关于NAT的原理不多强调;
在这里特别强调:(EASY IP)
EasyIP:即网络地址端口转换,多个内部IP地址映射到同一个外部IP地址。“EasyIP”NAT可为每个内部连接动态分配一个与单一外部地址有关的端口,并维护这些内部连接到外部端口的映射,从而实现多个用户同时使用一个公网地址与外部Internet进行通信。---相当于cisco的基于接口的PAT
拓朴如下:
IP如下,拓朴是上面的,IP配置是下面的:
本实验只用R1 R2和R3
EASY IP的实现:
在R2上:
访问控制列表定义相关的流量
#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 172.16.0.0 0.0.255.255
#
在R2的S0/2/2下:
nat outbound 2000
动态的NAT
在R2做如下操作:
定义地址池:
#
nat address-group 1 192.168.2.3 192.168.2.10
#
定义访问控制列表
#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 172.16.0.0 0.0.255.255
#
在R2的S0/2/2下:
nat outbound 2000 address-group 1
在R1测试结果如下
[RT1]ping -c 1 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=254 time=4 ms
--- 192.168.2.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/4/4 ms
R2看转换的结果:
[RT2]display nat session
There are currently 3 NAT sessions:
Protocol GlobalAddr Port InsideAddr Port DestAddr Port
1 192.168.2.4 12289 192.168.1.1 3072 192.168.2.2 3072
×××: 0, status: 11, TTL: 00:01:00, Left: 00:00:23
实现静态NAT(r2):
nat static 172.16.4.1 192.168.2.254
在R2的S0/2/2下:
nat outbound static
在R3上PING 全局地址:
[RT3]ping -c 1 192.168.2.254
PING 192.168.2.254: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.254: bytes=56 Sequence=1 ttl=254 time=20 ms
--- 192.168.2.254 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/20/20 ms
相关视频:
http://down.51cto.com/data/134312
http://down.51cto.com/data/134311
http://down.51cto.com/data/134310
http://down.51cto.com/data/134309
http://down.51cto.com/data/134307
http://down.51cto.com/data/134306
http://down.51cto.com/data/134305
