1: | ISP1 in Figure 4-28 has assigned the address block 201.50.13.0/24 to AS 3. ISP2 has assigned the address block 200.100.30.0/24 to AS 3. RTR1 and RTR2 are accepting full BGP routes from the ISP routers but do not transmit any routes to the ISPs. They run IBGP between them and OSPF on all Ethernet interfaces. No routes are redistributed between BGP and OSPF. The addresses of the router interfaces are as follows : RTR1, E0: 172.16.3.1/24 RTR1, E1: 172.16.2.1/24 RTR1, S0: 201.50.26.13/30 RTR2, E0: 172.16.3.2/24 RTR2, E1: 172.16.1.1/24 RTR2, S0: 200.100.29.241/30 SVR1 is the DNS server authoritative for AS 3; its address is 172.16.3.3. DNS1 reaches SVR1 at 201.50.13.1, whereas DNS2 reaches the same server at 200.100.30.254. Write routing and NAT configurations for RTR1 and RTR2, translating inside addresses appropriately for each ISP's assigned address block. Any inside device must be able to reach either ISP, but no packets can leave AS 3 with a private source address under any circumstance. |
A: | [click here] RTR1 interface Loopback0 ip address 172.16.255.2 255.255.255.255 ! interface Ethernet0 ip address 172.16.3.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 172.16.2.1 255.255.255.0 ip nat inside ! interface Serial0 description to ISP1 ip address 201.50.26.13 255.255.255.252 ip access-group 101 out ip nat outside ! autonomous-system 3 ! router ospf 1 redistribute static network 172.16.0.0 0.0.255.255 area 0 default-information originate ! router bgp 3 neighbor 172.16.255.1 remote-as 3 neighbor 172.16.255.1 update-source Loopback0 neighbor 201.50.26.14 remote-as 1 ! ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0 ip nat inside source list 1 pool ISP1Pool ip nat inside source static 172.16.3.3 201.50.13.1 ! ip route 0.0.0.0 0.0.0.0 201.50.26.14 ip route 201.50.0.0 255.255.192.0 201.50.26.14 ! access-list 1 permit 172.16.0.0 0.0.255.255 access-list 101 deny ip 172.16.0.0 0.0.255.255 any access-list 101 permit ip any any __________________________________________________________________ RTR2 interface Loopback0 ip address 172.16.255.1 255.255.255.255 ! interface Ethernet0 ip address 172.16.3.2 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 172.16.1.1 255.255.255.0 ip nat inside ! interface Serial0 description to ISP2 ip address 200.100.29.241 255.255.255.252 ip access-group 101 out ip nat outside ! autonomous-system 3 ! router ospf 1 redistribute static network 172.16.0.0 0.0.255.255 area 0 default-information originate ! router bgp 3 neighbor 172.16.255.2 remote-as 3 neighbor 172.16.255.2 update-source Loopback0 neighbor 200.100.29.242 remote-as 2 ! ip nat pool ISP2Pool 200.100.30.1 200.100.30.253 netmask 255.255.255.0 ip nat inside source list 1 pool ISP2Pool ip nat inside source static 172.16.3.3 200.100.30.254 ! ip route 0.0.0.0 0.0.0.0 200.100.29.242 ip route 200.100.0.0 255.255.224.0 200.100.29.242 ! access-list 1 permit 172.16.0.0 0.0.255.255 access-list 101 deny ip 172.16.0.0 0.0.255.255 any access-list 101 permit ip any any |
2: | The address of SVR2 in Figure 4-28 is 172.16.2.2, and the address of SVR3 is 172.16.2.3. Modify the configurations of Configuration Exercise 1 so that devices within ISP1's AS connect to the servers round- robin at the address 201.50.13.3. |
A: | Notice that in addition to the new commands, ISP1Pool has been modified to no longer include the address 201.50.13.3. RTR1 ip nat pool ISP1Pool 201.50.13.4 201.50.13.254 netmask 255.255.255.0 ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.0.0 type rotary ip nat inside source list 1 pool ISP1Pool ip nat inside source static 172.16.3.3 201.50.13.1 ip nat inside destination list 2 pool SVRs ! access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 201.50.13.3 |
3: | HTTP packets sent to 200.100.30.50 from ISP2 are sent to SVR2 in Figure 4-28. SMTP packets sent to 200.100.30.50 from ISP2 are sent to SVR3. Modify the configurations of the previous exercises to implement these translations. |
A: | The IG address falls in the middle of the ISP2Pool range, so in addition to the static NAT mappings, ISP2Pool must be reconfigured. RTR2 ip nat pool ISP2Pool netmask 255.255.255.0 address 200.100.30.1 200.100.30.49 address 200.100.30.51 200.100.30.253 ip nat inside source list 1 pool ISP2Pool ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable ip nat inside source static 172.16.3.3 200.100.30.254 ! access-list 1 permit 172.16.0.0 0.0.255.255 |
4: | Five outside devices in Figure 4-28, 201.50.12.67 “201.50.12.71, must appear to devices within AS 3 as having addresses 192.168.1.1 “192.168.1.5, respectively. Add the appropriate NAT configurations to the previously created configurations. |
A: | [click here] RTR1 ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0 ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary ip nat inside source list 1 pool ISP1Pool ip nat inside source static 172.16.3.3 201.50.13.1 ip nat inside destination list 2 pool SVRs ip nat outside source static 201.50.12.71 192.168.1.5 ip nat outside source static 201.50.12.70 192.168.1.4 ip nat outside source static 201.50.12.69 192.168.1.3 ip nat outside source static 201.50.12.68 192.168.1.2 ip nat outside source static 201.50.12.67 192.168.1.1 ! access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 201.50.13.1 |
5: | Devices in AS 3 of Figure 4-28 with addresses in the 172.16.100.0/24 subnet should all appear to have the IG address 200.100.30.75 when sending packets to ISP2. Modify the configurations of the previous exercises to accommodate this. |
A: | The solution is to configure PAT. Unlike the PAT example shown in this chapter, however, the address to be used here is not the address of the outgoing interface. So, an address pool is configured on RTR2 that consists of a single address. Notice also that access list 1 is modified so that the IL addresses used for PAT are not translated to the ISP2Pool range. RTR2 ip nat pool ISP2Pool netmask 255.255.255.0 address 200.100.30.1 200.100.30.49 address 200.100.30.51 200.100.30.253 ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0 ip nat inside source list 1 pool ISP2Pool ip nat inside source list 3 pool PATPool overload ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable ip nat inside source static 172.16.3.3 200.100.30.254 ! access-list 1 deny 172.16.100.0 0.0.0.255 access-list 1 permit 172.16.0.0 0.0.255.255 access-list 3 permit 172.16.100.0 0.0.0.255 |
6: | In Figure 4-29, redundant links have been added so that RTR1 and RTR2 each have connections to both ISPs, and each accept full BGP routes from both ISPs. The address of RTR1, S1 is 200.100.29.137/30, and the address of RTR2, S1 is 201.50.26.93/30. Write configurations for the two routers, ensuring that all features added in the previous exercises still work correctly. Figure 4-29. The Internetwork for Configuration Exercise 6 |
A: | [click here] RTR1 interface Loopback0 ip address 172.16.255.2 255.255.255.255 ! interface Ethernet0 ip address 172.16.3.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 172.16.2.1 255.255.255.0 ip nat inside ! interface Serial0 description to ISP1 ip address 201.50.26.13 255.255.255.252 ip access-group 101 out ip nat outside ! interface Serial1 description to ISP2 ip address 200.100.29.137 255.255.255.252 ip access-group 101 out ip nat outside ! autonomous-system 3 ! router ospf 1 redistribute static network 172.16.0.0 0.0.255.255 area 0 default-information originate ! router bgp 3 neighbor 172.16.255.1 remote-as 3 neighbor 172.16.255.1 update-source Loopback0 neighbor 200.100.29.138 remote-as 2 neighbor 201.50.26.14 remote-as 1 ! ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0 ip nat pool ISP2Pool netmask 255.255.255.0 address 200.100.30.1 200.100.30.49 address 200.100.30.51 200.100.30.253 ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0 ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary ip nat inside source route-map ISP1 pool ISP1Pool ip nat inside source route-map ISP2 pool ISP2Pool ip nat inside source list 3 pool PATPool overload ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable ip nat inside source static 172.16.3.3 201.50.13.1 ip nat inside destination list 2 pool SVRs ip nat outside source static 201.50.12.71 192.168.1.5 ip nat outside source static 201.50.12.70 192.168.1.4 ip nat outside source static 201.50.12.69 192.168.1.3 ip nat outside source static 201.50.12.68 192.168.1.2 ip nat outside source static 201.50.12.67 192.168.1.1 ! access-list 1 deny 172.16.100.0 0.0.0.255 access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 201.50.13.1 access-list 3 permit 172.16.100.0 0.0.0.255 access-list 4 permit 200.100.29.138 access-list 5 permit 201.50.26.14 access-list 101 deny ip 172.16.0.0 0.0.255.255 any access-list 101 permit ip any any ! route-map ISP1 permit 10 match ip address 1 match ip next-hop 5 ! route-map ISP2 permit 10 match ip address 1 match ip next-hop 4 __________________________________________________________________ RTR2 interface Loopback0 ip address 172.16.255.1 255.255.255.255 ! interface Ethernet0 ip address 172.16.3.2 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 172.16.1.1 255.255.255.0 ip nat inside ! interface Serial0 description to ISP2 ip address 200.100.29.241 255.255.255.252 ip access-group 101 out ip nat outside ! interface Serial1 description to ISP1 ip address 201.50.26.93 255.255.255.252 ip access-group 101 out ip nat outside autonomous-system 3 ! router ospf 1 redistribute static network 172.16.0.0 0.0.255.255 area 0 default-information originate ! router bgp 3 neighbor 172.16.255.2 remote-as 3 neighbor 172.16.255.2 update-source Loopback0 neighbor 200.100.29.242 remote-as 2 neighbor 201.50.26.94 remote-as 1 ! ip nat pool ISP1Pool 201.50.13.2 201.50.13.254 netmask 255.255.255.0 ip nat pool ISP2Pool netmask 255.255.255.0 address 200.100.30.1 200.100.30.49 address 200.100.30.51 200.100.30.253 ip nat pool PATPool 200.100.30.75 200.100.30.75 netmask 255.255.0.0 ip nat pool SVRs 172.16.2.2 172.16.2.3 netmask 255.255.255.0 type rotary ip nat inside source route-map ISP1 pool ISP1Pool ip nat inside source route-map ISP2 pool ISP2Pool ip nat inside source list 3 pool PATPool overload ip nat inside source static tcp 172.16.2.3 24 200.100.30.50 25 extendable ip nat inside source static tcp 172.16.2.2 80 200.100.30.50 80 extendable ip nat inside source static 172.16.3.3 200.100.30.254 ip nat inside destination list 2 pool SVRs ip nat outside source static 201.50.12.71 192.168.1.5 ip nat outside source static 201.50.12.70 192.168.1.4 ip nat outside source static 201.50.12.69 192.168.1.3 ip nat outside source static 201.50.12.68 192.168.1.2 ip nat outside source static 201.50.12.67 192.168.1.1 ! access-list 1 deny 172.16.100.0 0.0.0.255 access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 201.50.13.1 access-list 3 permit 172.16.100.0 0.0.0.255 access-list 4 permit 200.100.29.242 access-list 5 permit 201.50.26.94 access-list 101 deny ip 172.16.0.0 0.0.255.255 any access-list 101 permit ip any any ! route-map ISP1 permit 10 match ip address 1 match ip next-hop 5 ! route-map ISP2 permit 10 match ip address 1 match ip next-hop 4 |