(Practice question) Help Creating a Dynamic Nat Pool in packet tracer?

[Theminecraftaddict555]

The question asks me to configure a router in the simulation with a nat pool that will use all 4 ip addresses in the 209.165.76.196/30 address space.

 

The command I used on the router to achieve this was: ip nat pool "whatever name (not specified by PT)" 209.165.76.197 209.165.76.200 netmask 255.255.255.252. But however, it states that the stand and end addresses are on different subnets?

 

Here is the pic of the scenario: https://imgur.com/a/cqgqt

 

 

 

 

 

[Levisallanon]

196 = 11000100

/30 means a subnet mask of .252 which is 11111100

So only the last two bits change, so the .196/32 goes from 

11000100 = 196

To

11000111 = 199

There is your problem :).

 

edit: changed the binary numbers to be right. I need to sleep more ...

[Theminecraftaddict555]

On 1/10/2018 at 10:26 PM, Levisallanon said:

196 = 11011000

/30 means a subnet mask of .252 which is 11111100

So only the last two bits change, so the .196/32 goes from 

11011000 = 196

To

11011011 = 199

Removing the network and broadcast adress leaves

197-198

There is your problem :).

that doesn't look correct when i calculated it, i ended up with 11000100

[Lurick]

Edit-2:

Reread some documentation to make sure I wasn't getting it wrong

 

You would just say 255.255.255.224 since the link is a /27 and you're just telling it, use these addresses from this subnet.

[Levisallanon]

2 minutes ago, Theminecraftaddict555 said:

that doesn't look correct when i calculated it, i ended up with 11000100

yup... guess I shouldn't do binary math from the top of my head at 3 am :P.
still your subnets where wrong ;).
so its from 11000100 to 11000111 (199)

[Theminecraftaddict555]

1 minute ago, Levisallanon said:

yup... guess I shouldn't do binary math from the top of my head at 3 am :P.
still your subnets where wrong ;).
so its from 11000100 to 11000111 (199)

so it would be: ip nat pool "whatever name (not specified by PT)" 209.165.76.196 209.165.76.199 netmask 255.255.255.248?

[Lurick]

3 minutes ago, Theminecraftaddict555 said:

so it would be: ip nat pool "whatever name (not specified by PT)" 209.165.76.196 209.165.76.199 netmask 255.255.255.248?

 

ip nat pool "name" 209.165.76.196 209.165.76.200 netmask 255.255.255.224

 

would be the correct way to do it, if I read the picture correctly since you're telling it "use X addresses from this subnet" with the nat command.

[Levisallanon]

2 minutes ago, Lurick said:

change the 199 to a 200

or

ip nat pool "name" 209.165.76.196 209.165.76.200 netmask 255.255.255.224

he needs a /30 network according to his assignment so that would be
ip nat pool "whatever name (not specified by PT)" 209.165.76.196 209.165.76.199 netmask 255.255.255.252?

 

right?

[Lurick]

2 minutes ago, Levisallanon said:

he needs a /30 network according to his assignment so that would be
ip nat pool "whatever name (not specified by PT)" 209.165.76.197 209.165.76.198 netmask 255.255.255.252?

 

right?

 

If I'm reading it right he has a /27 on the outside and he needs to use 4 of those addresses for NAT so a /29 down to a /27 would give the right number of host address range. You can specify a larger mask than the range of addresses you're using for NAT (if I remember correctly)

[Theminecraftaddict555]

2 minutes ago, Lurick said:

change the 199 to a 200

or

ip nat pool "name" 209.165.76.196 209.165.76.200 netmask 255.255.255.224

So its not 248 like you stated before? Since all we need is 6 host addresses for the requirements right?

[Lurick]

Just now, Theminecraftaddict555 said:

So its not 248 like you stated before? Since all we need is 6 host addresses for the requirements right?

I believe you can do it either way but I'm second guessing myself now, lol

I think that so long as the addresses you're telling it to use for nat are within the same subnet, then you could use either.

[Lurick]

Just double checked myself and got confirmation.

NAT won't let you use the broadcast or network address and so long as the netmask encompasses all of the addresses listed prior in the command then you're fine. So you could technically use a /24 if you wanted, so long as the addresses would fall within that /24 regardless of how many or how few, it's just best practice to make it fit as close as you can

[Theminecraftaddict555]

10 minutes ago, Lurick said:

Just double checked myself and got confirmation.

NAT won't let you use the broadcast or network address and so long as the netmask encompasses all of the addresses listed prior in the command then you're fine.

So i did this, assuming you stated that it was fine, ip nat pool "name" 209.165.76.196 209.165.76.200 netmask 255.255.255.248

 

but it gave me this message:

%Pool 1 mask 255.255.255.248 too small; should be at least 255.255.255.248

%Start and end addresses on different subnets

[Lurick]

1 minute ago, Theminecraftaddict555 said:

So i did this, assuming you stated that it was fine, ip nat pool "name" 209.165.76.196 209.165.76.200 netmask 255.255.255.248

 

but it gave me this message:

%Pool 1 mask 255.255.255.248 too small; should be at least 255.255.255.248

%Start and end addresses on different subnets

wat .248 is too small so use a .248

 

You can change it to .224 then and be fine.

[Levisallanon]

24 minutes ago, Lurick said:

 

If I'm reading it right he has a /27 on the outside and he needs to use 4 of those addresses for NAT so a /29 down to a /27 would give the right number of host address range. You can specify a larger mask than the range of addresses you're using for NAT (if I remember correctly)

From what I understand from his assignment and description:

On 1/11/2018 at 3:16 AM, Theminecraftaddict555 said:

The question asks me to configure a router in the simulation with a nat pool that will use all 4 ip addresses in the 209.165.76.196/30 address space.

 

The command I used on the router to achieve this was: ip nat pool "whatever name (not specified by PT)" 209.165.76.197 209.165.76.200 netmask 255.255.255.252. But however, it states that the stand and end addresses are on different subnets?

 

Here is the pic of the scenario: https://imgur.com/a/cqgqt

 

The outside has an IP block of 209.168.76.192/27
But it seems he has to make a nat pool in the 209.168.76.196/30 address block.

21 minutes ago, Lurick said:

Just double checked myself and got confirmation.

NAT won't let you use the broadcast or network address and so long as the netmask encompasses all of the addresses listed prior in the command then you're fine. So you could technically use a /24 if you wanted, so long as the addresses would fall within that /24

So taking this into account (Tought NAT would let you use the network and broadcast address.
so he needs to have the range of 196 to 199 in there.
 

Also @Lurick from what I see it's just GNS3 that excludes the network and broadcast IP. I mean you don't want that right? If you get a block of public IP's you want to use all of them, so you would normally expect NAT to use them.

So from looking at it again I would say what you want to do is (haven't test this).
-----
ip nat pool POOL_NAME 209.168.76.169 209.168.76.199 prefix-length 27

 

access-list ACL_NAME_1 permit 172.16.11 0 0.0.255
access-list ACL_NAME_2 permit 172.16.10 0 0.0.255

ip nat inside source list ACL_NAME_1 pool POOL_NAME
ip nat inside source list ACL_NAME_2 pool POOL_NAME
-----
If you only need to NAT 1 of the networks you can remove the lines for the other network and the ACL.
to be sure you could add the "overload" keyword to the ip nat inside statements. but I believe this was on on default (as you probably want to use PAT because you have more internal IP's then external ones).

[Theminecraftaddict555]

5 minutes ago, Levisallanon said:

From what I understand from his assignment and description:

 

The outside has an IP block of 209.168.76.192/27
But it seems he has to make a nat pool in the 209.168.76.196/30 address block.

So taking this into account (Tought NAT would let you use the network and broadcast address.
so he needs to have the range of 196 to 199 in there.
 

Also @Lurick from what I see it's just GNS3 that excludes the network and broadcast IP. I mean you don't want that right? If you get a block of public IP's you want to use all of them, so you would normally expect NAT to use them.

So from looking at it again I would say what you want to do is (haven't test this).
-----
ip nat pool POOL_NAME 209.168.76.169 209.168.76.199 prefix-length 27

 

access-list ACL_NAME_1 permit 172.16.11 0 0.0.255
access-list ACL_NAME_2 permit 172.16.10 0 0.0.255

ip nat inside source list ACL_NAME_1 pool POOL_NAME
ip nat inside source list ACL_NAME_2 pool POOL_NAME
-----
If you only need to NAT 1 of the networks you can remove the lines for the other network and the ACL.

 

9 minutes ago, Lurick said:

wat .248 is too small so use a .248

 

You can change it to .224 then and be fine.

Also something a little off topic here but PT wants me to name the pool a specific way but fails to tell me what to name it as it is taking off points for me "wrongly naming it"

 

All i see in the results is "Pool name 1" that is listed as wrong

[Levisallanon]

Just now, Theminecraftaddict555 said:

 

Also something a little off topic here but PT wants me to name the pool a specific way but fails to tell me what to name it as it is taking off points for me "wrongly naming it"

 

All i see in the results is "Pool name 1" that is listed as wrong

you can't use spaces in the pool name

[Theminecraftaddict555]

Just now, Levisallanon said:

you can't use spaces in the pool name

I used no spaces in mine, here let me show what it says https://imgur.com/a/ytHre

 

 

[Levisallanon]

5 minutes ago, Theminecraftaddict555 said:

I used no spaces in mine, here let me show what it says https://imgur.com/a/ytHre

 

 

I've never worked with packet tracer, I always use EveNG for it.
But here is the correct syntax for setting up the pool:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i3.html#wp6064781280
It might be you are using a very old ios image which doesn't allow for strings as pool names yet. but I believe that shouldn't be the problem.
So maybe the name of the pool was defined in the excercise.
Also maybe else change the prefix-length to 30 as they stated that in the excecise, but it shouldn't matter.