255.255.224 | N/A |
| S0/0/1 | 10.4.1.1 | 255.255.255.252 | N/A | |
| Server1 | NIC | 64.100.201.5 | 255.255.255.0 | 64.100.201.1 |
| PC1 | NIC | 10.4.10.1 | 255.255.255.0 | 10.4.10.254 |
| PC2 | NIC | 10.4.10.2 | 255.255.255.0 | 10.4.10.254 |
| L1 | NIC | 10.4.11.1 | 255.255.255.0 | 10.4.11.254 |
| L2 | NIC | 10.4.11.2 | 255.255.255.0 | 10.4.11.254 |
Objectives
Part 1: Isolate Problems
Part 2: Troubleshoot NAT Configuration
Part 3: Verify Connectivity
Scenario
A contractor restored an old configuration to a new router running NAT. But, the network has changed and a new subnet was added after the old configuration was backed up. It is your job to get the network working again.
Part 1: Isolate Problems
Ping Server1 from PC1, PC2, L1, L2, and R2. Record the success of each ping. Ping any other machines as needed.
Part 2: Troubleshoot NAT Configuration
Step 1: View the NAT translations on R2.
If NAT is working, there should be table entries.
Step 2: Show the running configuration of R2.
The NAT inside port should align with the private address, while the NAT outside port should align with the public address.
Step 3: Correct the Interfaces.
Assign the ip nat inside and ip nat outside commands to the correct ports.
R2(config)# interface Serial0/0/0 R2(config-if)# ip nat outside R2(config-if)# interface Serial0/0/1 R2(config-if)# ip nat inside
Step 4: Ping Server1 from PC1, PC2, L1, L2, and R2.
Record the success of each ping. Ping any other machines as needed.
Step 5: View the NAT translations on R2.
If NAT is working, there should be table entries.
Step 6: Show Access-list 101 on R2.
The wildcard mask should encompass both the 10.4.10.0 network and the 10.4.11.0 network.
Step 7: Correct the Access-list.
Delete access-list 101 and replace it with a similar list that is also one statement in length. The only difference should be the wildcard.
R2(config)# no access-list 101 R2(config)# access-list 101 permit ip 10.4.10.0 0.0.1.255 any
Part 3: Verify Connectivity
Step 1: Verify connectivity to Server1.
Record the success of each ping. All hosts should be able to ping Server1, R1, and R2. Troubleshoot if the pings are not successful.
Step 2: View the NAT translations on R2.
NAT should display many table entries.