There can be various NAT scenarios which can create issues in the exam. Lets take a static NAT case which appear very simple at first but it requires some thought in order to solve it.
R6(f0/0.146)----(f0/1)R4(s0/0/1)----(s0/0/1)R5(s0/0/0)----503FRSW305----(s1/0)R3(f0/0)-----(f0/3)SW1
R5 is the NAT device and ospf is running between all devices. Loopbacks of R6 and SW1 are not advertise in ospf. Now the task is configure this scenario so that R6 can ping SW1's loopback sourced from its loopback. Use minimum number of static routes to solve this.
Note : Try to solve it without looking at the solution.
Here is the solution..
Solution Configuration
First we need to have static NAT configured on R5 as
ip nat inside source static 150.1.6.6 155.1.146.6
Source traffic from R6's loopback will convert into know inside global address 155.1.146.6.
ip nat outside source static 155.1.37.7 150.1.7.7 add-route ------this will generate a static route
Rack1R5#sh ip route static
S 150.1.7.7/32 [1/0] via 155.1.37.7
Redistribute this static route into ospf so that R4 and R6 can have this route to reach to 150.1.7.7. This will void the need of static routes on these devices.
R5#sh run | se router ospf
router ospf 1
redistribute static subnets
Now define inside and outside interfaces as
interface Serial0/0/1
ip address 155.1.45.5 255.255.255.0
ip nat inside
interface Serial0/0/0
ip address 155.1.0.5 255.255.255.0
ip nat outside
While on SW1 and R3 needs to have static routes to reach to 150.1.6.6.
SW1(conft)#ip route 150.1.6.6 255.255.255.255 155.1.37.3 (pointing towards R3)
R3(conft)# ip route 150.1.6.6 255.255.255.255 155.1.0.5 (pointing towards R5)
R5 and R4 also does not have route to R6's loopback for the return traffic. So they also need to have static routes.
R5#sh ip route static
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 150.1.7.7/32 [1/0] via 155.1.37.7
S 150.1.6.6/32 is directly connected, Serial0/0/1
R4#sh ip route static
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 150.1.6.6/32 [1/0] via 155.1.146.6
Verification.
R6#ping 150.1.7.7 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.7.7, timeout is 2 seconds:
Packet sent with a source address of 150.1.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/88 ms
R6(f0/0.146)----(f0/1)R4(s0/0/1)----(s0/0/1)R5(s0/0/0)----503FRSW305----(s1/0)R3(f0/0)-----(f0/3)SW1
R5 is the NAT device and ospf is running between all devices. Loopbacks of R6 and SW1 are not advertise in ospf. Now the task is configure this scenario so that R6 can ping SW1's loopback sourced from its loopback. Use minimum number of static routes to solve this.
Note : Try to solve it without looking at the solution.
Here is the solution..
Solution Configuration
First we need to have static NAT configured on R5 as
ip nat inside source static 150.1.6.6 155.1.146.6
Source traffic from R6's loopback will convert into know inside global address 155.1.146.6.
ip nat outside source static 155.1.37.7 150.1.7.7 add-route ------this will generate a static route
Rack1R5#sh ip route static
S 150.1.7.7/32 [1/0] via 155.1.37.7
Redistribute this static route into ospf so that R4 and R6 can have this route to reach to 150.1.7.7. This will void the need of static routes on these devices.
R5#sh run | se router ospf
router ospf 1
redistribute static subnets
Now define inside and outside interfaces as
interface Serial0/0/1
ip address 155.1.45.5 255.255.255.0
ip nat inside
interface Serial0/0/0
ip address 155.1.0.5 255.255.255.0
ip nat outside
While on SW1 and R3 needs to have static routes to reach to 150.1.6.6.
SW1(conft)#ip route 150.1.6.6 255.255.255.255 155.1.37.3 (pointing towards R3)
R3(conft)# ip route 150.1.6.6 255.255.255.255 155.1.0.5 (pointing towards R5)
R5 and R4 also does not have route to R6's loopback for the return traffic. So they also need to have static routes.
R5#sh ip route static
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 150.1.7.7/32 [1/0] via 155.1.37.7
S 150.1.6.6/32 is directly connected, Serial0/0/1
R4#sh ip route static
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 150.1.6.6/32 [1/0] via 155.1.146.6
Verification.
R6#ping 150.1.7.7 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.7.7, timeout is 2 seconds:
Packet sent with a source address of 150.1.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/88 ms
No comments:
Post a Comment