Answers to Chapter 4 Troubleshooting Exercises

Identify the mistake in the configuration in Example 4-33.

Example 4-33 Configuration for Troubleshooting Exercise 1

  ip nat pool EX1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 type match-host   ip nat pool EX1A netmask 255.255.255.240   address 172.21.1.33 172.21.1.38   address 172.21.1.40 172.21.1.46   ip nat inside source list 1 pool EX1   ip nat inside source static 10.18.53.210 192.168.1.1   ip nat outside source list 2 pool EX1A   !   access-list 1 permit 10.0.0.0 0.255.255.255   access-list 2 permit 192.168.2.0 0.0.0.255  

The IG address in the static mapping overlaps with the pool EX1.

RTR1 in Figure 4-30 connects two internetworks with overlapping addresses.

NAT is implemented on the router as configured in Example 4-34, but devices cannot communicate across the router. What is wrong?

Example 4-34 Configuration for Troubleshooting Exercise 2

  interface Ethernet0   ip address 172.16.10.1 255.255.255.0   ip nat inside   !   interface Ethernet1   ip address 172.16.255.254 255.255.255.0   ip nat outside   !   router ospf 1   redistribute static metric 10 metric-type 1 subnets   network 10.0.0.0 0.255.255.255 area 0   !   ip nat translation timeout 500   ip nat pool NET1 10.1.1.1 10.1.255.254 netmask 255.255.0.0   ip nat pool NET2 192.168.1.1 192.168.255.254 netmask 255.255.0.0   ip nat inside source list 1 pool NET1   ip nat outside source list 1 pool NET2   !   ip classless   !   ip route 10.1.0.0 255.255.0.0 Ethernet0   ip route 192.168.0.0 255.255.0.0 Ethernet1   !   access-list 1 permit 172.16.0.0 0.0.255.255  

The problem is not with the NAT itself, but with routing. All translations are dynamic, and there is no way for a host on either side to determine the initial address to which packets must be sent to reach the other side.

Refer to the configurations of Cozumel and Guaymas in Figure 4-21. If the first line of access list 1 in both configurations is removed, what is the result? Can Guaymas and Cozumel still ping each other?

When either router sends a packet to the other sourced from its E1 interface, the source address is translated to an address out of the IG pool. The two routers can still ping each other even if the source address is translated. If Cozumel pings Guaymas, for example, its source address of 10.255.13.254 might be translated to 206.100.176.50. Although Guaymas does not recognize this address as part of its directly connected subnet, it has a route to 206.100.176.0/20 pointing to Cozumel. When it sends a response to the ping, the response is forwarded to Cozumel, which translates the destination address back to 10.255.13.254.