网络地址转换NAT2

网络地址转换NAT2 拓扑图的构建: # Simple lab autostart = false [localhost] [[7200]] image = C:\Program Files\Dynamips\images\unzip-c7200-js-mz.123-20.bin ram = 128 nvram = 96 disk0 = 64 disk1 = 64 npe = npe-400 confreg = 0x2102 #idlepc = 0x60490168(3640) #idlepc = 0x6068802c exec_area = 16 [[ROUTER R1]] model = 7200 s1/0 = R2 s1/0 [[ROUTER R2]] model = 7200 先给出基本配置: Router>en Router#conf t Router(config)#host R1 R1(config)#no ip domain-lo R1(config)#line con 0 R1(config-line)#logg syn R1(config-line)#exec-time 0 0 R1(config-line)#exit R1(config)# R1(config)# R1(config)# R1(config)#int lo0 R1(config-if)#ip add 10.1.1.1 255.255.255.0 R1(config-if)#ip add 10.1.1.2 255.255.255.0 secondary R1(config-if)#ip add 10.1.1.3 255.255.255.0 secondary R1(config-if)#ip add 10.1.1.4 255.255.255.0 secondary R1(config-if)#exit R1(config)# R1(config)#int s1/0 R1(config-if)#ip add 20.1.1.1 255.255.255.0 R1(config-if)#clockrate 64000 R1(config-if)#no shut R1(config-if)#exit Router>en Router#conf t Router(config)#host R2 R2(config)#no ip domain-lo R2(config)#line con 0 R2(config-line)#logg syn R2(config-line)#exec-time 0 0 R2(config-line)#exit R2(config)# R2(config)# R2(config)# R2(config)#int lo0 R2(config-if)#ip add 30.1.1.1 255.255.255.0 R2(config-if)#exit R2(config)# R2(config)#int s1/0 R2(config-if)#ip add 20.1.1.2 255.255.255.0 R2(config-if)#clockrate 64000 R2(config-if)#no shut 接下来，在R1和R2上创建路由条目确保网络畅通: R1(config)#ip route 30.1.1.0 255.255.255.0 20.1.1.2 R2(config)#ip route 80.1.1.0 255.255.255.0 20.1.1.1(注意目的地址为80.1.1.0/24，这是外部地址) 开始做NAT如下: 10.1.1.1 静态NAT转换到80.1.1.1 10.1.1.2和10.1.1.3 动态NAT转换到80.1.1.2-80.1.1.6 10.1.1.4执行PAT到20.1.1.1 R1(config)#int lo0 R1(config-if)#ip nat inside R1(config-if)#exit R1(config)# R1(config)#int s1/0 R1(config-if)#ip nat outside R1(config-if)#exit R1(config)# R1(config)#ip nat inside source static 10.1.1.1 80.1.1.1 R1(config)# R1(config)# R1(config)#access-list 10 permit host 10.1.1.2 R1(config)#access-list 10 permit host 10.1.1.3 R1(config)# R1(config)#ip nat pool cisco 80.1.1.2 80.1.1.6 netmask 255.255.255.0 R1(config)# R1(config)#ip nat inside source list 10 pool cisco R1(config)# R1(config)# R1(config)#access-list 11 permit host 10.1.1.4 R1(config)# R1(config)#ip nat inside source list 11 int s1/0 overload R1(config)# 测试如下: R1#ping 30.1.1.1 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/40 ms R1#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 80.1.1.1 10.1.1.1 --- --- (这点尤其需要注意，接口以主接口为发源地) R1#ping 30.1.1.1 source 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/36 ms R1#ping 30.1.1.1 source 10.1.1.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.3 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/48 ms R1#ping 30.1.1.1 source 10.1.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.4 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/30/76 ms R1#show ip nat translations Pro Inside global Inside local Outside local Outside global --- 80.1.1.1 10.1.1.1 --- --- --- 80.1.1.2 10.1.1.2 --- --- --- 80.1.1.3 10.1.1.3 --- --- icmp 20.1.1.1:4 10.1.1.4:4 30.1.1.1:4 30.1.1.1:4 R1# (以上可以发现只有执行PAT的机器才会列出所使用的) 结束。