This post is regarding solution or answer to Packet Tracer Activity 8.6.1 CCNA Skills Integration Challenge. I will share the solution and some notes or tips how to get 100% in this packet tracer activity. It is normal for you not to get 100% in this packet tracer activity as it contains some mistakes and some information which the activity doesn’t tell you directly through the instructions. You may need to check results to know which information is left behind in the instructions. To make this thing more easier, so in this post i will provide you with correct information so you can solve this packet activity problem.
The first mistake which this packet tracer activity doesn’t tell you is on Task 3 configure static and dynamic NAT on HQ. The instruction in this packet tracer activity left behind the pool name which is NAT_LIST. You will not be able to get 100% if you do not named the access list (numbered access list) or you named it too something else. You will noticed this information if you check the results on NAT.
The second mistake in this packet tracer activity is on Task 7 Configure VTP, Trunking, the VLAN intreface, and VLANS. In the instructions given, it tells the VTP domain for this packet tracer activity is XYZCORP. The right domain name is xyzcorp. Noted that the xyzcorp is written in small letter instead of capital letter. You can confirmed this by using check results function.
This mistake is one of biggest mistake done in packet tracer activity. The mistake is on Task 11 Configure Firewall ACL. If you check the server www.xyzcorp.com ip address is 184.108.40.206. So if you want to permit port web access to the server, you might input something like permit tcp any host 220.127.116.11 eq www. However to get 100% in this packet tracer activity, you should use ip address 18.104.22.168. You will get 100% for this packet tracer activity. However please note that 22.214.171.124 is perfectly wrong. You won’t be able to access the web server from outside network using this ip address. Yes, you might try to change the ip address of www.xyzcorp.com server. I never try this method, but theoretically it should work. Just remember if you change the ip address ww.xyzcorp.com server, you might want to want to change the ip address of www.xyzcorp.com at the DNS server too.
Below is the complete command for FIREWALL access list.
Extended IP access list FIREWALL
permit tcp any host 126.96.36.199 eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any
You may download and try yourself Packet Tracer Activity 8.6.1
If you need the 100% solution, you can download the Packet Tracer Activity 8.6.1 Answer 100%