[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:01.04,0:00:03.20,Default,,0000,0000,0000,,Hello, guys. Welcome back. My name is David,
Dialogue: 0,0:00:03.20,0:00:04.80,Default,,0000,0000,0000,,and today we are going to troubleshoot the
Dialogue: 0,0:00:04.80,0:00:07.84,Default,,0000,0000,0000,,Symposium Cisco network. So what I mean is I
Dialogue: 0,0:00:07.84,0:00:10.48,Default,,0000,0000,0000,,have one computer and one router.
Dialogue: 0,0:00:10.48,0:00:12.56,Default,,0000,0000,0000,,This router was configured to pass the
Dialogue: 0,0:00:12.56,0:00:14.88,Default,,0000,0000,0000,,traffic to translate this traffic into a
Dialogue: 0,0:00:14.88,0:00:17.76,Default,,0000,0000,0000,,public IP so the computer can serve the
Dialogue: 0,0:00:17.76,0:00:19.76,Default,,0000,0000,0000,,Internet. Now, what I did, I broke the
Dialogue: 0,0:00:19.76,0:00:21.84,Default,,0000,0000,0000,,configuration in several places, and we
Dialogue: 0,0:00:21.84,0:00:24.48,Default,,0000,0000,0000,,are going to start from the beginning to the
Dialogue: 0,0:00:24.48,0:00:26.80,Default,,0000,0000,0000,,end. We'll find all the problems and try
Dialogue: 0,0:00:26.80,0:00:28.91,Default,,0000,0000,0000,,to fix them. Stay with me.
Dialogue: 0,0:00:28.91,0:00:32.40,Default,,0000,0000,0000,,[Music].
Dialogue: 0,0:00:32.40,0:00:35.52,Default,,0000,0000,0000,,Okay. Let's start. This is my computer.
Dialogue: 0,0:00:35.52,0:00:37.12,Default,,0000,0000,0000,,This computer is supposed to have the IP
Dialogue: 0,0:00:37.12,0:00:39.84,Default,,0000,0000,0000,,address and DNS IP address, right? And the
Dialogue: 0,0:00:39.84,0:00:41.76,Default,,0000,0000,0000,,gateway, of course. Then traffic comes
Dialogue: 0,0:00:41.76,0:00:44.08,Default,,0000,0000,0000,,here on the Cisco router, and then from
Dialogue: 0,0:00:44.08,0:00:46.08,Default,,0000,0000,0000,,the router, it goes to the Internet.
Dialogue: 0,0:00:46.08,0:00:49.60,Default,,0000,0000,0000,,But here, we need to do NAT, right? Network Address
Dialogue: 0,0:00:49.60,0:00:52.96,Default,,0000,0000,0000,,Translation. So let's start and find all
Dialogue: 0,0:00:52.96,0:00:56.16,Default,,0000,0000,0000,,the problems I caused in the configuration.
Dialogue: 0,0:00:56.16,0:00:58.72,Default,,0000,0000,0000,,So, in order for the traffic to leave the
Dialogue: 0,0:00:58.72,0:01:00.72,Default,,0000,0000,0000,,computer, the computer is supposed to have
Dialogue: 0,0:01:00.72,0:01:02.64,Default,,0000,0000,0000,,the IP address. Let's make sure the computer
Dialogue: 0,0:01:02.64,0:01:04.24,Default,,0000,0000,0000,,has the IP address.
Dialogue: 0,0:01:06.40,0:01:08.96,Default,,0000,0000,0000,,And when we say, “Let’s make sure the computer
Dialogue: 0,0:01:08.96,0:01:11.52,Default,,0000,0000,0000,,has the IP address,”
Dialogue: 0,0:01:11.52,0:01:14.80,Default,,0000,0000,0000,,let's test the actual status of the IP
Dialogue: 0,0:01:14.80,0:01:16.80,Default,,0000,0000,0000,,address, not the configuration. And what I
Dialogue: 0,0:01:16.80,0:01:18.56,Default,,0000,0000,0000,,mean by that is
Dialogue: 0,0:01:18.56,0:01:20.96,Default,,0000,0000,0000,,you can go into a configuration and make
Dialogue: 0,0:01:20.96,0:01:22.80,Default,,0000,0000,0000,,sure the configuration is there by
Dialogue: 0,0:01:22.80,0:01:24.40,Default,,0000,0000,0000,,clicking this button,
Dialogue: 0,0:01:24.40,0:01:27.29,Default,,0000,0000,0000,,but that's not the way I want you to test it.
Dialogue: 0,0:01:27.29,0:01:28.56,Default,,0000,0000,0000,,I want to test
Dialogue: 0,0:01:28.56,0:01:30.64,Default,,0000,0000,0000,,the actual status of the configuration.
Dialogue: 0,0:01:30.64,0:01:32.80,Default,,0000,0000,0000,,That means you can either click here,
Dialogue: 0,0:01:32.80,0:01:36.08,Default,,0000,0000,0000,,“Details,” or in the CLI.
Dialogue: 0,0:01:36.08,0:01:37.76,Default,,0000,0000,0000,,Now, what's the difference, you might say?
Dialogue: 0,0:01:37.76,0:01:39.76,Default,,0000,0000,0000,,The difference is that sometimes, when
Dialogue: 0,0:01:39.76,0:01:41.68,Default,,0000,0000,0000,,you configure the IP address, Windows is
Dialogue: 0,0:01:41.68,0:01:44.80,Default,,0000,0000,0000,,not taking this IP address for some reason.
Dialogue: 0,0:01:44.80,0:01:47.04,Default,,0000,0000,0000,,There can be many, many reasons, but the
Dialogue: 0,0:01:47.04,0:01:49.60,Default,,0000,0000,0000,,configuration doesn't always work. So
Dialogue: 0,0:01:49.60,0:01:51.12,Default,,0000,0000,0000,,when you check the configuration on the
Dialogue: 0,0:01:51.12,0:01:53.12,Default,,0000,0000,0000,,IP address, it's not necessarily the case that the
Dialogue: 0,0:01:53.12,0:01:55.12,Default,,0000,0000,0000,,computer is using that IP address. So what we're
Dialogue: 0,0:01:55.12,0:01:56.96,Default,,0000,0000,0000,,going to do, we want to check the actual
Dialogue: 0,0:01:56.96,0:01:59.92,Default,,0000,0000,0000,,status of this configuration. Okay. So
Dialogue: 0,0:01:59.92,0:02:02.08,Default,,0000,0000,0000,,let's see what we have. We have the IP
Dialogue: 0,0:02:02.08,0:02:04.16,Default,,0000,0000,0000,,address here, as you can see,
Dialogue: 0,0:02:04.16,0:02:06.16,Default,,0000,0000,0000,,and we have the gateway. So we know the
Dialogue: 0,0:02:06.16,0:02:08.40,Default,,0000,0000,0000,,IP address is there, and probably the
Dialogue: 0,0:02:08.40,0:02:12.20,Default,,0000,0000,0000,,IP address works. We can ping the IP address itself,
Dialogue: 0,0:02:12.20,0:02:18.01,Default,,0000,0000,0000,,and yes, well, the IP stack, the TCP/IP stack, works on the computer.
Dialogue: 0,0:02:18.01,0:02:19.28,Default,,0000,0000,0000,,That's good. So now let's test
Dialogue: 0,0:02:19.28,0:02:21.28,Default,,0000,0000,0000,,the gateway and make sure the gateway works.
Dialogue: 0,0:02:21.28,0:02:22.88,Default,,0000,0000,0000,,Here's the gateway,
Dialogue: 0,0:02:22.88,0:02:25.20,Default,,0000,0000,0000,,and we want to ping that gateway to make
Dialogue: 0,0:02:25.20,0:02:28.40,Default,,0000,0000,0000,,sure the gateway is on the network.
Dialogue: 0,0:02:28.40,0:02:30.48,Default,,0000,0000,0000,,Now, you might already see that the gateway
Dialogue: 0,0:02:30.48,0:02:32.72,Default,,0000,0000,0000,,is .1 on the topology, so the
Dialogue: 0,0:02:32.72,0:02:35.44,Default,,0000,0000,0000,,gateway is wrong, but let's try and ping it.
Dialogue: 0,0:02:35.44,0:02:39.52,Default,,0000,0000,0000,,Ping 192.168.1.254,
Dialogue: 0,0:02:39.52,0:02:42.00,Default,,0000,0000,0000,,and the gateway is not pingable. And how
Dialogue: 0,0:02:42.00,0:02:43.84,Default,,0000,0000,0000,,do--let's say we don't know if the
Dialogue: 0,0:02:43.84,0:02:45.68,Default,,0000,0000,0000,,gateway is correct or not,
Dialogue: 0,0:02:45.68,0:02:47.84,Default,,0000,0000,0000,,or we know the gateway is correct, but we
Dialogue: 0,0:02:47.84,0:02:50.56,Default,,0000,0000,0000,,are not sure why we can't ping it. Ping
Dialogue: 0,0:02:50.56,0:02:53.20,Default,,0000,0000,0000,,could be closed. Nobody closed ICMP
Dialogue: 0,0:02:53.20,0:02:55.28,Default,,0000,0000,0000,,on the gateway, but let's say it's closed.
Dialogue: 0,0:02:55.28,0:02:57.52,Default,,0000,0000,0000,,You want to make sure the gateway is on
Dialogue: 0,0:02:57.52,0:03:00.19,Default,,0000,0000,0000,,the network, and for that, we can check the ARP.
Dialogue: 0,0:03:00.19,0:03:01.68,Default,,0000,0000,0000,,Let's go ahead on the Windows
Dialogue: 0,0:03:01.68,0:03:05.04,Default,,0000,0000,0000,,machine and type arp -a,
Dialogue: 0,0:03:05.04,0:03:06.80,Default,,0000,0000,0000,,and this will show you the ARP cache and, you
Dialogue: 0,0:03:06.80,0:03:08.64,Default,,0000,0000,0000,,know, the IP address mapped to the MAC address.
Dialogue: 0,0:03:08.64,0:03:11.60,Default,,0000,0000,0000,,So let's see if we have 254 here in the
Dialogue: 0,0:03:11.60,0:03:14.08,Default,,0000,0000,0000,,ARP cache--and we don't have it.
Dialogue: 0,0:03:14.08,0:03:16.64,Default,,0000,0000,0000,,But we have .1,
Dialogue: 0,0:03:16.64,0:03:19.25,Default,,0000,0000,0000,,and let's try and ping it--.1.
Dialogue: 0,0:03:21.68,0:03:24.96,Default,,0000,0000,0000,,It's not pingable. That's weird. But, well,
Dialogue: 0,0:03:24.96,0:03:26.80,Default,,0000,0000,0000,,at least we know it's .1, but let's
Dialogue: 0,0:03:26.80,0:03:29.60,Default,,0000,0000,0000,,go ahead and change that one.
Dialogue: 0,0:03:29.60,0:03:31.68,Default,,0000,0000,0000,,You know what? We have the Cisco router,
Dialogue: 0,0:03:31.68,0:03:34.56,Default,,0000,0000,0000,,and we have the interface G3--Gigabit Ethernet 3--and
Dialogue: 0,0:03:34.56,0:03:37.20,Default,,0000,0000,0000,,let's see what's the IP address on the interface.
Dialogue: 0,0:03:37.20,0:03:38.32,Default,,0000,0000,0000,,Show
Dialogue: 0,0:03:38.32,0:03:42.24,Default,,0000,0000,0000,,run--not sure--show interface G3--
Dialogue: 0,0:03:42.80,0:03:43.70,Default,,0000,0000,0000,,address.
Dialogue: 0,0:03:45.12,0:03:47.84,Default,,0000,0000,0000,,And as you can see, this is the IP
Dialogue: 0,0:03:47.84,0:03:49.04,Default,,0000,0000,0000,,address
Dialogue: 0,0:03:49.04,0:03:52.24,Default,,0000,0000,0000,,of the Cisco router. So yes, the computer
Dialogue: 0,0:03:52.24,0:03:56.32,Default,,0000,0000,0000,,is supposed to have .1 as a gateway, not 254.
Dialogue: 0,0:03:56.64,0:03:59.80,Default,,0000,0000,0000,,So let's go ahead and fix that on the computer.
Dialogue: 0,0:03:59.80,0:04:05.67,Default,,0000,0000,0000,,We are one step closer to fixing the problem.
Dialogue: 0,0:04:06.24,0:04:08.48,Default,,0000,0000,0000,,And let's do .1.
Dialogue: 0,0:04:08.48,0:04:10.32,Default,,0000,0000,0000,,Now
Dialogue: 0,0:04:10.32,0:04:13.44,Default,,0000,0000,0000,,remember, .1 wasn't pingable from
Dialogue: 0,0:04:13.44,0:04:15.04,Default,,0000,0000,0000,,the computer,
Dialogue: 0,0:04:15.04,0:04:17.04,Default,,0000,0000,0000,,and we want to find out why we cannot
Dialogue: 0,0:04:17.04,0:04:19.60,Default,,0000,0000,0000,,ping it. Should it be pingable? Should it not?
Dialogue: 0,0:04:19.60,0:04:22.00,Default,,0000,0000,0000,,Let's go ahead and check if there's
Dialogue: 0,0:04:22.00,0:04:25.28,Default,,0000,0000,0000,,any access list on the Cisco router
Dialogue: 0,0:04:25.28,0:04:28.65,Default,,0000,0000,0000,,on the inside interface. Show run
Dialogue: 0,0:04:30.48,0:04:34.96,Default,,0000,0000,0000,,inside interface Gigabit 3/3, and | include for
Dialogue: 0,0:04:34.96,0:04:38.36,Default,,0000,0000,0000,,the inbound. And sure, there is an access list.
Dialogue: 0,0:04:38.36,0:04:40.62,Default,,0000,0000,0000,,Let's check what's inside.
Dialogue: 0,0:04:42.08,0:04:47.04,Default,,0000,0000,0000,,Okay, we have permit ip 192.168.3.
Dialogue: 0,0:04:47.04,0:04:48.00,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:04:48.00,0:04:50.08,Default,,0000,0000,0000,,And /24.
Dialogue: 0,0:04:50.08,0:04:53.52,Default,,0000,0000,0000,,So the access list is not permitting our
Dialogue: 0,0:04:53.52,0:04:55.44,Default,,0000,0000,0000,,traffic coming from the computer because,
Dialogue: 0,0:04:55.44,0:04:58.16,Default,,0000,0000,0000,,remember, our IP address or subnet on
Dialogue: 0,0:04:58.16,0:05:02.64,Default,,0000,0000,0000,,the computer is 192.168.1.--
Dialogue: 0,0:05:02.64,0:05:05.76,Default,,0000,0000,0000,,not 3, but 1--on the third octet. And the
Dialogue: 0,0:05:05.76,0:05:10.13,Default,,0000,0000,0000,,access list on the Cisco router is not having this .1.
Dialogue: 0,0:05:10.13,0:05:12.49,Default,,0000,0000,0000,,So let's go ahead and fix that.
Dialogue: 0,0:05:14.16,0:05:16.64,Default,,0000,0000,0000,,We need to go into the access list--
Dialogue: 0,0:05:16.64,0:05:18.00,Default,,0000,0000,0000,,extended--
Dialogue: 0,0:05:18.00,0:05:21.12,Default,,0000,0000,0000,,inside inbound. And, you know, we know
Dialogue: 0,0:05:21.12,0:05:23.20,Default,,0000,0000,0000,,for sure that there is not
Dialogue: 0,0:05:23.20,0:05:25.20,Default,,0000,0000,0000,,supposed to be the 3
Dialogue: 0,0:05:25.20,0:05:27.68,Default,,0000,0000,0000,,network on this LAN, right? So it's okay
Dialogue: 0,0:05:27.68,0:05:30.68,Default,,0000,0000,0000,,to remove this IP address and fix that.
Dialogue: 0,0:05:31.84,0:05:42.36,Default,,0000,0000,0000,,Node 20, and then permit ip 192.168.1.0 0.0.0.255 any.
Dialogue: 0,0:05:42.36,0:05:43.68,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:05:43.68,0:05:45.60,Default,,0000,0000,0000,,Now it looks great.
Dialogue: 0,0:05:45.60,0:05:47.100,Default,,0000,0000,0000,,Let's see if we can ping the router.
Dialogue: 0,0:05:55.60,0:05:57.76,Default,,0000,0000,0000,,Okay. We can ping the router.
Dialogue: 0,0:05:57.76,0:06:01.74,Default,,0000,0000,0000,,Great. Now let's check--do we have the Internet?
Dialogue: 0,0:06:03.36,0:06:07.04,Default,,0000,0000,0000,,And no, we don't. Okay.
Dialogue: 0,0:06:07.04,0:06:08.32,Default,,0000,0000,0000,,Let's see
Dialogue: 0,0:06:08.32,0:06:10.80,Default,,0000,0000,0000,,what else we are missing here. Do we have
Dialogue: 0,0:06:10.80,0:06:12.29,Default,,0000,0000,0000,,the route?
Dialogue: 0,0:06:13.36,0:06:16.24,Default,,0000,0000,0000,,No. Actually, let's make sure the Cisco
Dialogue: 0,0:06:16.24,0:06:20.05,Default,,0000,0000,0000,,router has the Internet. Ping 8.8.8.8.
Dialogue: 0,0:06:20.05,0:06:21.12,Default,,0000,0000,0000,,Cisco router
Dialogue: 0,0:06:21.12,0:06:23.84,Default,,0000,0000,0000,,doesn't have the Internet. Let's fix that.
Dialogue: 0,0:06:23.84,0:06:25.92,Default,,0000,0000,0000,,So what do you need on the router to
Dialogue: 0,0:06:25.92,0:06:27.68,Default,,0000,0000,0000,,have the Internet? You need the IP
Dialogue: 0,0:06:27.68,0:06:29.44,Default,,0000,0000,0000,,address, you need the next hop, which is
Dialogue: 0,0:06:29.44,0:06:31.60,Default,,0000,0000,0000,,that .1, and you need a connection between
Dialogue: 0,0:06:31.60,0:06:33.52,Default,,0000,0000,0000,,ISP and the router.
Dialogue: 0,0:06:33.52,0:06:35.76,Default,,0000,0000,0000,,Let's check what is the interface on the
Dialogue: 0,0:06:35.76,0:06:37.60,Default,,0000,0000,0000,,Gigabit1,
Dialogue: 0,0:06:37.60,0:06:40.60,Default,,0000,0000,0000,,and what is the IP address here?
Dialogue: 0,0:06:46.08,0:06:47.04,Default,,0000,0000,0000,,Okay,
Dialogue: 0,0:06:47.04,0:06:49.12,Default,,0000,0000,0000,,that's great. Now, what's the gateway? Show
Dialogue: 0,0:06:49.12,0:06:51.20,Default,,0000,0000,0000,,ip route.
Dialogue: 0,0:06:51.20,0:06:53.84,Default,,0000,0000,0000,,And our gateway is .3.
Dialogue: 0,0:06:53.84,0:06:54.96,Default,,0000,0000,0000,,But remember,
Dialogue: 0,0:06:54.96,0:06:57.36,Default,,0000,0000,0000,,our ISP has .1, not .3. So
Dialogue: 0,0:06:57.36,0:06:59.84,Default,,0000,0000,0000,,let's go ahead and fix that too.
Dialogue: 0,0:06:59.84,0:07:02.48,Default,,0000,0000,0000,,Here's my route, which I need to remove
Dialogue: 0,0:07:02.48,0:07:04.55,Default,,0000,0000,0000,,and add the new one.
Dialogue: 0,0:07:05.44,0:07:07.68,Default,,0000,0000,0000,,Now remember, if you just add the route,
Dialogue: 0,0:07:07.68,0:07:09.60,Default,,0000,0000,0000,,you'll have two routes. It's not going to
Dialogue: 0,0:07:09.60,0:07:12.17,Default,,0000,0000,0000,,replace--even though it has the same destination.
Dialogue: 0,0:07:12.17,0:07:13.60,Default,,0000,0000,0000,,It's not going to replace. So
Dialogue: 0,0:07:13.60,0:07:17.65,Default,,0000,0000,0000,,you want to remove the old route and add the new one.
Dialogue: 0,0:07:20.32,0:07:23.20,Default,,0000,0000,0000,,Okay. Now we have the route in the
Dialogue: 0,0:07:23.20,0:07:25.28,Default,,0000,0000,0000,,routing table--proper route. Now let's see if we
Dialogue: 0,0:07:25.28,0:07:28.32,Default,,0000,0000,0000,,can ping Google. Ping Google
Dialogue: 0,0:07:28.32,0:07:30.00,Default,,0000,0000,0000,,from the Cisco router.
Dialogue: 0,0:07:30.00,0:07:31.04,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:07:31.04,0:07:33.04,Default,,0000,0000,0000,,Cisco router has the Internet. Now let's
Dialogue: 0,0:07:33.04,0:07:35.04,Default,,0000,0000,0000,,come back to the computer and see
Dialogue: 0,0:07:35.04,0:07:38.48,Default,,0000,0000,0000,,if the computer also has the Internet.
Dialogue: 0,0:07:38.48,0:07:42.32,Default,,0000,0000,0000,,Well, no. Computer doesn't have the Internet. Okay.
Dialogue: 0,0:07:42.32,0:07:45.28,Default,,0000,0000,0000,,Let's think. What do we need to do?
Dialogue: 0,0:07:45.28,0:07:47.68,Default,,0000,0000,0000,,What do we need to have on the Cisco router
Dialogue: 0,0:07:47.68,0:07:50.24,Default,,0000,0000,0000,,to allow Internet access from
Dialogue: 0,0:07:50.24,0:07:52.16,Default,,0000,0000,0000,,the computer
Dialogue: 0,0:07:52.16,0:07:53.84,Default,,0000,0000,0000,,so the computer can serve Internet
Dialogue: 0,0:07:53.84,0:07:56.72,Default,,0000,0000,0000,,sites--websites? Okay? So first,
Dialogue: 0,0:07:56.72,0:07:58.96,Default,,0000,0000,0000,,the computer has the private IP address. You
Dialogue: 0,0:07:58.96,0:08:01.76,Default,,0000,0000,0000,,see? And the Cisco router external
Dialogue: 0,0:08:01.76,0:08:04.56,Default,,0000,0000,0000,,interface is the public IP address. So we
Dialogue: 0,0:08:04.56,0:08:07.36,Default,,0000,0000,0000,,want to translate our private IP subnet
Dialogue: 0,0:08:07.36,0:08:10.40,Default,,0000,0000,0000,,into a public IP address of the router. And for
Dialogue: 0,0:08:10.40,0:08:12.72,Default,,0000,0000,0000,,that, we need to do the NAT.
Dialogue: 0,0:08:12.72,0:08:14.88,Default,,0000,0000,0000,,And let's make sure we have the NAT
Dialogue: 0,0:08:14.88,0:08:17.60,Default,,0000,0000,0000,,translations on the Cisco router. So
Dialogue: 0,0:08:17.60,0:08:20.00,Default,,0000,0000,0000,,let's go ahead and try to ping--
Dialogue: 0,0:08:20.00,0:08:22.80,Default,,0000,0000,0000,,actually, it does not--
Dialogue: 0,0:08:22.80,0:08:26.16,Default,,0000,0000,0000,,let's ping and come back here and see
Dialogue: 0,0:08:26.16,0:08:28.70,Default,,0000,0000,0000,,if we have NAT translations.
Dialogue: 0,0:08:32.72,0:08:35.82,Default,,0000,0000,0000,,And we have some NAT translations,
Dialogue: 0,0:08:38.96,0:08:41.84,Default,,0000,0000,0000,,which are not our Google IP addresses.
Dialogue: 0,0:08:41.84,0:08:43.20,Default,,0000,0000,0000,,So let's clear up:
Dialogue: 0,0:08:43.20,0:08:45.84,Default,,0000,0000,0000,,clear ip nat translation *
Dialogue: 0,0:08:45.84,0:08:47.84,Default,,0000,0000,0000,,dynamic I believe here.
Dialogue: 0,0:08:47.84,0:08:50.02,Default,,0000,0000,0000,,No. Just everything.
Dialogue: 0,0:08:50.66,0:08:53.60,Default,,0000,0000,0000,,Okay. Show ip nat translations.
Dialogue: 0,0:08:53.60,0:08:55.60,Default,,0000,0000,0000,,We don't have new translations. That
Dialogue: 0,0:08:55.60,0:08:58.08,Default,,0000,0000,0000,,means the Cisco router is not translating
Dialogue: 0,0:08:58.08,0:09:02.16,Default,,0000,0000,0000,,our traffic from the private subnet into the public IP.
Dialogue: 0,0:09:02.16,0:09:04.32,Default,,0000,0000,0000,,And let's troubleshoot that. We need to
Dialogue: 0,0:09:04.32,0:09:06.48,Default,,0000,0000,0000,,have the configuration for that, right? So
Dialogue: 0,0:09:06.48,0:09:08.24,Default,,0000,0000,0000,,let's go ahead and do this: show
Dialogue: 0,0:09:08.24,0:09:10.96,Default,,0000,0000,0000,,run interface Gigabit3. And does it
Dialogue: 0,0:09:10.96,0:09:14.08,Default,,0000,0000,0000,,have the NAT configuration on the Gigabit3?
Dialogue: 0,0:09:14.08,0:09:17.20,Default,,0000,0000,0000,,It does. And it has no IP NAT inside.
Dialogue: 0,0:09:17.20,0:09:18.72,Default,,0000,0000,0000,,That's great. Now, the
Dialogue: 0,0:09:18.72,0:09:20.72,Default,,0000,0000,0000,,inside interface is supposed to have IP
Dialogue: 0,0:09:20.72,0:09:23.52,Default,,0000,0000,0000,,NAT inside. The outside interface, though, is
Dialogue: 0,0:09:23.52,0:09:26.00,Default,,0000,0000,0000,,supposed to have IP NAT outside.
Dialogue: 0,0:09:26.00,0:09:27.37,Default,,0000,0000,0000,,Let's check that.
Dialogue: 0,0:09:31.28,0:09:33.36,Default,,0000,0000,0000,,Oh, the outside interface doesn't have IP NAT
Dialogue: 0,0:09:33.36,0:09:35.84,Default,,0000,0000,0000,,outside at all. So let's go ahead and
Dialogue: 0,0:09:35.84,0:09:37.28,Default,,0000,0000,0000,,configure that--
Dialogue: 0,0:09:37.28,0:09:39.36,Default,,0000,0000,0000,,IP NAT outside.
Dialogue: 0,0:09:39.36,0:09:40.96,Default,,0000,0000,0000,,And now
Dialogue: 0,0:09:40.96,0:09:44.56,Default,,0000,0000,0000,,we've fixed NAT, well, at least partially, on
Dialogue: 0,0:09:44.56,0:09:46.88,Default,,0000,0000,0000,,the Cisco router. Now we know that the
Dialogue: 0,0:09:46.88,0:09:48.64,Default,,0000,0000,0000,,inside interface and outside interface--
Dialogue: 0,0:09:48.64,0:09:51.44,Default,,0000,0000,0000,,they both have NAT configuration on them.
Dialogue: 0,0:09:51.44,0:09:54.96,Default,,0000,0000,0000,,Let's go ahead and check IP NAT translation again.
Dialogue: 0,0:09:56.56,0:09:59.52,Default,,0000,0000,0000,,Alright. We have some traffic here.
Dialogue: 0,0:09:59.52,0:10:02.88,Default,,0000,0000,0000,,This is our IP address,
Dialogue: 0,0:10:02.88,0:10:04.56,Default,,0000,0000,0000,,right? Right?
Dialogue: 0,0:10:04.56,0:10:07.68,Default,,0000,0000,0000,,And this is what we are trying to ping.
Dialogue: 0,0:10:07.68,0:10:09.60,Default,,0000,0000,0000,,And this is the ICMP protocol, and this
Dialogue: 0,0:10:09.60,0:10:13.04,Default,,0000,0000,0000,,is the IP address we are translated into.
Dialogue: 0,0:10:13.04,0:10:15.36,Default,,0000,0000,0000,,So if we check this IP address on the
Dialogue: 0,0:10:15.36,0:10:18.56,Default,,0000,0000,0000,,interface, that's our IP address. We know
Dialogue: 0,0:10:18.56,0:10:23.44,Default,,0000,0000,0000,,that the Cisco router translates the packet into a public IP.
Dialogue: 0,0:10:23.44,0:10:25.92,Default,,0000,0000,0000,,Now what we need to do is--we know
Dialogue: 0,0:10:25.92,0:10:28.08,Default,,0000,0000,0000,,traffic comes here on the router, it's
Dialogue: 0,0:10:28.08,0:10:30.00,Default,,0000,0000,0000,,translated, and we need to make sure
Dialogue: 0,0:10:30.00,0:10:32.40,Default,,0000,0000,0000,,traffic can leave the interface. Now, how
Dialogue: 0,0:10:32.40,0:10:33.76,Default,,0000,0000,0000,,do we check that?
Dialogue: 0,0:10:33.76,0:10:36.56,Default,,0000,0000,0000,,Well, usually, if you have the route and there
Dialogue: 0,0:10:36.56,0:10:38.40,Default,,0000,0000,0000,,is no restriction on the interface,
Dialogue: 0,0:10:38.40,0:10:41.12,Default,,0000,0000,0000,,traffic leaves the interface. So let's go
Dialogue: 0,0:10:41.12,0:10:45.36,Default,,0000,0000,0000,,ahead and check that. Do we have any access list?
Dialogue: 0,0:10:45.36,0:10:46.56,Default,,0000,0000,0000,,We don't.
Dialogue: 0,0:10:46.56,0:10:49.04,Default,,0000,0000,0000,,But do we want to put the access list to
Dialogue: 0,0:10:49.04,0:10:50.72,Default,,0000,0000,0000,,make sure traffic leaves the interface?
Dialogue: 0,0:10:50.72,0:10:53.12,Default,,0000,0000,0000,,You know, you can use, probably, packet
Dialogue: 0,0:10:53.12,0:10:54.96,Default,,0000,0000,0000,,capture--if you know how to do that. But
Dialogue: 0,0:10:54.96,0:10:57.76,Default,,0000,0000,0000,,if not, what you can do is do a quick
Dialogue: 0,0:10:57.76,0:10:59.92,Default,,0000,0000,0000,,configuration--show IP access list
Dialogue: 0,0:10:59.92,0:11:01.60,Default,,0000,0000,0000,,extended, for example,
Dialogue: 0,0:11:01.60,0:11:04.32,Default,,0000,0000,0000,,and match our traffic. In our case,
Dialogue: 0,0:11:04.32,0:11:07.84,Default,,0000,0000,0000,,let's say outside
Dialogue: 0,0:11:07.84,0:11:11.36,Default,,0000,0000,0000,,ISP is going to be--no--untold.
Dialogue: 0,0:11:11.36,0:11:14.78,Default,,0000,0000,0000,,Outside outbound--
Dialogue: 0,0:11:15.12,0:11:17.12,Default,,0000,0000,0000,,that's the access list name. And permit
Dialogue: 0,0:11:17.12,0:11:19.51,Default,,0000,0000,0000,,our traffic. What is our traffic?
Dialogue: 0,0:11:19.51,0:11:23.68,Default,,0000,0000,0000,,IP host 192.168.0.10.1
Dialogue: 0,0:11:23.68,0:11:24.96,Default,,0000,0000,0000,,into
Dialogue: 0,0:11:24.96,0:11:27.12,Default,,0000,0000,0000,,Google DNS.
Dialogue: 0,0:11:27.12,0:11:30.56,Default,,0000,0000,0000,,And we want it to be ICMP--but IP will
Dialogue: 0,0:11:30.56,0:11:34.08,Default,,0000,0000,0000,,work as well--but let's do ICMP only.
Dialogue: 0,0:11:34.08,0:11:36.16,Default,,0000,0000,0000,,And now
Dialogue: 0,0:11:36.16,0:11:38.16,Default,,0000,0000,0000,,we want to assign this access list on
Dialogue: 0,0:11:38.16,0:11:40.88,Default,,0000,0000,0000,,the public interface. But remember,
Dialogue: 0,0:11:40.88,0:11:42.40,Default,,0000,0000,0000,,right now the interface doesn't have the
Dialogue: 0,0:11:42.40,0:11:44.16,Default,,0000,0000,0000,,access, which means once you assign this
Dialogue: 0,0:11:44.16,0:11:46.40,Default,,0000,0000,0000,,access list, you'll permit only the
Dialogue: 0,0:11:46.40,0:11:48.32,Default,,0000,0000,0000,,things you have in the access list. And
Dialogue: 0,0:11:48.32,0:11:51.04,Default,,0000,0000,0000,,in our case, that's only the ICMP packet
Dialogue: 0,0:11:51.04,0:11:52.48,Default,,0000,0000,0000,,coming from our computer going to
Dialogue: 0,0:11:52.48,0:11:55.12,Default,,0000,0000,0000,,Google. But for the rest of the users,
Dialogue: 0,0:11:55.12,0:11:57.28,Default,,0000,0000,0000,,we're going to break the Internet--well, if
Dialogue: 0,0:11:57.28,0:11:59.84,Default,,0000,0000,0000,,they have it already. So what we want to do
Dialogue: 0,0:11:59.84,0:12:02.48,Default,,0000,0000,0000,,is add permit any any at the end of
Dialogue: 0,0:12:02.48,0:12:03.96,Default,,0000,0000,0000,,the access list,
Dialogue: 0,0:12:05.68,0:12:07.84,Default,,0000,0000,0000,,which means if we assign this access
Dialogue: 0,0:12:07.84,0:12:10.40,Default,,0000,0000,0000,,list on the outbound interface
Dialogue: 0,0:12:10.40,0:12:12.64,Default,,0000,0000,0000,,for the outbound traffic,
Dialogue: 0,0:12:12.64,0:12:14.96,Default,,0000,0000,0000,,we'll get the match here,
Dialogue: 0,0:12:14.96,0:12:17.04,Default,,0000,0000,0000,,and hit count will increase if the
Dialogue: 0,0:12:17.04,0:12:19.52,Default,,0000,0000,0000,,packet leaves the router. And for the
Dialogue: 0,0:12:19.52,0:12:21.28,Default,,0000,0000,0000,,rest of the traffic--to not block them--
Dialogue: 0,0:12:21.28,0:12:23.44,Default,,0000,0000,0000,,here's the permit ip any any. So let's
Dialogue: 0,0:12:23.44,0:12:27.52,Default,,0000,0000,0000,,go ahead and do: interface GigabitEthernet1,
Dialogue: 0,0:12:27.52,0:12:33.28,Default,,0000,0000,0000,,ip access-group outside-outbound out.
Dialogue: 0,0:12:35.73,0:12:39.36,Default,,0000,0000,0000,,And now--now you see there's a match
Dialogue: 0,0:12:39.36,0:12:41.36,Default,,0000,0000,0000,,on IP and ENA--
Dialogue: 0,0:12:41.36,0:12:43.60,Default,,0000,0000,0000,,probably some kind of, you know,
Dialogue: 0,0:12:43.60,0:12:44.88,Default,,0000,0000,0000,,different traffic coming from the
Dialogue: 0,0:12:44.88,0:12:46.40,Default,,0000,0000,0000,,computer, checking the updates or
Dialogue: 0,0:12:46.40,0:12:47.92,Default,,0000,0000,0000,,something like that. Our traffic
Dialogue: 0,0:12:47.92,0:12:49.76,Default,,0000,0000,0000,,doesn't have the match. Let's generate
Dialogue: 0,0:12:49.76,0:12:52.64,Default,,0000,0000,0000,,the traffic on the computer.
Dialogue: 0,0:12:52.64,0:12:54.64,Default,,0000,0000,0000,,This is our traffic.
Dialogue: 0,0:12:54.64,0:12:56.14,Default,,0000,0000,0000,,One,
Dialogue: 0,0:12:57.12,0:12:58.62,Default,,0000,0000,0000,,two.
Dialogue: 0,0:13:00.88,0:13:01.92,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:13:01.92,0:13:04.24,Default,,0000,0000,0000,,And now let's check if we have the match
Dialogue: 0,0:13:04.24,0:13:06.07,Default,,0000,0000,0000,,on the access list.
Dialogue: 0,0:13:07.68,0:13:09.10,Default,,0000,0000,0000,,We don't.
Dialogue: 0,0:13:10.80,0:13:12.56,Default,,0000,0000,0000,,That's weird.
Dialogue: 0,0:13:12.56,0:13:15.52,Default,,0000,0000,0000,,Isn't our IP address--
Dialogue: 0,0:13:15.52,0:13:19.28,Default,,0000,0000,0000,,oh, oh, I'm sorry. Guys,
Dialogue: 0,0:13:19.28,0:13:22.40,Default,,0000,0000,0000,,this is ridiculous. Remember, we translated
Dialogue: 0,0:13:22.40,0:13:25.20,Default,,0000,0000,0000,,traffic into a public IP, so there's no way
Dialogue: 0,0:13:25.20,0:13:28.48,Default,,0000,0000,0000,,to match the 192.168.1.10
Dialogue: 0,0:13:28.48,0:13:30.48,Default,,0000,0000,0000,,on the egress interface. So we want
Dialogue: 0,0:13:30.48,0:13:32.64,Default,,0000,0000,0000,,to do something else.
Dialogue: 0,0:13:32.64,0:13:35.85,Default,,0000,0000,0000,,Let's go ahead and, you know, fix that.
Dialogue: 0,0:13:38.88,0:13:40.40,Default,,0000,0000,0000,,We want to remove
Dialogue: 0,0:13:40.40,0:13:43.33,Default,,0000,0000,0000,,line 10 and add the new--new line:
Dialogue: 0,0:13:44.64,0:13:47.28,Default,,0000,0000,0000,,ip access-list extended ..., permit icmp host
Dialogue: 0,0:13:47.28,0:13:49.36,Default,,0000,0000,0000,,[our public IP address] host 8.8.8.8. What’s the public IP address of the
Dialogue: 0,0:13:49.36,0:13:56.80,Default,,0000,0000,0000,,router? It is 100.100, I believe. This is the IP address.
Dialogue: 0,0:13:56.80,0:14:00.75,Default,,0000,0000,0000,,And then we are going to ping Google DNS.
Dialogue: 0,0:14:02.00,0:14:04.64,Default,,0000,0000,0000,,Here's the access list. Now--
Dialogue: 0,0:14:06.80,0:14:08.89,Default,,0000,0000,0000,,now we need to
Dialogue: 0,0:14:10.48,0:14:13.44,Default,,0000,0000,0000,,renumber this because it's incorrect.
Dialogue: 0,0:14:13.44,0:14:15.60,Default,,0000,0000,0000,,We want to have permit any any at the end. So:
Dialogue: 0,0:14:15.60,0:14:20.08,Default,,0000,0000,0000,,remove 20, permit ip any any.
Dialogue: 0,0:14:20.96,0:14:23.84,Default,,0000,0000,0000,,And now it's correct. Okay. Now let's ping and
Dialogue: 0,0:14:23.84,0:14:28.38,Default,,0000,0000,0000,,see if the packet leaves the router.
Dialogue: 0,0:14:36.56,0:14:39.84,Default,,0000,0000,0000,,We still don't have the match
Dialogue: 0,0:14:39.84,0:14:42.40,Default,,0000,0000,0000,,on the interface. Okay. Here's the match.
Dialogue: 0,0:14:42.40,0:14:44.72,Default,,0000,0000,0000,,I was like, what's going on?
Dialogue: 0,0:14:44.72,0:14:46.56,Default,,0000,0000,0000,,So we have a match,
Dialogue: 0,0:14:46.56,0:14:49.20,Default,,0000,0000,0000,,and that confirms two things--
Dialogue: 0,0:14:49.20,0:14:51.28,Default,,0000,0000,0000,,not two, actually several:
Dialogue: 0,0:14:51.28,0:14:53.20,Default,,0000,0000,0000,,We have the working gateway for the
Dialogue: 0,0:14:53.20,0:14:56.80,Default,,0000,0000,0000,,Cisco router, so traffic can leave the interface.
Dialogue: 0,0:14:56.80,0:14:59.28,Default,,0000,0000,0000,,Because the match is for the public
Dialogue: 0,0:14:59.28,0:15:01.60,Default,,0000,0000,0000,,IP address, we also know that the traffic
Dialogue: 0,0:15:01.60,0:15:03.60,Default,,0000,0000,0000,,is being translated--so even if you
Dialogue: 0,0:15:03.60,0:15:05.60,Default,,0000,0000,0000,,didn’t check the IP NAT translation, this
Dialogue: 0,0:15:05.60,0:15:07.60,Default,,0000,0000,0000,,confirms that there was a translation
Dialogue: 0,0:15:07.60,0:15:09.76,Default,,0000,0000,0000,,and the private IP address is translated into a
Dialogue: 0,0:15:09.76,0:15:13.20,Default,,0000,0000,0000,,public IP address. And third, the
Dialogue: 0,0:15:13.20,0:15:15.12,Default,,0000,0000,0000,,packet leaves the router.
Dialogue: 0,0:15:15.12,0:15:16.88,Default,,0000,0000,0000,,Okay, now
Dialogue: 0,0:15:16.88,0:15:19.20,Default,,0000,0000,0000,,that's good--it leaves the router. But is it
Dialogue: 0,0:15:19.20,0:15:20.64,Default,,0000,0000,0000,,coming back?
Dialogue: 0,0:15:20.64,0:15:24.88,Default,,0000,0000,0000,,No. It might be coming back, or it might
Dialogue: 0,0:15:24.88,0:15:29.04,Default,,0000,0000,0000,,not be coming back--depends on the problems on the Internet.
Dialogue: 0,0:15:29.04,0:15:30.72,Default,,0000,0000,0000,,So since this video is about
Dialogue: 0,0:15:30.72,0:15:32.40,Default,,0000,0000,0000,,troubleshooting, let's make sure the
Dialogue: 0,0:15:32.40,0:15:34.40,Default,,0000,0000,0000,,traffic is coming back.
Dialogue: 0,0:15:34.40,0:15:36.88,Default,,0000,0000,0000,,And for that, we again can capture the
Dialogue: 0,0:15:36.88,0:15:38.96,Default,,0000,0000,0000,,traffic, or we can assign a similar
Dialogue: 0,0:15:38.96,0:15:41.90,Default,,0000,0000,0000,,access list on the inbound traffic.
Dialogue: 0,0:15:44.96,0:15:49.49,Default,,0000,0000,0000,,Extended--and that would be outside-inbound.
Dialogue: 0,0:15:50.24,0:15:53.12,Default,,0000,0000,0000,,And now what do we want to match here?
Dialogue: 0,0:15:53.12,0:15:55.60,Default,,0000,0000,0000,,We want to match Google DNS as a source
Dialogue: 0,0:15:55.60,0:15:57.20,Default,,0000,0000,0000,,because, remember,
Dialogue: 0,0:15:57.20,0:15:59.68,Default,,0000,0000,0000,,the answer is coming from Google now.
Dialogue: 0,0:15:59.68,0:16:01.92,Default,,0000,0000,0000,,And we want to set the
Dialogue: 0,0:16:01.92,0:16:04.64,Default,,0000,0000,0000,,destination to be our IP
Dialogue: 0,0:16:04.64,0:16:08.96,Default,,0000,0000,0000,,address on the public interface--on the outside interface.
Dialogue: 0,0:16:08.96,0:16:10.88,Default,,0000,0000,0000,,And the protocol is ICMP.
Dialogue: 0,0:16:10.88,0:16:12.32,Default,,0000,0000,0000,,Also, you can use
Dialogue: 0,0:16:12.32,0:16:14.80,Default,,0000,0000,0000,,echo-reply if you want--
Dialogue: 0,0:16:14.80,0:16:18.55,Default,,0000,0000,0000,,not necessary for this purpose, but you can.
Dialogue: 0,0:16:19.28,0:16:22.40,Default,,0000,0000,0000,,Like, if you are troubleshooting with
Dialogue: 0,0:16:22.40,0:16:24.80,Default,,0000,0000,0000,,someone else on the other side and they
Dialogue: 0,0:16:24.80,0:16:26.96,Default,,0000,0000,0000,,are pinging your IP address as well, you
Dialogue: 0,0:16:26.96,0:16:28.88,Default,,0000,0000,0000,,might want to add echo-reply to make
Dialogue: 0,0:16:28.88,0:16:31.36,Default,,0000,0000,0000,,sure this is your reply and not their ping.
Dialogue: 0,0:16:31.36,0:16:33.76,Default,,0000,0000,0000,,But Google is not going to ping us, so
Dialogue: 0,0:16:33.76,0:16:36.97,Default,,0000,0000,0000,,it's okay to not put the echo-reply.
Dialogue: 0,0:16:36.97,0:16:42.16,Default,,0000,0000,0000,,Any ICMP we match here--we know it's our reply from Google DNS.
Dialogue: 0,0:16:42.16,0:16:44.64,Default,,0000,0000,0000,,And now let's permit ip any any because we
Dialogue: 0,0:16:44.64,0:16:47.58,Default,,0000,0000,0000,,don't want to block any other traffic on the interface.
Dialogue: 0,0:16:47.58,0:16:48.56,Default,,0000,0000,0000,,Because right now there's
Dialogue: 0,0:16:48.56,0:16:50.48,Default,,0000,0000,0000,,no access--again, there's no access
Dialogue: 0,0:16:50.48,0:16:52.72,Default,,0000,0000,0000,,list--and if we assign the access list,
Dialogue: 0,0:16:52.72,0:16:55.04,Default,,0000,0000,0000,,we'll block everything that is not
Dialogue: 0,0:16:55.04,0:16:57.28,Default,,0000,0000,0000,,permitted on the access list.
Dialogue: 0,0:16:57.28,0:16:59.92,Default,,0000,0000,0000,,So let's go ahead and configure the
Dialogue: 0,0:16:59.92,0:17:04.48,Default,,0000,0000,0000,,Ethernet--GigabitEthernet1:
Dialogue: 0,0:17:04.48,0:17:08.80,Default,,0000,0000,0000,,ip access-group [access list name]
Dialogue: 0,0:17:08.80,0:17:09.92,Default,,0000,0000,0000,,and
Dialogue: 0,0:17:09.92,0:17:12.00,Default,,0000,0000,0000,,here we use inbound.
Dialogue: 0,0:17:12.00,0:17:13.60,Default,,0000,0000,0000,,Okay. In.
Dialogue: 0,0:17:13.60,0:17:15.36,Default,,0000,0000,0000,,Now
Dialogue: 0,0:17:15.36,0:17:18.00,Default,,0000,0000,0000,,let's check what match we have on the
Dialogue: 0,0:17:18.00,0:17:21.60,Default,,0000,0000,0000,,interface for inbound traffic.
Dialogue: 0,0:17:21.60,0:17:24.18,Default,,0000,0000,0000,,Is there any reply from Google?
Dialogue: 0,0:17:30.72,0:17:32.96,Default,,0000,0000,0000,,And there is a reply.
Dialogue: 0,0:17:32.96,0:17:35.60,Default,,0000,0000,0000,,So we know now that the traffic not only
Dialogue: 0,0:17:35.60,0:17:37.76,Default,,0000,0000,0000,,leaves the router, but it's also coming
Dialogue: 0,0:17:37.76,0:17:40.16,Default,,0000,0000,0000,,back from Google. So the Internet in between--
Dialogue: 0,0:17:40.16,0:17:43.44,Default,,0000,0000,0000,,Google DNS and our ISP--is okay. We
Dialogue: 0,0:17:43.44,0:17:45.44,Default,,0000,0000,0000,,received the traffic, but the
Dialogue: 0,0:17:45.44,0:17:47.76,Default,,0000,0000,0000,,computer still cannot ping that.
Dialogue: 0,0:17:47.76,0:17:49.20,Default,,0000,0000,0000,,How come?
Dialogue: 0,0:17:49.20,0:17:51.92,Default,,0000,0000,0000,,We need the ping on the computer.
Dialogue: 0,0:17:51.92,0:17:54.16,Default,,0000,0000,0000,,So what else is left?
Dialogue: 0,0:17:54.16,0:17:56.72,Default,,0000,0000,0000,,When traffic comes back
Dialogue: 0,0:17:56.72,0:17:58.00,Default,,0000,0000,0000,,to the router--
Dialogue: 0,0:17:58.00,0:18:00.06,Default,,0000,0000,0000,,let me try to draw it here.
Dialogue: 0,0:18:07.68,0:18:09.04,Default,,0000,0000,0000,,When traffic
Dialogue: 0,0:18:09.04,0:18:11.92,Default,,0000,0000,0000,,leaves, okay, we have this traffic.
Dialogue: 0,0:18:11.92,0:18:14.48,Default,,0000,0000,0000,,It left the router,
Dialogue: 0,0:18:14.48,0:18:17.84,Default,,0000,0000,0000,,went to the ISP--not ISP, Google DNS--
Dialogue: 0,0:18:17.84,0:18:20.00,Default,,0000,0000,0000,,and came back. And it comes here. We
Dialogue: 0,0:18:20.00,0:18:23.36,Default,,0000,0000,0000,,have this match on this interface. Now
Dialogue: 0,0:18:23.36,0:18:25.68,Default,,0000,0000,0000,,what's supposed to happen? Well, NAT will
Dialogue: 0,0:18:25.68,0:18:28.08,Default,,0000,0000,0000,,catch the traffic, will check the port
Dialogue: 0,0:18:28.08,0:18:30.16,Default,,0000,0000,0000,,translations, and will figure out--okay,
Dialogue: 0,0:18:30.16,0:18:32.32,Default,,0000,0000,0000,,that's the returning traffic for this
Dialogue: 0,0:18:32.32,0:18:33.76,Default,,0000,0000,0000,,ping. The guy's pinging from the
Dialogue: 0,0:18:33.76,0:18:38.40,Default,,0000,0000,0000,,Windows 7 machine. And now this packet--sorry--
Dialogue: 0,0:18:38.40,0:18:40.32,Default,,0000,0000,0000,,now this packet is supposed to leave this
Dialogue: 0,0:18:40.32,0:18:42.40,Default,,0000,0000,0000,,interface,
Dialogue: 0,0:18:42.40,0:18:46.62,Default,,0000,0000,0000,,okay, to be delivered to the computer.
Dialogue: 0,0:18:46.62,0:18:49.68,Default,,0000,0000,0000,,And let's make sure that is happening.
Dialogue: 0,0:18:49.68,0:18:51.20,Default,,0000,0000,0000,,For that,
Dialogue: 0,0:18:51.20,0:18:53.50,Default,,0000,0000,0000,,what we are going to do is...
Dialogue: 0,0:18:54.32,0:18:55.77,Default,,0000,0000,0000,,we are--
Dialogue: 0,0:18:58.56,0:19:00.40,Default,,0000,0000,0000,,for that, we are going to check if the
Dialogue: 0,0:19:00.40,0:19:03.20,Default,,0000,0000,0000,,traffic leaves the Cisco router.
Dialogue: 0,0:19:03.20,0:19:05.60,Default,,0000,0000,0000,,Again, this is the same as we did on the
Dialogue: 0,0:19:05.60,0:19:07.20,Default,,0000,0000,0000,,outside interface. You can capture
Dialogue: 0,0:19:07.20,0:19:08.88,Default,,0000,0000,0000,,traffic if you know how to capture. If
Dialogue: 0,0:19:08.88,0:19:11.36,Default,,0000,0000,0000,,not, you can assign the interface on the
Dialogue: 0,0:19:11.36,0:19:13.44,Default,,0000,0000,0000,,address. Let's first make sure there is
Dialogue: 0,0:19:13.44,0:19:15.80,Default,,0000,0000,0000,,no access list on the router.
Dialogue: 0,0:19:19.04,0:19:21.20,Default,,0000,0000,0000,,And let's do out.
Dialogue: 0,0:19:22.40,0:19:25.36,Default,,0000,0000,0000,,There is an access list. Okay.
Dialogue: 0,0:19:25.36,0:19:28.36,Default,,0000,0000,0000,,Now, let's check what this access list has in it.
Dialogue: 0,0:19:30.80,0:19:33.52,Default,,0000,0000,0000,,Does it have any match?
Dialogue: 0,0:19:33.52,0:19:36.80,Default,,0000,0000,0000,,It doesn't. But look at this--
Dialogue: 0,0:19:36.80,0:19:39.28,Default,,0000,0000,0000,,this subnet is not what we are expecting
Dialogue: 0,0:19:39.28,0:19:43.28,Default,,0000,0000,0000,,to have because, remember, our subnet is
Dialogue: 0,0:19:43.28,0:19:46.08,Default,,0000,0000,0000,,192.168.0.1,
Dialogue: 0,0:19:46.08,0:19:49.20,Default,,0000,0000,0000,,and here we see 2. So again, the subnet
Dialogue: 0,0:19:49.20,0:19:51.12,Default,,0000,0000,0000,,on the access list is wrong.
Dialogue: 0,0:19:51.12,0:19:53.08,Default,,0000,0000,0000,,Let's try and fix that.
Dialogue: 0,0:20:06.56,0:20:08.64,Default,,0000,0000,0000,,Now it's correct.
Dialogue: 0,0:20:08.64,0:20:12.08,Default,,0000,0000,0000,,So remember, the traffic leaves the router.
Dialogue: 0,0:20:12.08,0:20:15.52,Default,,0000,0000,0000,,So the source here is gonna be any--in
Dialogue: 0,0:20:15.52,0:20:17.60,Default,,0000,0000,0000,,our case, it's Google DNS--and the destination
Dialogue: 0,0:20:17.60,0:20:20.40,Default,,0000,0000,0000,,is our computer. So the access list order,
Dialogue: 0,0:20:20.40,0:20:23.36,Default,,0000,0000,0000,,like from any to subnet, is correct.
Dialogue: 0,0:20:23.36,0:20:26.40,Default,,0000,0000,0000,,And let's see if we can finally ping it.
Dialogue: 0,0:20:29.20,0:20:31.28,Default,,0000,0000,0000,,We still cannot ping it.
Dialogue: 0,0:20:31.28,0:20:32.32,Default,,0000,0000,0000,,Wow.
Dialogue: 0,0:20:32.32,0:20:34.40,Default,,0000,0000,0000,,Let's see what's going on.
Dialogue: 0,0:20:34.40,0:20:36.48,Default,,0000,0000,0000,,Is it leaving the interface?
Dialogue: 0,0:20:41.44,0:20:44.16,Default,,0000,0000,0000,,It is--actually, my bad.
Dialogue: 0,0:20:44.16,0:20:46.32,Default,,0000,0000,0000,,I did 2 again.
Dialogue: 0,0:20:46.80,0:20:49.92,Default,,0000,0000,0000,,Okay, this is wrong.
Dialogue: 0,0:20:52.80,0:20:55.74,Default,,0000,0000,0000,,This is what happens when you rush.
Dialogue: 0,0:20:57.36,0:20:59.52,Default,,0000,0000,0000,,And
Dialogue: 0,0:20:59.52,0:21:02.00,Default,,0000,0000,0000,,actually--10.
Dialogue: 0,0:21:02.00,0:21:06.80,Default,,0000,0000,0000,,And then we need to do 1.
Dialogue: 0,0:21:06.80,0:21:09.52,Default,,0000,0000,0000,,Yeah. Once you remove all lines from
Dialogue: 0,0:21:09.52,0:21:11.12,Default,,0000,0000,0000,,the access list, that access list doesn't work
Dialogue: 0,0:21:11.12,0:21:13.20,Default,,0000,0000,0000,,anymore. So there's no deny any any at the
Dialogue: 0,0:21:13.20,0:21:16.08,Default,,0000,0000,0000,,end if there's no line in the access list.
Dialogue: 0,0:21:16.08,0:21:19.36,Default,,0000,0000,0000,,So as soon as we removed 10, we started
Dialogue: 0,0:21:19.36,0:21:21.68,Default,,0000,0000,0000,,pinging. And then we added the
Dialogue: 0,0:21:21.68,0:21:23.76,Default,,0000,0000,0000,,correct line here,
Dialogue: 0,0:21:23.76,0:21:25.81,Default,,0000,0000,0000,,and we can still ping it.
Dialogue: 0,0:21:26.96,0:21:29.12,Default,,0000,0000,0000,,And we have hit counts.
Dialogue: 0,0:21:29.12,0:21:33.84,Default,,0000,0000,0000,,So this is how you troubleshoot a simple, basic Cisco network.
Dialogue: 0,0:21:33.84,0:21:35.68,Default,,0000,0000,0000,,Not only Cisco networks--pretty much any
Dialogue: 0,0:21:35.68,0:21:38.00,Default,,0000,0000,0000,,network. You need to know what you're
Dialogue: 0,0:21:38.00,0:21:41.04,Default,,0000,0000,0000,,troubleshooting. You need to know how traffic goes,
Dialogue: 0,0:21:41.04,0:21:42.56,Default,,0000,0000,0000,,what gateway you're supposed to have on
Dialogue: 0,0:21:42.56,0:21:44.40,Default,,0000,0000,0000,,the computer. You need to know all the
Dialogue: 0,0:21:44.40,0:21:46.56,Default,,0000,0000,0000,,things to troubleshoot, and
Dialogue: 0,0:21:46.56,0:21:49.04,Default,,0000,0000,0000,,after several months or years, you'll
Dialogue: 0,0:21:49.04,0:21:50.88,Default,,0000,0000,0000,,have enough experience to skip some
Dialogue: 0,0:21:50.88,0:21:52.56,Default,,0000,0000,0000,,of the steps. For example, you might know
Dialogue: 0,0:21:52.56,0:21:54.40,Default,,0000,0000,0000,,the gateway
Dialogue: 0,0:21:54.40,0:21:56.88,Default,,0000,0000,0000,,on the router is correct because you
Dialogue: 0,0:21:56.88,0:21:58.88,Default,,0000,0000,0000,,connected to the router remotely and
Dialogue: 0,0:21:58.88,0:22:01.04,Default,,0000,0000,0000,,from the Internet, so the router most
Dialogue: 0,0:22:01.04,0:22:03.52,Default,,0000,0000,0000,,likely has the default gateway. Or you
Dialogue: 0,0:22:03.52,0:22:05.04,Default,,0000,0000,0000,,might know that
Dialogue: 0,0:22:05.04,0:22:07.52,Default,,0000,0000,0000,,the access list is not supposed to be checked
Dialogue: 0,0:22:07.52,0:22:09.28,Default,,0000,0000,0000,,on the inside device because the user told
Dialogue: 0,0:22:09.28,0:22:14.40,Default,,0000,0000,0000,,you that they can ping the IP address of the gateway.
Dialogue: 0,0:22:14.40,0:22:17.12,Default,,0000,0000,0000,,So many, many things can be skipped based
Dialogue: 0,0:22:17.12,0:22:19.36,Default,,0000,0000,0000,,on your experience. But this is from
Dialogue: 0,0:22:19.36,0:22:21.76,Default,,0000,0000,0000,,starting to the end. You check from the
Dialogue: 0,0:22:21.76,0:22:24.16,Default,,0000,0000,0000,,beginning where you have the problem. You
Dialogue: 0,0:22:24.16,0:22:26.56,Default,,0000,0000,0000,,don't check at the end if the Cisco has
Dialogue: 0,0:22:26.56,0:22:28.40,Default,,0000,0000,0000,,the Internet. First, you make sure you
Dialogue: 0,0:22:28.40,0:22:31.84,Default,,0000,0000,0000,,have everything you need to leave the
Dialogue: 0,0:22:31.84,0:22:34.64,Default,,0000,0000,0000,,area--to leave the subnet. Now, let's see
Dialogue: 0,0:22:34.64,0:22:38.88,Default,,0000,0000,0000,,if we can ping Google--the actual Google website--
Dialogue: 0,0:22:38.88,0:22:40.96,Default,,0000,0000,0000,,directly using DNS.
Dialogue: 0,0:22:40.96,0:22:43.36,Default,,0000,0000,0000,,And we can ping. So if I go
Dialogue: 0,0:22:43.36,0:22:47.76,Default,,0000,0000,0000,,on a browser here, it'll try to open the Google website.
Dialogue: 0,0:22:47.76,0:22:49.87,Default,,0000,0000,0000,,I should be able to open it.
Dialogue: 0,0:22:52.00,0:22:53.44,Default,,0000,0000,0000,,And sure enough,
Dialogue: 0,0:22:53.44,0:22:57.19,Default,,0000,0000,0000,,I can open it. And it works. Perfect.
Dialogue: 0,0:22:57.84,0:23:00.48,Default,,0000,0000,0000,,I hope this was useful for you guys, and
Dialogue: 0,0:23:00.48,0:23:02.40,Default,,0000,0000,0000,,at some point, you'll use it.
Dialogue: 0,0:23:02.40,0:23:03.52,Default,,0000,0000,0000,,That's it.
Dialogue: 0,0:23:03.52,0:23:05.60,Default,,0000,0000,0000,,So guys, if you like these videos, please
Dialogue: 0,0:23:05.60,0:23:07.76,Default,,0000,0000,0000,,like the video and hit the subscribe
Dialogue: 0,0:23:07.76,0:23:09.84,Default,,0000,0000,0000,,button if you want to see more videos
Dialogue: 0,0:23:09.84,0:23:12.32,Default,,0000,0000,0000,,like this. Also, I'm looking for ideas on
Dialogue: 0,0:23:12.32,0:23:14.08,Default,,0000,0000,0000,,what kind of videos to create. So if you
Dialogue: 0,0:23:14.08,0:23:16.00,Default,,0000,0000,0000,,have any idea and you're looking for
Dialogue: 0,0:23:16.00,0:23:18.56,Default,,0000,0000,0000,,some kind of configuration on the Cisco
Dialogue: 0,0:23:18.56,0:23:21.36,Default,,0000,0000,0000,,or similar network, you can put in the
Dialogue: 0,0:23:21.36,0:23:23.12,Default,,0000,0000,0000,,comments what you want to see in the
Dialogue: 0,0:23:23.12,0:23:26.68,Default,,0000,0000,0000,,next video. Thanks for watching, and have a good one.