1
00:00:09,650 --> 00:00:17,110
This is one of multiple network address translation or not to trouble shooting videos in this typology

2
00:00:17,120 --> 00:00:23,660
we've been told that hosts on the inside network rodder one acting as host one writer for acting as

3
00:00:23,660 --> 00:00:30,740
host two and write a five acting as host three are not able to paying wrote a three acting as Google

4
00:00:31,090 --> 00:00:37,730
wrote a tuneless typologies configured as the NAT router so let's do some verification on brought a

5
00:00:37,760 --> 00:00:50,460
one to one able to ping the Google Server 8 8 8 8 and at the moment it's not let's do a debug on route

6
00:00:50,490 --> 00:00:58,200
to acting as on NAT router so debug IP not do the ping again.

7
00:00:58,370 --> 00:01:07,490
We are not getting any output on the console and we are monitoring debugs on the console at the moment

8
00:01:10,280 --> 00:01:14,480
so let's verify that traffic is getting to the default gateway.

9
00:01:14,600 --> 00:01:20,920
In this example the Rodda has a default gateway of 10 dot wandered wondered too far for a ping tendered

10
00:01:20,920 --> 00:01:25,430
one would want to fight for traffic gets to the default gateway.

11
00:01:25,820 --> 00:01:29,600
Let's trace to Google dot com.

12
00:01:29,600 --> 00:01:34,740
Traffic gets to the default gateway which is Rodda to.

13
00:01:34,740 --> 00:01:35,620
In this example

14
00:01:39,140 --> 00:01:41,210
it gets no further.

15
00:01:41,210 --> 00:01:46,520
So the Trace's timing out so let's determine if the problem is on the net to rodder.

16
00:01:46,550 --> 00:01:53,410
So show IP net statistics shows us statistics of the net configuration.

17
00:01:53,490 --> 00:01:54,760
Here's the command.

18
00:01:55,100 --> 00:01:58,480
We don't have any active translations.

19
00:01:58,580 --> 00:02:01,840
The outside interfaces gigabit is 0 1 which is correct.

20
00:02:01,850 --> 00:02:09,400
Per our diagram inside interfaces are gigabit to 0 0 0 2 0 3 which is correct.

21
00:02:09,410 --> 00:02:16,680
Per our diagram we have a dynamic translation configured for inside source addresses.

22
00:02:16,940 --> 00:02:24,570
We're using access list one and a Nat Poole called Net pool which has this Sublette mosque and this

23
00:02:24,580 --> 00:02:26,490
range of addresses.

24
00:02:26,800 --> 00:02:32,320
So let's do some more investigation show run pipe include Nat.

25
00:02:32,520 --> 00:02:35,280
These are the commands on the various interfaces.

26
00:02:35,370 --> 00:02:41,070
We were able to see which interfaces had not configured through this output here.

27
00:02:41,550 --> 00:02:47,680
So we know that some interfaces are configured as inside and one is configured as outside.

28
00:02:48,120 --> 00:02:50,310
And that's what this config is showing.

29
00:02:50,400 --> 00:02:57,630
You could if you wanted to make sure use commands such a show run interface and a individually interface

30
00:02:57,630 --> 00:03:04,590
such as gigabit 0 or 1 to confirm that the match has being configured correctly on the interface.

31
00:03:05,100 --> 00:03:13,110
But the statistics command has shown us that output is ready to show run pipe including that we can

32
00:03:13,110 --> 00:03:21,150
see here that a net command is being configured netting inside source addresses using access list 1.

33
00:03:21,270 --> 00:03:27,600
And in fact Paul called Net pool which is configured here and we can see a range of addresses in the

34
00:03:27,600 --> 00:03:34,710
pool and a subnet mask show access lists.

35
00:03:34,870 --> 00:03:40,970
We've got access list one configured and that's what's being referenced in the next statement.

36
00:03:41,260 --> 00:03:47,220
And we have some matches in the access list show IP interface brief.

37
00:03:47,560 --> 00:03:50,570
Can you see the problem.

38
00:03:50,630 --> 00:03:53,570
Let's have a look at Rotto for sure.

39
00:03:53,570 --> 00:03:55,070
I've been to face brief.

40
00:03:55,250 --> 00:04:01,270
Can you see the problem here let me give you another hint.

41
00:04:01,270 --> 00:04:05,400
Show interface give it a 0 0 show.

42
00:04:05,420 --> 00:04:06,580
Bruhn interface.

43
00:04:06,600 --> 00:04:13,480
Give it to 00 and on Rotto for a show run interface gigabit 00.

44
00:04:13,820 --> 00:04:23,050
Can you see the problem is another hint to show run pipe include access look at how this access list

45
00:04:23,050 --> 00:04:24,120
is configured.

46
00:04:24,940 --> 00:04:29,550
Compare that to the IP addresses of the host devices.

47
00:04:30,170 --> 00:04:36,430
OK so notice this host is in subnet 10 1 2 0.

48
00:04:36,560 --> 00:04:43,960
This host is in subnet 10 1 1 0 slushed 24 mosque here.

49
00:04:43,960 --> 00:04:54,790
However the access list is matching 10 is 0 1 10 0 2 and 10 0 3 host 5 acting as our third internal

50
00:04:55,240 --> 00:05:04,320
PC has an IP address 10 1 3 3 slushed 24 the sexist list is incorrect.

51
00:05:04,320 --> 00:05:20,790
So no access list one access list 1 permit 10 1 1 0 slushed 24 10 1 2 0 Slide 24 10 1 3 0 slash 24.

52
00:05:21,300 --> 00:05:26,230
So show access list this access list looks better.

53
00:05:26,520 --> 00:05:34,190
Let's confirm that networks are paying 8 8 8 8 Ping's succeeds.

54
00:05:34,290 --> 00:05:44,400
We see the net translations on Route 2 for that host peing 8 8 8 8 Ping's succeed and we see the net

55
00:05:44,420 --> 00:05:55,630
translations and on five of those internal host Ping's succeed and we see the net translations.

56
00:05:55,760 --> 00:06:05,880
So be careful with your access lists your access lists hefty match your data statements and be correct

57
00:06:05,940 --> 00:06:13,440
for the hosts in the typology this net statement is matching X-ists list one access list one is now

58
00:06:13,440 --> 00:06:15,020
correctly configured.

59
00:06:15,120 --> 00:06:18,970
So we see matches on the access list.

60
00:06:19,200 --> 00:06:22,770
That was an example of troubleshooting Network Address Translation.

61
00:06:22,950 --> 00:06:24,670
I hope you enjoyed this video.

62
00:06:24,900 --> 00:06:29,850
If he did please like it please subscribe to my YouTube channel.

63
00:06:29,850 --> 00:06:32,410
I wish you all the very best.