The DNS server on the Inside_User is configured as 8.8.8.8:Ĩ.8.8.8 is the IP address of the Web/DNS_Server which has its DNS service turned on and an A record for pointing to 8.8.8.8: To be able to open this URL, the host will contact its DNS server for the IP address associated with the FQDN. The task also requires that the Inside_User be able to open a web page to. While the ping is still running, we can view the translation entry on the ASA using the show xlate command:Ĭool.
![ccna security packet tracer labs ccna security packet tracer labs](http://freeccnalab.com/wp-content/uploads/2013/08/discontigous-areas.jpg)
If we look at the ICMP debug output on the Outside_RTR, we see that replies are being sent to 192.0.2.1, which is the outside interface IP address of the ASA: With this configuration, let’s try to ping from the Inside_User again: The configuration on the Cisco ASA to achieve this is as follows: object network INSIDE Port Address Translation (PAT), also known as NAT Overload on the Cisco IOS, is a way to translate multiple IP addresses to just one IP address and this is what is required by this task. Since private IP addresses are not routable over the Internet, then the most suitable option in this scenario is to use NAT to translate the private IP addresses to a public address. Therefore, we either sort out the routing or configure NAT.
#Ccna security packet tracer labs how to#
With the current state of our lab, a ping from the Inside_User to the Outside_RTR will not be successful, not because the ping traffic is not getting to its destination, but because the Outside_RTR does not know how to get back to the source of the traffic: Ensure that only HTTP and HTTPS traffic from external (outside) devices are allowed to the Web_Server.