华为动态NAT
https://upload-images.jianshu.io/upload_images/24325874-3d6c74c72f11ec2c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240配置对应的地址。PC1 192.168.10.101PC2 192.168.10.102 R1 192.168.10.25412.1.1.1ISP12.1.1.2 100.1.1.254Server 100.1.1.1
int g0/0/0ip add 12.1.1.2 24int g0/0/1ip add 100.1.1.254 24
https://upload-images.jianshu.io/upload_images/24325874-770aac5fbf87a40e.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
int g0/0/1ip add 192.168.10.254 24int g0/0/0ip add 12.1.1.1 24
https://upload-images.jianshu.io/upload_images/24325874-7f856769c3dbe5ee.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
写一条缺省路由去往ISP
https://upload-images.jianshu.io/upload_images/24325874-387ffdc02b0ab4db.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
创建一个地址池,命名为7
https://upload-images.jianshu.io/upload_images/24325874-bf5d3b8ac6bd7725.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
acl number 2000 创建标准ACLrule 10 permit source 192.168.10.0 0.0.0.255使用规则10抓取要转换的网段q
https://upload-images.jianshu.io/upload_images/24325874-5e0964be1a9050ac.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
int g 0/0/0nat outbound 2000 address-group 7 no-pat
https://upload-images.jianshu.io/upload_images/24325874-3a6e21bb2831e096.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
内网IP满足 ACL2000后,就会通过7号地址池的公有地址做源地址转换no pat不给你提供副用功能。只能做一对一的转换,做PAT可以后面不带 no-patdisp nat address-group查看地址池里面包含那些地址
https://upload-images.jianshu.io/upload_images/24325874-513b1cd5db131928.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
disp nat outbound NAT出口
https://upload-images.jianshu.io/upload_images/24325874-c35dc513c31ef847.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
现在就可以ping通了,但是延迟会很大,容易丢包
https://upload-images.jianshu.io/upload_images/24325874-9204d49c8dfb536d.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240
抓包发现每ping一次共有源IP都会改变,真机不会这样。
页:
[1]