1
00:00:08,910 --> 00:00:14,460
This is one of multiple videos discussing net or network address translation.

2
00:00:14,580 --> 00:00:22,920
In this video we are troubleshooting a net issue we've been told that hosts on the inside network.

3
00:00:23,370 --> 00:00:29,130
In other words, these hosts which are being represented by right of one, right of four and right of

4
00:00:29,130 --> 00:00:29,820
five.

5
00:00:31,410 --> 00:00:37,470
I'm not able to ping 8.8.8.8, which is a Google DNS server.

6
00:00:37,560 --> 00:00:45,300
And in this example, that's been represented by router three, so we have the inside and the outside

7
00:00:45,300 --> 00:00:50,490
network router two in this topology is our natural router.

8
00:00:51,530 --> 00:00:59,150
So let's connect to rather one which is acting as host one and see if it can ping.

9
00:00:59,390 --> 00:01:01,400
8.8.8.8.

10
00:01:01,880 --> 00:01:05,570
We're getting an unreachable message in the output here.

11
00:01:05,840 --> 00:01:09,500
Let's have a look at the routing table.

12
00:01:09,830 --> 00:01:16,430
This router has a default gateway configured as ten .1.1.254.

13
00:01:16,640 --> 00:01:22,340
That is rather two in the topology, which is our net router.

14
00:01:23,080 --> 00:01:27,940
So rather one acting as host, one is able to get to the net Rada.

15
00:01:28,000 --> 00:01:32,410
But it doesn't look like it's able to get to the Google router.

16
00:01:33,350 --> 00:01:39,290
So you can see in the output here, it's reached ten .1.1 or 2.54, but it doesn't look like it can

17
00:01:39,290 --> 00:01:40,280
get any further.

18
00:01:41,440 --> 00:01:45,460
Now to speed things up, I'm going to use the no IP domain lookup command.

19
00:01:46,790 --> 00:01:54,020
And then let's do that trace again so you can see it gets to default Gateway but can't get any further

20
00:01:54,020 --> 00:01:54,710
than that.

21
00:01:55,800 --> 00:01:57,750
Let's have a look at the default gateway.

22
00:01:58,700 --> 00:02:01,550
And see what's happening with the net translations.

23
00:02:02,060 --> 00:02:06,710
So this is rather to show IP net translations.

24
00:02:07,160 --> 00:02:09,440
There are no net translations at the moment.

25
00:02:09,470 --> 00:02:11,720
Show IP net statistics.

26
00:02:12,900 --> 00:02:20,760
So looking at the statistics, we can see that there have been translations in the past, outside interfaces,

27
00:02:20,760 --> 00:02:24,210
gigabyte zero one, which is this interface.

28
00:02:25,430 --> 00:02:29,450
Facing the writer acting as Google inside interfaces.

29
00:02:29,450 --> 00:02:33,020
Our gigabit to 0002 and zero three.

30
00:02:33,050 --> 00:02:39,740
In other words, these interfaces over here, a dynamic mapping has been configured for inside source

31
00:02:39,890 --> 00:02:41,270
address translation.

32
00:02:41,600 --> 00:02:48,290
We've got a access list pointing to a net pool called Net Pool.

33
00:02:48,590 --> 00:02:51,500
Can any of the other internal writers ping google?

34
00:02:51,590 --> 00:02:53,240
So this is root of for.

35
00:02:55,760 --> 00:02:57,380
Also getting unreachable.

36
00:02:57,410 --> 00:03:01,430
Let's do a debug ip nat on router two.

37
00:03:03,360 --> 00:03:07,230
We see a problem here saying that not translation failed.

38
00:03:07,260 --> 00:03:08,790
Dropping the packet.

39
00:03:09,000 --> 00:03:12,090
So we're getting a dropped packet from ten.

40
00:03:12,090 --> 00:03:19,410
One, two, two, which is this router.

41
00:03:20,460 --> 00:03:25,620
Let's have a look at rather one again so this writer couldn't trace to Google.

42
00:03:26,250 --> 00:03:28,050
Let's see what happens here.

43
00:03:28,590 --> 00:03:32,010
We also getting a net translation failure.

44
00:03:33,060 --> 00:03:35,250
So let's have a look at the configuration.

45
00:03:36,840 --> 00:03:37,250
Gigabit.

46
00:03:37,380 --> 00:03:47,500
Zero one is configured with this IP address and it's configured as the outside address show run interface.

47
00:03:47,520 --> 00:03:49,590
Gigabit zero zero is an example.

48
00:03:49,860 --> 00:03:54,480
It's configured with this IP address and it's configured as the inside net address.

49
00:03:55,930 --> 00:03:59,260
Show run pipe include Nat.

50
00:03:59,950 --> 00:04:05,260
So these are the statements on the interfaces telling us which interfaces are inside and outside.

51
00:04:05,920 --> 00:04:09,640
If I do a show run pipe, include access.

52
00:04:11,010 --> 00:04:12,480
Can you see the problem?

53
00:04:14,990 --> 00:04:15,350
Okay.

54
00:04:15,350 --> 00:04:20,240
So notice the statement IP Nat inside source list one pull.

55
00:04:20,240 --> 00:04:21,260
Nat, pull.

56
00:04:21,980 --> 00:04:27,080
In other words, we saying that any traffic matching access list, one which is permitting anything

57
00:04:27,080 --> 00:04:32,120
will be netted according to this net pool called net pool.

58
00:04:32,210 --> 00:04:39,740
But notice here, IP net pool, net pool instead of a net pool is being used.

59
00:04:40,070 --> 00:04:46,370
So everything else looks good, except we've got a spelling mistake on the net pool name.

60
00:04:47,300 --> 00:04:48,860
So let's fix that.

61
00:04:49,940 --> 00:04:50,870
No.

62
00:04:51,050 --> 00:04:53,060
And I'll remove this command.

63
00:04:55,540 --> 00:05:00,970
So no IP net pool and then I'll edit that to make it correct.

64
00:05:00,970 --> 00:05:02,140
So add the extra.

65
00:05:02,140 --> 00:05:06,100
Oh so show run pipe include net.

66
00:05:06,750 --> 00:05:13,680
The net pool referenced by the IP statement now exists in the configuration.

67
00:05:14,100 --> 00:05:16,010
So let's try and do that ping again.

68
00:05:16,020 --> 00:05:17,340
Ping succeeds.

69
00:05:17,640 --> 00:05:23,400
And notice we can see that ten 111, which is this rudder.

70
00:05:24,370 --> 00:05:34,540
Was netted 2828228 ten, which is the first IP address and the net pull for traffic going to 82282828.

71
00:05:34,570 --> 00:05:42,280
And then when the return traffic came back, this address was netted back to the internal address of

72
00:05:42,280 --> 00:05:43,870
the writer show IP.

73
00:05:43,870 --> 00:05:46,660
Net translation shows us that.

74
00:05:46,840 --> 00:05:51,190
So this inside a local address is being netted to this inside global address.

75
00:05:51,400 --> 00:05:53,830
The outside address is not being netted.

76
00:05:55,250 --> 00:06:01,820
So host one can ping google and we see the net translation taking place.

77
00:06:02,760 --> 00:06:03,900
Host for.

78
00:06:04,990 --> 00:06:07,390
Can also ping google.com.

79
00:06:08,000 --> 00:06:10,070
And we've also got another host here.

80
00:06:10,520 --> 00:06:12,680
Host five, if you like, or.

81
00:06:12,680 --> 00:06:15,170
Writer five acting as our third host.

82
00:06:18,540 --> 00:06:22,380
Can it ping Google?

83
00:06:23,280 --> 00:06:24,450
Yes, it can.

84
00:06:25,210 --> 00:06:27,700
So that was an example of how to troubleshoot Nat.

85
00:06:28,030 --> 00:06:29,710
I hope you've enjoyed this video.

86
00:06:29,710 --> 00:06:35,230
If it's been of benefit to you, please like it and please subscribe to my YouTube channel.

87
00:06:35,620 --> 00:06:37,510
I wish you all the very best.