1
00:00:08,400 --> 00:00:13,440
This is one of multiple network address translation or NAT videos.

2
00:00:14,220 --> 00:00:15,990
This is a troubleshooting video.

3
00:00:16,079 --> 00:00:23,700
In this scenario, you've been told that some hosts in the internal network are not able to connect

4
00:00:23,700 --> 00:00:24,780
to the Internet.

5
00:00:25,710 --> 00:00:27,390
In this Janus three topology.

6
00:00:27,390 --> 00:00:32,159
I've got four routers, router two and router three are acting as PCs.

7
00:00:32,580 --> 00:00:39,030
They have IP routing disabled, they have their default gateways configured as router one.

8
00:00:39,330 --> 00:00:41,970
Rather, one is going to act as our network address.

9
00:00:41,970 --> 00:00:45,930
Translation router and router four is going to act as Google.

10
00:00:46,290 --> 00:00:52,890
So let's test the network can write a one ping the DNS server.

11
00:00:53,220 --> 00:00:57,600
So router four pretending to be the Google DNS server.

12
00:00:57,720 --> 00:00:58,950
Yes, it can.

13
00:01:00,400 --> 00:01:01,840
What about rather three?

14
00:01:04,400 --> 00:01:06,640
Doesn't look like it's able to ping.

15
00:01:08,000 --> 00:01:08,960
Let's investigate.

16
00:01:08,960 --> 00:01:10,330
So show IP rot.

17
00:01:10,340 --> 00:01:16,670
We can see that IP routing is disabled on this router, but it's default gateways configured as ten

18
00:01:16,670 --> 00:01:17,450
111.

19
00:01:18,760 --> 00:01:23,860
What about on rather to rather to has the same configuration.

20
00:01:24,670 --> 00:01:37,210
Wrote to campaign ten 111 and can ping google router three can ping ten 111.

21
00:01:38,020 --> 00:01:40,990
We could trace to google.

22
00:01:41,410 --> 00:01:44,350
It gets to its default gateway ten 111.

23
00:01:45,920 --> 00:01:48,290
But then nothing happens.

24
00:01:51,840 --> 00:01:54,960
So we have a timeout on rudder one.

25
00:01:56,010 --> 00:02:00,150
So on router one, let's confirm the IP address in firstly.

26
00:02:01,530 --> 00:02:05,670
If zero one has an IP address of ten 111.

27
00:02:06,960 --> 00:02:08,910
That's the inside of the network.

28
00:02:10,470 --> 00:02:15,040
If zero zero has an IP address of 8228228244.

29
00:02:15,540 --> 00:02:19,260
So let's do a debug on the strata.

30
00:02:21,000 --> 00:02:22,260
Debug I peanut.

31
00:02:23,340 --> 00:02:23,940
Wrote it too.

32
00:02:23,940 --> 00:02:30,630
Was able to ping Google before and still can and we can see the natural translation taking place.

33
00:02:32,110 --> 00:02:34,570
When rudder three pings google.com.

34
00:02:34,570 --> 00:02:37,540
We don't see any net translations.

35
00:02:38,260 --> 00:02:39,520
Show IP.

36
00:02:41,200 --> 00:02:42,640
Net translations.

37
00:02:44,310 --> 00:02:46,710
So we see a net translation for.

38
00:02:47,470 --> 00:02:55,330
REPORTER two That's the IP address of WRITER two So show IP Interface Brief will show us that.

39
00:02:57,040 --> 00:03:00,550
So we can see the net translation four out of two.

40
00:03:00,790 --> 00:03:03,310
But we don't see a net translation.

41
00:03:03,310 --> 00:03:04,360
Four out of three.

42
00:03:04,870 --> 00:03:08,080
What happens if we clear the net translations?

43
00:03:10,790 --> 00:03:13,400
So there are no natural translations at the moment.

44
00:03:14,000 --> 00:03:20,510
When I ping from router three to Google we suddenly see translations.

45
00:03:21,400 --> 00:03:23,560
And the pings start succeeding.

46
00:03:24,460 --> 00:03:27,460
So Ken rather to paying google.com.

47
00:03:30,340 --> 00:03:34,240
Notice four out of two now no longer paying google.com.

48
00:03:35,020 --> 00:03:37,360
Let's clear the net translations again.

49
00:03:40,520 --> 00:03:43,100
Rather two is now able to paint google.com.

50
00:03:46,300 --> 00:03:48,100
But rather three is not.

51
00:03:51,030 --> 00:04:00,540
So it looks like when we clear the net translations, one device is able to connect to Google should

52
00:04:00,540 --> 00:04:01,020
run.

53
00:04:06,120 --> 00:04:13,080
If zero zero is correctly configured with an IP address and is configured as the outside NAT interface.

54
00:04:15,000 --> 00:04:22,590
If 0/1 has the correct insight IP address and is configured as the inside NAT interface.

55
00:04:24,590 --> 00:04:25,340
Okay.

56
00:04:25,370 --> 00:04:27,140
Can you see the problem?

57
00:04:27,920 --> 00:04:29,450
What's going on here?

58
00:04:30,770 --> 00:04:33,170
Notice we're not clear the net translation again.

59
00:04:35,900 --> 00:04:41,120
And then ping from Writer three, which wasn't able to ping previously.

60
00:04:41,420 --> 00:04:49,220
The pings now succeed show IP net translation we now see a net translation four out of three.

61
00:04:50,720 --> 00:04:56,930
So going back through the configuration and I'll scroll down to the net config.

62
00:04:58,130 --> 00:04:59,900
Can you see the problem?

63
00:05:00,890 --> 00:05:01,460
Okay.

64
00:05:01,490 --> 00:05:10,070
Have a look at this IP Nat inside source list one which is pointing to access list one that means that

65
00:05:10,070 --> 00:05:16,550
any IP address will be netted, but it's pointing to a pool called my pool.

66
00:05:18,510 --> 00:05:28,890
The net pool is configured with a starting IP address of 82828 8 to 2 and an ending IP address of 8.8.

67
00:05:28,890 --> 00:05:29,880
8 to 2.

68
00:05:30,740 --> 00:05:34,520
That means we've only put one IP address in the pool.

69
00:05:34,760 --> 00:05:40,790
Hence only one internal host can be netted at any given time.

70
00:05:42,310 --> 00:05:43,990
So let's remove this.

71
00:05:52,760 --> 00:05:54,080
We told her we can't remove it.

72
00:05:54,080 --> 00:05:56,570
So let's clear the IP net translations.

73
00:05:58,230 --> 00:05:59,970
Translation star.

74
00:06:01,400 --> 00:06:03,020
And try and remove it again.

75
00:06:03,140 --> 00:06:04,490
So it's removed now.

76
00:06:07,170 --> 00:06:14,310
What we should do is add additional IP addresses to the pool, so I'll add from 2 to 20.

77
00:06:14,940 --> 00:06:20,220
Previously it was from 8 to 8 two 8 to 2 to 8282822.

78
00:06:20,490 --> 00:06:23,160
But now it's going from 2 to 20.

79
00:06:23,760 --> 00:06:26,550
So show run pipe include.

80
00:06:27,910 --> 00:06:32,160
Net will show us that configuration.

81
00:06:33,540 --> 00:06:35,340
So Ken wrote a three ping.

82
00:06:36,560 --> 00:06:37,010
Google.

83
00:06:37,010 --> 00:06:41,060
Yes, it can can run a two ping Google.

84
00:06:41,940 --> 00:06:42,790
Yes, it can.

85
00:06:42,830 --> 00:06:50,130
It took it a while, but rather to campaign Google, write a three campaign Google and we see the net

86
00:06:50,130 --> 00:06:52,020
translations for both of them.

87
00:06:52,530 --> 00:06:56,250
Notice please, that the one device is netted.

88
00:06:57,190 --> 00:07:07,870
28282823 and the other one is netted 282882 data to the show IP net translation shows us that two addresses

89
00:07:07,870 --> 00:07:10,230
in the pool have been used.

90
00:07:10,810 --> 00:07:13,330
Show IP net statistics.

91
00:07:14,950 --> 00:07:18,400
At the moment we have six dynamic translations.

92
00:07:19,730 --> 00:07:23,510
Notice our poll shows us the list of IP addresses.

93
00:07:24,020 --> 00:07:30,470
So we have a starting address of 8.82822 and ending of 82822 820.

94
00:07:31,010 --> 00:07:37,850
There are 19 addresses in the pool and two have been allocated, so this would be another good command

95
00:07:37,850 --> 00:07:39,020
to use.

96
00:07:39,950 --> 00:07:41,540
Let's clear the net.

97
00:07:42,220 --> 00:07:44,770
Translation and remove the command.

98
00:07:50,130 --> 00:07:51,720
And I'll edit back.

99
00:07:53,800 --> 00:07:58,720
With only a single IP address in the pool.

100
00:07:59,890 --> 00:08:02,800
To show IP net translations.

101
00:08:03,460 --> 00:08:05,170
No translations at the moment.

102
00:08:05,380 --> 00:08:08,710
Show IP net statistics.

103
00:08:09,870 --> 00:08:13,380
Notice we only have one IP address in the pool.

104
00:08:13,380 --> 00:08:15,390
So when router three pings.

105
00:08:17,900 --> 00:08:19,880
And we look at the statistics again.

106
00:08:20,530 --> 00:08:24,340
Notice 100% of the pool is allocated.

107
00:08:25,360 --> 00:08:33,400
So that's why Writer two is not able to ping because the, because the pool consists of a single IP

108
00:08:33,400 --> 00:08:35,679
address and it's already been allocated.

109
00:08:36,590 --> 00:08:39,140
So again, be careful with your pools.

110
00:08:40,150 --> 00:08:43,299
You need to allocate enough addresses to the pool.

111
00:08:43,900 --> 00:08:46,300
So clear the net translations again.

112
00:08:51,710 --> 00:08:52,790
Well, remove.

113
00:08:55,050 --> 00:08:55,950
That pool.

114
00:08:57,850 --> 00:08:59,860
Configure it again with.

115
00:09:01,290 --> 00:09:08,940
Let's say, from 2 to 25 to show IP net statistics.

116
00:09:10,610 --> 00:09:14,630
We have 24 dresses in the pool in this range.

117
00:09:14,990 --> 00:09:16,580
None have been allocated.

118
00:09:17,760 --> 00:09:20,730
I'll send some traffic from both writer to and writer three.

119
00:09:24,590 --> 00:09:28,550
So we can see that rather too is being netted and so is rather three.

120
00:09:29,210 --> 00:09:31,220
And now when we look at the statistics.

121
00:09:32,200 --> 00:09:36,790
Notice 24 addresses are available to have been allocated.

122
00:09:37,300 --> 00:09:41,710
So that was an example of how to troubleshoot, network address translation or NAT.

123
00:09:42,720 --> 00:09:44,820
I hope you found the video useful.

124
00:09:44,940 --> 00:09:50,160
If you enjoyed it, please like it and please subscribe to my YouTube channel.

125
00:09:50,550 --> 00:09:52,800
I wish you all the very best.