1
00:00:09,520 --> 00:00:15,460
This is one of multiple network address translation or NAT troubleshooting videos.

2
00:00:15,790 --> 00:00:22,630
In this topology, we've been told that hosts on the inside network rather one acting as host one we're

3
00:00:22,660 --> 00:00:29,590
out of four acting as host two and wrote a five acting as host three are not able to ping router three

4
00:00:29,590 --> 00:00:31,810
acting as google rather tune.

5
00:00:31,810 --> 00:00:34,660
This topology is configured as the nat rudder.

6
00:00:35,420 --> 00:00:43,790
So let's do some verification on rather one each rather one able to ping the Google server 8.8.8 to

7
00:00:43,790 --> 00:00:44,480
date.

8
00:00:44,480 --> 00:00:46,460
And at the moment it's not.

9
00:00:47,880 --> 00:00:53,460
Let's do a debug on router two acting as our natural rudder.

10
00:00:53,640 --> 00:00:55,380
So debug pipe net.

11
00:00:56,500 --> 00:00:57,790
Do the ping again.

12
00:00:58,150 --> 00:01:07,600
We are not getting any output on the console and we are monitoring bugs on the console at the moment.

13
00:01:10,050 --> 00:01:13,890
So let's verify that traffic is getting to the default gateway.

14
00:01:14,340 --> 00:01:22,500
In this example, the router has a default gateway of ten .1. 1 to 2.4, so paying 10.1 to 1 to five

15
00:01:22,500 --> 00:01:25,140
for traffic gets to the default gateway.

16
00:01:25,710 --> 00:01:29,130
Let's trace to google.com.

17
00:01:29,340 --> 00:01:31,740
Traffic gets to the default gateway.

18
00:01:33,380 --> 00:01:35,750
Which is rather too in this example.

19
00:01:38,980 --> 00:01:40,420
It gets no further.

20
00:01:40,960 --> 00:01:43,060
So the trace is timing out.

21
00:01:43,720 --> 00:01:46,420
So let's determine if the problem is on the net rudder.

22
00:01:46,420 --> 00:01:53,050
So show IP net statistics shows us statistics of the net configuration.

23
00:01:53,240 --> 00:01:54,610
Here's the command.

24
00:01:54,850 --> 00:01:57,940
We don't have any active translations.

25
00:01:58,360 --> 00:02:05,410
The outside interface is gigabit zero one, which is correct per a diagram inside interfaces or gigabit

26
00:02:05,500 --> 00:02:10,690
0002 and zero three, which is correct per our diagram.

27
00:02:11,820 --> 00:02:16,470
We have a dynamic translation configured for inside source addresses.

28
00:02:16,710 --> 00:02:24,570
We're using access list one and a Nat pool called the Nat Pool, which has this subject mask and this

29
00:02:24,570 --> 00:02:25,950
range of addresses.

30
00:02:26,590 --> 00:02:31,240
So let's do some more investigation show run pipe include net.

31
00:02:32,450 --> 00:02:38,960
These are the commands on the various interfaces we were able to see which interfaces had NAT configured

32
00:02:39,110 --> 00:02:40,880
through this output here.

33
00:02:41,330 --> 00:02:47,480
So we know that some interfaces are configured as inside and one is configured as outside.

34
00:02:47,840 --> 00:02:49,970
And that's what this config is showing.

35
00:02:50,120 --> 00:02:57,560
You could, if you wanted to make sure use commands such as show run interface and a individual interface

36
00:02:57,560 --> 00:03:04,280
such as gigabit zero one to confirm that the NAT has been configured correctly on the interface.

37
00:03:04,910 --> 00:03:13,070
But these statistics command has shown us that output already it's a show run pipe include Nat we can

38
00:03:13,070 --> 00:03:20,690
see here that a net command has been configured netting inside source addresses using access list one

39
00:03:20,990 --> 00:03:25,460
and a nat pool called Nat Pool, which is configured here.

40
00:03:25,640 --> 00:03:29,420
And we can see a range of addresses in the pool and a subnet mask.

41
00:03:30,780 --> 00:03:32,640
Show access lists.

42
00:03:34,620 --> 00:03:41,940
We've got access list one configured and that's what's been referenced in the net statement and we have

43
00:03:41,940 --> 00:03:44,490
some matches in the access list.

44
00:03:45,060 --> 00:03:47,100
Show IP interface brief.

45
00:03:47,400 --> 00:03:49,350
Can you see the problem?

46
00:03:50,380 --> 00:03:55,040
Let's have a look at rather for show IP interface brief.

47
00:03:55,060 --> 00:03:56,410
Can you see.

48
00:03:57,150 --> 00:03:58,800
The problem here.

49
00:04:00,070 --> 00:04:01,160
Let me give you another hint.

50
00:04:01,180 --> 00:04:02,560
Show interface gigabit.

51
00:04:02,620 --> 00:04:03,700
Zero zero.

52
00:04:04,570 --> 00:04:05,710
Show Run.

53
00:04:05,710 --> 00:04:07,030
Interface Gigabit.

54
00:04:07,030 --> 00:04:08,230
200.

55
00:04:08,500 --> 00:04:10,420
And on router four.

56
00:04:10,450 --> 00:04:11,140
Show Run.

57
00:04:11,140 --> 00:04:12,140
Interface gigabit.

58
00:04:12,160 --> 00:04:13,240
Zero zero.

59
00:04:13,690 --> 00:04:15,850
Can you see the problem?

60
00:04:16,329 --> 00:04:18,399
Here's another hint show run pipe.

61
00:04:18,399 --> 00:04:20,019
Include access.

62
00:04:21,480 --> 00:04:24,060
Look at how this access list is configured.

63
00:04:24,750 --> 00:04:29,210
Compare that to the IP addresses of the host devices.

64
00:04:30,040 --> 00:04:30,340
Okay.

65
00:04:30,340 --> 00:04:35,860
So notice this host is in subnet ten 120.

66
00:04:36,280 --> 00:04:42,520
This host is in subnet ten 110 slash 24 mask.

67
00:04:43,400 --> 00:04:43,910
Here.

68
00:04:43,910 --> 00:04:53,720
However, the access list is matching ten zero 110 zero two and ten zero three host five acting as our

69
00:04:53,720 --> 00:04:55,970
third internal PC.

70
00:04:57,270 --> 00:05:01,620
Has an IP address ten 133 slash 24.

71
00:05:02,310 --> 00:05:04,230
The success list is incorrect.

72
00:05:04,230 --> 00:05:11,670
So no access list, one access list one permit ten 110 slash 24.

73
00:05:13,540 --> 00:05:20,410
Ten 120 2410 130 slash 24.

74
00:05:21,040 --> 00:05:23,410
So show access list.

75
00:05:23,980 --> 00:05:26,020
This access list looks better.

76
00:05:26,260 --> 00:05:29,920
Let's confirm that networks are paying.

77
00:05:29,920 --> 00:05:31,630
8.8.8.8.

78
00:05:31,990 --> 00:05:33,190
Ping succeeds.

79
00:05:34,030 --> 00:05:37,690
We see the net translations on router two for that host.

80
00:05:39,260 --> 00:05:39,590
Pink.

81
00:05:39,590 --> 00:05:41,240
8.828.8.

82
00:05:41,930 --> 00:05:45,440
Pings succeed and we see the net translations.

83
00:05:46,890 --> 00:05:53,880
And en route of five of third internal host ping succeed and we see the net translations.

84
00:05:55,540 --> 00:05:58,510
So be careful with your access lists.

85
00:05:59,140 --> 00:06:07,780
Your access lists have to match your net statements and be correct for the hosts in the topology.

86
00:06:08,720 --> 00:06:14,780
This net statement is matching access list one access list one is now correctly configured.

87
00:06:14,840 --> 00:06:17,780
So we see matches on the access list.

88
00:06:19,050 --> 00:06:22,380
That was an example of troubleshooting network address translation.

89
00:06:22,800 --> 00:06:24,540
I hope you enjoyed this video.

90
00:06:24,660 --> 00:06:29,400
If you did, please like it and please subscribe to my YouTube channel.

91
00:06:29,700 --> 00:06:31,770
I wish you all the very best.