This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
icnd1:nat [2024/03/14 07:48] 114.119.138.183 old revision restored (2023/10/07 05:53) |
icnd1:nat [2024/04/27 08:10] (current) 52.211.143.139 old revision restored (2023/11/01 22:20) |
||
---|---|---|---|
Line 15: | Line 15: | ||
20 deny any | 20 deny any | ||
</ | </ | ||
+ | Then configure NAT to match against entries in the NAT list configured above. Specify '' | ||
< | < | ||
ip nat inside source list MY_LIST int fa0/0 OVERLOAD | ip nat inside source list MY_LIST int fa0/0 OVERLOAD | ||
</ | </ | ||
+ | |||
+ | ===== Verify NAT ===== | ||
+ | < | ||
+ | R1#sh ip nat statistics | ||
+ | Total active translations: | ||
+ | Outside interfaces: | ||
+ | FastEthernet0/ | ||
+ | Inside interfaces: | ||
+ | FastEthernet0/ | ||
+ | Hits: 16 Misses: 2 | ||
+ | CEF Translated packets: 18, CEF Punted packets: 0 | ||
+ | Expired translations: | ||
+ | Dynamic mappings: | ||
+ | -- Inside Source | ||
+ | [Id: 2] access-list NAT interface FastEthernet0/ | ||
+ | Appl doors: 0 | ||
+ | Normal doors: 0 | ||
+ | Queued Packets: 0 | ||
+ | |||
+ | R1#sh ip nat translations | ||
+ | Pro Inside global | ||
+ | icmp 2.2.2.1: | ||
+ | icmp 2.2.2.1: | ||
+ | |||
+ | |||
+ | </ | ||
+ | ==== Clear NAT Translations ==== | ||
+ | Useful with dynamic NAT in the event you run out of dynamic addresses to translate to. Clearing translations will free up slots if the clearout timer isn't quick enough. | ||
+ | < | ||
+ | R1#clear ip nat translation * | ||
+ | </ | ||
+ | |||
+ | ===== Chapter Questions ===== | ||
+ | ==== One ==== | ||
+ | Examine the following show command output on a router configured for dynamic NAT: | ||
+ | < | ||
+ | -- Inside Source | ||
+ | |||
+ | access-list 1 pool fred refcount 2288 | ||
+ | |||
+ | pool fred: netmask 255.255.255.240 | ||
+ | |||
+ | start 200.1.1.1 end 200.1.1.7 | ||
+ | |||
+ | type generic, total addresses 7, allocated 7 (100%), misses 965 | ||
+ | Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause? | ||
+ | </ | ||
+ | |||
+ | The NAT pool does not have enough entries to satisfy all requests. | ||
+ | |||
+ | The problem is not related to NAT, based on the information in the command output. | ||
+ | |||
+ | The command output does not supply enough information to identify the problem. | ||
+ | |||
+ | Standard ACL 1 cannot be used; an extended ACL must be used. | ||
+ | You answered this question correctly. × | ||
+ | |||
+ | Explanation: | ||
+ | The last line mentions that the pool has seven addresses, with all seven allocated, with the misses counter close to 1000 - meaning that close to 1000 new flows were rejected because of insufficient space in the NAT pool. |