Q10 – NAT (2 Points)

R21 should manage NAS via telnet. Fix the problem so that telnet to NAS is successful as shown
in the exhibit:

R21#telnet nas.home.net 8008

Translating "nas.home.net"...domain server (8.8.8.8) [OK]
Trying nas.home.net (134.56.78.10, 8008)... Open

get
HTTP/1.1 400 Bad Request
Date: Sun, 23 Sep 2018 21:31:51 GMT
Server: cisco-IOS
Accept-Ranges: none

400 Bad Request

[Connection to nas.home.net closed by foreign host]

 NAS#ping www.cciecloud.net
Translating "www.cciecloud.net"...domain server (192.168.1.1) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 194.1.3.1, timeout is 2 seconds:
!!!!!

1. NAS IP Address
1. NAS e0/0 IP use address need to use DHCP. Also check MAC address
2. Check DHCP pool on R23
3. Check whether e0/0 get same IP address on R24

2. NAT
1. Check NAT configuration
2. Check NAT inside and outside interfaces

3. NSLOOKUP
1. R21 access to NAS
 Resolve URL from R26
 Enable domain lookup: #ip domain lookup
 NAS – enable HTTP service: #ip http server
2. NAS access to www.cciecloud.net
 Resolve IP address form R23 to NAS
 Enable domain lookup on R23: #ip domain lookup
 Enable DNS server on R23
 DNS server should point to 8.8.8.8
 Is DNS resolve normal, but can’t access, check for ACL deny packets

ANS Q10 –NAT

# Device Commands Validations
1 Ensure NAS gets IP Address
NAS sh ip int brief Ensure that the device can get ip address
from R23. No IP address found
NAS sh run int e0/0 Fault 1: Missing ip configuration
#no ip address
Fix NAS
int e0/0
ip address dhcp client-id e0/0
shut
no shut
sh ip int brief /--Ensure IP Address is obtained
R23 #sh run | s pool Check host and client-id statements.
Fault 2: Client-Identifier for NAS pool does
not match with the MAC of NAS e0/0
Fix R23
ip dhcp pool NAS
client-identifier 01aa.bbcc.0011.11
NAS
int e0/0
shut
no shut
sh ip int brief /--Ensure IP Address is obtained
2 Check NAT Config
R23 #sh run | s nat
R23#sh run | s nat
no crypto ipsec nat-transparency udp-encapsulation
ip nat inside
ip nat outside
ip nat source static tcp 192.168.1.200 23 interface Serial4/0 2323
ip nat source static tcp 192.168.1.200 80 134.56.78.10 8008
extendable
ip nat inside source list 194 interface Serial4/0 overload
ip nat inside source static esp 192.168.1.2 interface Serial4/0
ip nat inside source static udp 192.168.1.2 500 134.56.78.10 500
 extendable
ip nat inside source static udp 192.168.1.2 4500 134.56.78.10 4500
extendable

Check for the following statement

ip nat inside source static tcp 192.168.1.200 23 interface
Serial4/0 2323

ip nat inside source static tcp 192.168.1.200 80

134.56.78.10 8008 extendable
Fault 3: inside is missing on NAT statement
Fix R23
no ip nat source static tcp 192.168.1.200 23 interface
Serial4/0 2323

ip nat inside source static tcp 192.168.1.200 23 interface

Serial4/0 2323

no ip nat source static tcp 192.168.1.200 80 134.56.78.10

8008 extendable
ip nat inside source static tcp 192.168.1.200 80
134.56.78.10 8008 extendable
3 Domain Lookup Configurations
R21 sh ip dns view Check domain lookup (must be enabled)
and domain name server (must have a
value 8.8.8.8).
Fault 4: Domain lookup disabled and no ip
domain server
Fix R21
ip domain lookup
ip name-server 8.8.8.8
sh ip dns view /-- Ensure domain lookup enabled and dns server 8.8.8.8
R23 sh run | s dns Ensure the following statement found:
#dns-server 192.168.1.1
R23 sh ip dns view Fault 5: No domain name-server
sh run | s ip host
 /-- check for host entry
Fix R23
ip domain lookup
ip name-server 8.8.8.8
ip dns server
/--R23 needs to relay the dns. Hence it needs to be a dns server
Following error messages are common if domain lookup on R21 and R23 are not
configured properly
R21 telnet nas.home.net 8008 %Bad IP address or host name
R21 telnet nas.home.net 8008 Domain name translation is OK
Trying nas.home.net (124.56.78.10, 8008)
%Connection refused by remote host
Check R21# sh run | s nat
Successful after NAT fix
NAS #ping www.cciecloud.net Translating www.cciecloud.net …domain
server (192.168.1.1)
%Unrecognized host or IP address, or
protocol is missing

TS1 Q10 –NAT Fault Summary and Remediation

# Device Fault Remediation

1 NAS Missing ip int e0/0
configuration ip address dhcp client-id e0/0
shut
no shut
2 R23 Incorrect Client- R23
identifier on NAS Pool ip dhcp pool NAS
client-identifier 01aa.bbcc.0011.11
3 R23 Incorrect NAT ip nat inside source static tcp
statement 192.168.1.200 23 interface Serial4/0
 2323

ip nat inside source static tcp

192.168.1.200 80 134.56.78.10 8008
extendable
4 R21 Missing domain lookup ip domain lookup
and name-server ip name-server 8.8.8.8
configuration
5 R23 Missing dns server ip dns server
config

Troubleshooting Tips
 Step 1 – Make sure NAS can get IP Address
 Step 2 – Check NAT on R23
 Step 3 – Ensure R23 is the dns server

Concepts
1. cciecloud.net (194.1.3.1) is R26
2. DNS Server (192.168.1.1) is R23
3. The following NAT configs are important on R23.

ip nat inside source static tcp 192.168.1.200 23 interface Serial4/0

2323
ip nat inside source static tcp 192.168.1.200 80 134.56.78.10 8008
extendable

192.168.1.200 – NAS Server IP Address

134.56.78.10 – S4/0 of R23
When we run R21# telnet nas.home.com 8008, nas.home.com resolves to
134.56.78.10