Home | Mirror | Search

8. NAT

		
需求如下:
CISCO2621路由器需要做NAT地址轉換
內網是192.168.1.0 192.168.2.0 兩個網段上網
外口是218.98.0.1
NAT地址是外口地址


配置:
interface Fastethernet 0/0
ip address 218.98.0.1 255.255.255.0
ip nat outside

interface fastethernet 0/1
ip address 192.168.1.1 255.255.254.0
ip nat inside

ip nat pool aaa 218.98.0.1 218.98.0.1 netmask 255.255.255.0
ip nat inside source list 1 pool aaa
access-list 1 permit 192.168.1.0 0.0.1.255


ip nat pool office 192.168.3.123 192.168.3.123 netmask 255.255.255.0
ip nat inside source list 1 pool office
access-list 1 permit 192.168.3.0 0.0.0.255
		

		

port mapped

		
ip nat inside source static tcp 172.16.1.1 80 192.168.1.3 500 extendable
		
		

show ip nat translation

		
Router#show ip nat translation
		
		

例 5.3. 2911 NAT

interface GigabitEthernet0/1
 description Default-Shenzhen-IPLC-Hongkong-WAN
 ip address 192.168.1.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description Office-1
 ip address 192.168.40.254 255.255.255.240
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/0/1
 description Office-2
 ip address 192.168.50.254 255.255.255.128
 ip nat inside
 ip nat enable
 ip virtual-reassembly in
 duplex auto
 speed auto
!

ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 100 permit ip any any
			

access-list extended

 
ip nat inside source list nat interface FastEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip access-list extended nat
 permit ip any any

ip nat inside source list pat interface FastEthernet0/0/1 overload
!
ip access-list extended pat
 permit ip 192.168.1.0 0.0.0.255 any
			

8.1. IP 映射

			
ena

conf t

ip nat inside source static 192.168.1.4 200.200.200.200

int f0/0

ip nat outside

no shut

int f0/1

ip nat inside

no shut
			
			

8.2. 連接埠映射

			
至少做兩條NAT,因為FTP有兩個連接埠,20,21,一個數據,一個指令

連接埠映射:
ip nat inside source static tcp 192.168.1.4 21 200.200.200.200 21
ip nat inside source static tcp 192.168.1.4 20 200.200.200.200 20

在外網的介面(你的f0/0)上配置
Router(config-if)#ip nat outside(只能有一個出介面)
在內網的介面(你的f0/1)上配置
Router(config-if)#ip nat inside(可以有多個進介面)
			
			

8.3. example 1

cisco上做連接埠映射,要求192.168.0.180:8000和192.168.0.181:8000分別映射外網202.122.111.66的3000和3002連接埠 其他192.168.0.0/24的主機可以上網,具體配置

			
int fa0/0
ip nat inside
int fa0/1
ip nat outside

全局模式:
access-list 10 permit any
ip nat inside source list 10 interface fa0/1 overload

連接埠映射:
ip nat inside source static tcp 192.168.0.180 8000 interface fa0/1 3000
ip nat inside source static tcp 192.168.0.181 8000 interface fa0/1 3002

interface fa0/1是外網的連接埠
			
			
comments powered by Disqus