Tyson, Actually I tried that and even after putting NAT statement on loop back 0 interface it did not work. Also in DSG nothing about NAT statement on Loop back 0. I think NAT statement should be on physical interface or sub interfaces only but not on virtual interface like loop back. I am not sure this one is true or not but please let me know your opinion as I am just trying to understand this technology and little bit confused why its not working.do you see any problem with my config ? One other thing I was not able to understand was when I was trying to ping from CAT-4 to R1's loopback I was not able to see any debug out put for NAT. I should be able to see something even though NAT is not occurring.
Nilesh On Mon, Oct 25, 2010 at 11:48 AM, Tyson Scott <[email protected]> wrote: > You are missing the NAT statement on the loopback interface. Add > > > > ip nat outside > > > > on Loopback0 > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Nilesh Mehta > *Sent:* Monday, October 25, 2010 1:06 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_RS] Lab-17 Task =17.14 > > > > > > Lab-17----- task=17.14 > > > > In this task I put route-map, access-list and NAT configuration on R9. I > was able to see NAT translation for route map for fa0/0. It worked from Cat > -3 for IP address 150.100.221.7 with natted address of s0/2/0 and I was > able to ping 150.100.221.7, but other NAT configuration and route map did > not worked as per DSG. Not sure what could be problem but I was never able > to ping R1’s loop back interface or Vlan 150.100.12.1. Here is config > details for R9 and other debug out put…. > > > > > ---------------------------------------------------------------------------------------------------------------------------------------------- > > > > R9=== > > R9#sh run > > Building configuration... > > > > > > Current configuration : 2644 bytes > > ! > > version 12.4 > > service timestamps debug datetime msec > > service timestamps log datetime msec > > service password-encryption > > ! > > hostname R9 > > ! > > boot-start-marker > > warm-reboot > > boot-end-marker > > ! > > logging message-counter syslog > > enable secret 5 $1$z5mW$66Jkln/9qUS4XwVkuEPON/ > > ! > > no aaa new-model > > memory-size iomem 10 > > ! > > dot11 syslog > > ip source-route > > ! > > ! > > ip cef > > ! > > ! > > no ip domain lookup > > ip domain name ipexpert.com > > no ipv6 cef > > ! > > multilink bundle-name authenticated > > > > ! > > voice-card 0 > > ! > > archive > > log config > > hidekeys > > ! > > ! > > interface Loopback0 > > ip address 200.0.0.9 255.255.255.255 > > ! > > interface FastEthernet0/0 > > ip address 100.100.250.9 255.255.255.0 > > ip nat inside > > ip virtual-reassembly > > duplex auto > > speed auto > > ! > > interface FastEthernet0/1 > > ip address 150.100.91.9 255.255.255.0 > > ip nat inside > > ip virtual-reassembly > > duplex auto > > speed auto > > ! > > interface Serial0/2/0 > > bandwidth 128 > > ip address 150.100.69.9 255.255.255.0 > > ip verify unicast source reachable-via rx > > ip nat outside > > ip virtual-reassembly > > no fair-queue > > ! > > interface Serial0/2/1 > > bandwidth 128 > > ip address 150.100.96.9 255.255.255.0 > > ip verify unicast source reachable-via rx > > ! > > router ospf 1 > > log-adjacency-changes > > network 0.0.0.0 255.255.255.255 area 0 > > ! > > ip forward-protocol nd > > ip http server > > no ip http secure-server > > ! > > ! > > ip nat inside source route-map r2 interface Loopback0 overload > > ip nat inside source route-map r5 interface Serial0/2/0 overload > > ! > > access-list 101 permit ip 100.100.250.0 0.0.0.255 150.100.220.0 0.0.1.255 > > access-list 101 permit ip 150.100.91.0 0.0.0.255 150.100.220.0 0.0.1.255 > > access-list 101 permit ip 150.100.91.0 0.0.0.255 100.100.200.0 0.0.0.255 > > access-list 101 permit ip 150.100.91.0 0.0.0.255 150.100.81.0 0.0.0.255 > > access-list 101 permit ip 100.100.250.0 0.0.0.255 150.100.81.0 0.0.0.255 > > access-list 101 permit ip 100.100.250.0 0.0.0.255 100.100.200.0 0.0.0.255 > > access-list 102 permit ip 150.100.91.0 0.0.0.255 150.100.40.0 0.0.1.255 > > access-list 102 permit ip 100.100.250.0 0.0.0.255 150.100.40.0 0.0.1.255 > > access-list 102 permit ip 150.100.91.0 0.0.0.255 150.100.12.0 0.0.0.255 > > access-list 102 permit ip 100.100.250.0 0.0.0.255 150.100.12.0 0.0.0.255 > > access-list 102 permit ip 100.100.250.0 0.0.0.255 100.100.100.0 0.0.0.255 > > access-list 102 permit ip 150.100.91.0 0.0.0.255 100.100.100.0 0.0.0.255 > > ! > > ! > > ! > > ! > > route-map r2 permit 10 > > match ip address 102 > > ! > > route-map r5 permit 10 > > match ip address 101 > > ! > > ! > > ! > > control-plane! > > > > ! > > line con 0 > > exec-timeout 0 0 > > logging synchronous > > line aux 0 > > line vty 0 4 > > password 7 070C285F4D06 > > login > > transport input telnet ssh > > ! > > scheduler allocate 20000 1000 > > end > > R9# > > R9#ping 150.100.12.1 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 150.100.12.1, timeout is 2 seconds: > > !!!!! > > Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms > > > > > > *When we try to ping from Cat-3 and Cat-4 ---debug output * > > * * > > From cat -3 > > > > Cat3560-3(config)#do ping 150.100.221.7 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 150.100.221.7, timeout is 2 seconds: > > !!!!! > > Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/17 ms > > Cat3560-3(config)# > > ================================================================ > > R9(config)# > > *Mar 16 22:34:15.639: NAT: map match r5 > > *Mar 16 22:34:15.639: mapping pointer available mapping:0 > > *Mar 16 22:34:15.639: NAT: [0] Allocated Port for 150.100.91.13 -> > 150.100.69.9: wanted 13 got 13 > > *Mar 16 22:34:15.639: NAT*: i: icmp (150.100.91.13, 13) -> (150.100.221.7, > 13) [65] > > *Mar 16 22:34:15.639: NAT*: i: icmp (150.100.91.13, 13) -> (150.100.221.7, > 13) [65] > > *Mar 16 22:34:15.639: NAT*: s=150.100.91.13->150.100.69.9, d=150.100.221.7 > [65] > > *Mar 16 22:34:15.655: NAT*: o: icmp (150.100.221.7, 13) -> (150.100.69.9, > 13) [65] > > *Mar 16 22:34:15.655: NAT*: s=150.100.221.7, d=150.100.69.9->150.100.91.13 > [65] > > *Mar 16 22:34:15.659: NAT*: i: icmp (150.100.91.13, 13) -> (150.100.221.7, > 13) [66] > > *Mar 16 22:34:15.659: NAT*: s=150.100.91.13->150.100.69.9, d=150.100.221.7 > [66] > > *Mar 16 22:34:15.671: NAT*: o: icmp (150.100.221.7, 13) -> (150.100.69.9, > 13) [66] > > *Mar 16 22:34:15.671: NAT*: s=150.100.221.7, d=150.100.69.9->150.100.91.13 > [66] > > *Mar 16 22:34:15.675: NAT*: i: icmp (150.100.91.13 > > R9(config)#, 13) -> (150.100.221.7, 13) [67] > > *Mar 16 22:34:15.675: NAT*: s=150.100.91.13->150.100.69.9, d=150.100.221.7 > [67] > > *Mar 16 22:34:15.687: NAT*: o: icmp (150.100.221.7, 13) -> (150.100.69.9, > 13) [67] > > *Mar 16 22:34:15.687: NAT*: s=150.100.221.7, d=150.100.69.9->150.100.91.13 > [67] > > *Mar 16 22:34:15.691: NAT*: i: icmp (150.100.91.13, 13) -> (150.100.221.7, > 13) [68] > > *Mar 16 22:34:15.695: NAT*: s=150.100.91.13->150.100.69.9, d=150.100.221.7 > [68] > > *Mar 16 22:34:15.707: NAT*: o: icmp (150.100.221.7, 13) -> (150.100.69.9, > 13) [68] > > *Mar 16 22:34:15.707: NAT*: s=150.100.221.7, d=150.100.69.9->150.100.91.13 > [68] > > *Mar 16 22:34:15.711: NAT*: i: icmp (150.100.91.13, 13) -> (150.100.221.7, > 13) [69] > > *Mar 16 22:34:15.711: NAT*: s=150.100.91.13->150.100.69.9, d=150.100.221.7 > [69] > > *Mar 16 22:34:15.727: NAT*: o: icmp (150.100.221.7, 13) -> (150.100.69.9, > 13) [69] > > *Mar 16 22:34:15.727: NAT*: s=150.100.221.7, d=150.100.69.9->150.100.91.13 > [69] > > R9(config)# > > R9(config)#do sh ip nat tran > > Pro Inside global Inside local Outside local Outside global > > icmp 150.100.69.9:13 150.100.91.13:13 150.100.221.7:13 > 150.100.221.7:13 > > > ========================================================================================== > > *from Cat ==4* > > * * > > *Cat3560-4#ping 100.100.250.9* > > * * > > *Type escape sequence to abort.* > > *Sending 5, 100-byte ICMP Echos to 100.100.250.9, timeout is 2 seconds:* > > *!!!!!* > > *Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms* > > *Cat3560-4#ping 150.100.12.1* > > * * > > *Type escape sequence to abort.* > > *Sending 5, 100-byte ICMP Echos to 150.100.12.1, timeout is 2 seconds:* > > *.....* > > *Success rate is 0 percent (0/5)* > > > > Cat3560-4#ping 200.0.0.1 > > > > Type escape sequence to abort. > > Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds: > > ..... > > Success rate is 0 percent (0/5) > > ================================== > > > > *R9#debug ip nat detailed* > > *IP NAT detailed debugging is on* > > *R9#* > > ================= > > Config for Cat3560-4# > > > > Cat3560-4# > > > > ! > > interface FastEthernet0/9 > > description R9 Fa0/1 > > switchport access vlan 2300 > > ! > > interface FastEthernet0/10 > > ! > > interface FastEthernet0/11 > > ! > > interface FastEthernet0/12 > > ! > > interface FastEthernet0/13 > > ! > > interface FastEthernet0/14 > > ! > > interface FastEthernet0/15 > > ! > > interface FastEthernet0/16 > > ! > > interface FastEthernet0/17 > > ! > > interface FastEthernet0/18 > > ! > > interface FastEthernet0/19 > > switchport mode dynamic desirable > > ! > > interface FastEthernet0/20 > > switchport mode dynamic desirable > > ! > > interface FastEthernet0/21 > > switchport mode dynamic desirable > > ! > > interface FastEthernet0/22 > > switchport mode dynamic desirable > > ! > > interface FastEthernet0/23 > > ! > > interface FastEthernet0/24 > > ! > > interface GigabitEthernet0/1 > > ! > > interface GigabitEthernet0/2 > > ! > > interface Vlan1 > > no ip address > > ! > > interface Vlan300 > > ip address 100.100.250.14 255.255.255.0 > > ! > > ip default-gateway 100.100.250.9 > > ip classless > > ip http server > > ip http secure-server > > > > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
