需求如下: CISCO2621路由器需要做NAT地址轉換 內網是192.168.1.0 192.168.2.0 兩個網段上網 外口是218.98.0.1 NAT地址是外口地址 配置: interface Fastethernet 0/0 ip address 218.98.0.1 255.255.255.0 ip nat outside interface fastethernet 0/1 ip address 192.168.1.1 255.255.254.0 ip nat inside ip nat pool aaa 218.98.0.1 218.98.0.1 netmask 255.255.255.0 ip nat inside source list 1 pool aaa access-list 1 permit 192.168.1.0 0.0.1.255 ip nat pool office 192.168.3.123 192.168.3.123 netmask 255.255.255.0 ip nat inside source list 1 pool office access-list 1 permit 192.168.3.0 0.0.0.255
port mapped
ip nat inside source static tcp 172.16.1.1 80 192.168.1.3 500 extendable
show ip nat translation
Router#show ip nat translation
例 5.3. 2911 NAT
interface GigabitEthernet0/1 description Default-Shenzhen-IPLC-Hongkong-WAN ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet0/0/0 description Office-1 ip address 192.168.40.254 255.255.255.240 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface FastEthernet0/0/1 description Office-2 ip address 192.168.50.254 255.255.255.128 ip nat inside ip nat enable ip virtual-reassembly in duplex auto speed auto ! ip nat inside source list 100 interface GigabitEthernet0/1 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! access-list 100 permit ip any any
access-list extended
ip nat inside source list nat interface FastEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ip access-list extended nat permit ip any any ip nat inside source list pat interface FastEthernet0/0/1 overload ! ip access-list extended pat permit ip 192.168.1.0 0.0.0.255 any
ena conf t ip nat inside source static 192.168.1.4 200.200.200.200 int f0/0 ip nat outside no shut int f0/1 ip nat inside no shut
至少做兩條NAT,因為FTP有兩個連接埠,20,21,一個數據,一個指令 連接埠映射: ip nat inside source static tcp 192.168.1.4 21 200.200.200.200 21 ip nat inside source static tcp 192.168.1.4 20 200.200.200.200 20 在外網的介面(你的f0/0)上配置 Router(config-if)#ip nat outside(只能有一個出介面) 在內網的介面(你的f0/1)上配置 Router(config-if)#ip nat inside(可以有多個進介面)
cisco上做連接埠映射,要求192.168.0.180:8000和192.168.0.181:8000分別映射外網202.122.111.66的3000和3002連接埠 其他192.168.0.0/24的主機可以上網,具體配置
int fa0/0 ip nat inside int fa0/1 ip nat outside 全局模式: access-list 10 permit any ip nat inside source list 10 interface fa0/1 overload 連接埠映射: ip nat inside source static tcp 192.168.0.180 8000 interface fa0/1 3000 ip nat inside source static tcp 192.168.0.181 8000 interface fa0/1 3002 interface fa0/1是外網的連接埠