Home > Articles > Cisco Certification > CCIE > Network Address Translation

Network Address Translation

Chapter Description

Network address translation (NAT) is a function by which IP addresses within a packet are replaced with different IP addresses. This function is most commonly performed by either routers or firewalls. This sample chapter from Cisco Press focuses on NAT within routers.

Troubleshooting Exercises

  1. Identify the mistake in the configuration in Example 4-33.

    Example 4-33 Configuration for Troubleshooting Exercise 1

    ip nat pool EX1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 type match-host
    ip nat pool EX1A netmask 255.255.255.240
     address 172.21.1.33 172.21.1.38
     address 172.21.1.40 172.21.1.46
    ip nat inside source list 1 pool EX1
    ip nat inside source static 10.18.53.210 192.168.1.1
    ip nat outside source list 2 pool EX1A
    !
    access-list 1 permit 10.0.0.0 0.255.255.255
    access-list 2 permit 192.168.2.0 0.0.0.255
  2. RTR1 in Figure 4-30 connects two internetworks with overlapping addresses.

    Figure 4-30 The Internetwork for Troubleshooting Exercise 2

    NAT is implemented on the router as configured in Example 4-34, but devices cannot communicate across the router. What is wrong?

    Example 4-34 Configuration for Troubleshooting Exercise 2

    interface Ethernet0
     ip address 172.16.10.1 255.255.255.0
     ip nat inside
    !
    interface Ethernet1
     ip address 172.16.255.254 255.255.255.0
     ip nat outside
    !
    router ospf 1
     redistribute static metric 10 metric-type 1 subnets
     network 10.0.0.0 0.255.255.255 area 0
    !
    ip nat translation timeout 500
    ip nat pool NET1 10.1.1.1 10.1.255.254 netmask 255.255.0.0
    ip nat pool NET2 192.168.1.1 192.168.255.254 netmask 255.255.0.0
    ip nat inside source list 1 pool NET1
    ip nat outside source list 1 pool NET2
    !
    ip classless
    !
    ip route 10.1.0.0 255.255.0.0 Ethernet0
    ip route 192.168.0.0 255.255.0.0 Ethernet1
    !
    access-list 1 permit 172.16.0.0 0.0.255.255
  3. Refer to the configurations of Cozumel and Guaymas in Figure 4-21. If the first line of access list 1 in both configurations is removed, what is the result? Can Guaymas and Cozumel still ping each other?