Cisco NAT 配置文档1-动态NAT

 

 

RT0:                                  RT1:

   LAN192.168.0.0/24                      LAN:192.168.1.0/24

   WAN: 10.0.0.1-10.0.0.5/8                   WAN:10.0.0.5/8

 

RT0:配置

配置命令很简单,主要是在实验环境中要模拟Internet网络环境,选择了route rip ,或者是ospf也可以;

 

Config#interface fastEthernet 0/0 ip address 10.0.0.1 255.0.0.0

     #no shutdown //配置外网口的ip地址并打开接口

Config#interface fastEthernet e1/0 ip address 192.168.0.254 255.255.255.0

     #no shutdown//配置内网接口地址,并打开;

(config)#access-list 1 permit 192.168.0.0 0.255.255.255 //访问控制列表,定义内网的ip地址段

config#ip nat pool NAT 10.0.0.1 10.0.0.5 netmask 255.0.0.0//定义外网网络地址池,(如果有多个地址池,可依次添加)

config#ip nat inside source list 1 pool NAT overload //实现网络地址转换,config下将access-list指定的所有私网地址通过地址池进行转换

config#interface f0/0

         #ip nat outside//定义外部接口

         #interface e1/0

         #ip nat inside //定义内部接口

此时nat 配置结束;

Building configuration...

 

Current configuration : 991 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

interface FastEthernet0/0

 ip address 10.0.0.1 255.0.0.0

 ip nat outside

 duplex auto

 speed auto

!

interface FastEthernet0/1

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/0

 ip address 192.168.0.254 255.255.255.0

 ip nat inside

 duplex auto

 speed auto

!

interface Ethernet1/1

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/2

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/3

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Vlan1

 no ip address

 shutdown

!

router rip

 version 2

 network 10.0.0.0

 no auto-summary

!

ip nat pool NAT 10.0.0.1 10.0.0.5 netmask 255.0.0.0

ip nat inside source list 1 pool NAT

ip classless

!

!

access-list 1 permit 192.0.0.0 0.255.255.255

line con 0

line vty 0 4

 login

End

 

RT1:

 

Building configuration...

 

Current configuration : 826 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

interface FastEthernet0/0

 ip address 10.0.0.5 255.0.0.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/0

 ip address 192.168.1.254 255.255.255.0

 duplex auto

 speed auto

!

interface Ethernet1/1

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/2

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Ethernet1/3

 no ip address

 duplex auto

 speed auto

 shutdown

!

interface Vlan1

 no ip address

 shutdown

!

router rip

 version 2

 network 10.0.0.0

 no auto-summary

!

ip classless

line con 0

line vty 0 4

 login

end

 

验证:

Total translations: 0 (0 static, 0 dynamic, 0 extended)

Outside Interfaces: FastEthernet0/0

Inside Interfaces: Ethernet1/0

Hits: 7  Misses: 22

Expired translations: 15

Dynamic mappings:

-- Inside Source

access-list 1 pool NAT refCount 0

 pool NAT: netmask 255.0.0.0

       start 10.0.0.1 end 10.0.0.5

       type generic, total addresses 5 , allocated 0 (0%), misses 0

NAT:外出

Router#show ip nat t

Pro  Inside global     Inside local       Outside local      Outside global

icmp 10.0.0.1:34       192.168.0.1:34     10.0.0.5:34        10.0.0.5:34

icmp 10.0.0.1:35       192.168.0.1:35     10.0.0.5:35        10.0.0.5:35

icmp 10.0.0.1:36       192.168.0.1:36     10.0.0.5:36        10.0.0.5:36

icmp 10.0.0.1:37       192.168.0.1:37     10.0.0.5:37        10.0.0.5

 

#debug ip nat

Router#debug ip nat

IP NAT debugging is on

Router#

NAT: s=192.168.0.1->10.0.0.1, d=10.0.0.5 [38]

 

NAT*: s=10.0.0.5, d=10.0.0.1->192.168.0.1 [13]

 

NAT: s=192.168.0.1->10.0.0.1, d=10.0.0.5 [39]

 

NAT*: s=10.0.0.5, d=10.0.0.1->192.168.0.1 [14]

 

NAT: s=192.168.0.1->10.0.0.1, d=10.0.0.5 [40]

 

NAT*: s=10.0.0.5, d=10.0.0.1->192.168.0.1 [15]

 

NAT: s=192.168.0.1->10.0.0.1, d=10.0.0.5 [41]

 

NAT*: s=10.0.0.5, d=10.0.0.1->192.168.0.1 [16]: