R1:
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
ip nat outside //设置为外部连接端口
ip virtual-reassembly
serial restart-delay 0
!
interface FastEthernet1/0
ip address 192.1.1.1 255.255.255.0
ip nat inside //设置为内部连接端口
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 192.1.2.1 255.255.255.0
ip nat inside //设置为内部连接端口
ip virtual-reassembly
duplex auto
speed auto
!
R2:
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
ip nat outside //设置为外部连接端口
ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
ip address 172.16.1.2 255.255.255.0
serial restart-delay 0
!
interface FastEthernet1/0
ip address 172.1.1.1 255.255.255.0
ip nat inside //设置为内部连接端口
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 172.1.2.1 255.255.255.0
ip nat inside //设置为内部连接端口
ip virtual-reassembly
duplex auto
speed auto
pc1:
interface FastEthernet0/0
ip address 192.1.1.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 192.1.1.1
pc2:
interface FastEthernet0/0
ip address 192.1.2.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 192.1.2.1
pc3:
interface FastEthernet0/0
ip address 172.1.1.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 172.1.1.1
pc4:
interface FastEthernet0/0
ip address 172.1.2.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 172.1.2.1
首先配置一对一的静态NAT
R1(config)#ip nat inside source static 192.1.1.2 10.1.1.3 //静态一对一转换
R1(config)#ip nat inside source static 192.1.2.2 10.1.1.4
R2(config)#ip nat inside source static 172.1.1.2 10.1.1.5
R2(config)#ip nat inside source static 172.1.2.2 10.1.1.6
pc1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/48/172 ms
pc1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/69/164 ms
pc2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/40/144 ms
pc2#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/63/144 ms
看一下转换的情况
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 10.1.1.3 192.1.1.2 --- ---
icmp 10.1.1.4:11 192.1.2.2:11 10.1.1.2:11 10.1.1.2:11
--- 10.1.1.4 192.1.2.2 --- ---
R1#sh ip nat statistics ip nat的基本状态
Total active translations: 3 (2 static, 1 dynamic; 1 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
FastEthernet1/0, FastEthernet2/0
Hits: 49 Misses: 11
CEF Translated packets: 56, CEF Punted packets: 8
Expired translations: 10
Dynamic mappings:
Queued Packets: 0
下面配置动态NAT转换
R1(config)#access-list 1 permit 192.1.1.0 0.0.0.255
R1(config)#access-list 1 permit 192.1.2.0 0.0.0.255 //配置访问列表
R1(config)#ip nat pool cisco 10.1.1.3 10.1.1.4 prefix-length 24 //配置NAT的地址池
R1(config)#ip nat inside source list 1 pool cisco //将内网地址动态转换
pc1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/45/136 ms
pc1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/76/224 ms
pc2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/78/244 ms
pc2#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/52/160 ms
看一下转换情况,转换成功
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 10.1.1.3 192.1.1.2 --- ---
icmp 10.1.1.4:20 192.1.2.2:20 10.1.1.2:20 10.1.1.2:20
--- 10.1.1.4 192.1.2.2 --- ---
最后配置一下PAT
R2(config)#access-list 1 permit 172.1.1.0 0.0.0.255
R2(config)#access-list 1 permit 172.1.2.0 0.0.0.255
R2(config)#ip nat pool onlyone 10.1.1.10 10.1.1.10 prefix-length 24
R2(config)#ip nat inside source list 1 pool onlyone overload //转换为超载地址
pc3#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/64/216 ms
pc3#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/40/128 ms
pc4#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/70/196 ms
pc4#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/46/124 ms
看一下PAT的转换情况,同一个超载地址,用不同的端口
R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.1.1.10:4 172.1.1.2:4 10.1.1.1:4 10.1.1.1:4
icmp 10.1.1.10:5 172.1.2.2:5 10.1.1.1:5 10.1.1.1:5
转载于:https://blog.51cto.com/cbbzyj/404614
扫一扫
913
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
