鸿鹄论坛 › 太阁网络 › 思科静态NAT

闫辉 发表于 2020-12-17 17:11:48

思科静态NAT

https://upload-images.jianshu.io/upload_images/24325874-4315692e3f99b1ed.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


把PC的私有地址转换成 120.1.1.100，不是R1出接口的子网段内的地址，也希望能够通信PC地址配置
https://upload-images.jianshu.io/upload_images/24325874-21529434f667ecb7.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


server配置
https://upload-images.jianshu.io/upload_images/24325874-c2376a06f0cca73f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


R1(config)#int e0/0R1(config-if)#ip add 192.168.10.254 255.255.255.0R1(config-if)#no shutdownR1(config-if)ip nat inside                              把内网接口定义为内网接口
https://upload-images.jianshu.io/upload_images/24325874-7f58504e70e33032.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


R1(config-if)#int e0/1R1(config-if)#ip add 12.1.1.1 255.255.255.0R1(config-if)#no shutdownR1(config-if)ip nat outside把外网接口定义为 外网接口 R1(config)#ip route 0.0.0.0 0.0.0.0 ethernet 0/1 12.1.1.2指定默认路由
https://upload-images.jianshu.io/upload_images/24325874-cd93041e2102399d.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


ISP(config)#int e0/1ISP(config-if)#ip add 12.1.1.2 255.255.255.0ISP(config-if)#no shutdownISP(config-if)#exISP(config)#int e0/0ISP(config-if)#ip add 100.1.1.254 255.255.255.0ISP(config-if)#no shutdown
https://upload-images.jianshu.io/upload_images/24325874-3b81be3f6890af62.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


测试联通性后，写NAT
https://upload-images.jianshu.io/upload_images/24325874-3c03045f9529d224.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


R1(config)#ip nat inside source static 192.168.10.1 120.1.1.100私有地址转换后的公网IP
https://upload-images.jianshu.io/upload_images/24325874-9cad2c062a494285.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


R1(config)#do show ip nat tran查看转换信息
https://upload-images.jianshu.io/upload_images/24325874-b9bdac95d7d8b7c8.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


测试R1 ping server
https://upload-images.jianshu.io/upload_images/24325874-8121f6fa23b23561.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


在测试PCpingserver
https://upload-images.jianshu.io/upload_images/24325874-89ca3fdb9c528dc1.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


不通。不通是因为本身是模拟环境，在ISP没有回包路由。在现网中，通常是有数据中心服务器，然后由边界设备对接园区边界设备。理所当然的也就是一点。在ISP设备里面有回包路由。这里咱们用静态路由模拟，在XCNP实验手册中会带来BGP模拟。ISP(config)#ip route 120.1.1.100 255.255.255.255 e0/1 12.1.1.1
https://upload-images.jianshu.io/upload_images/24325874-70e439830c71789e.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240


这个时候就通了。
https://upload-images.jianshu.io/upload_images/24325874-7ee4f71448c2dc3f.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240

查看完整版本: 思科静态NAT