NAT技术的出现是为了缓解IPv4地址空间不足的问题。它可以将局域网内的私有IP地址以三种方式(Static NAT\ Dynamic NAT\ PAT)转换为公网地址,实现与互联网的通信。
今天我们复习一下动态地址转换吧(Dynamic NAT)
Dynamic NAT就是我们创建一个公网IP地址池(NAT pool--inside global),然后设定ACL指定要转换的局域网IP范围(inside local),待配置完成以后,局域网内指定的私有IP主机如需上网就从地址池中选一个公网地址当成自己的映射地址,外网和他通信看到的地址就是从地址池中选的那个公网ip了。记得,在配置NAT连接局域网内的接口上设置ip nat inside,连接公网的那个接口上配置ip nat outside。
关键命令:
access-list 10 permit 192.168.1.1 0.0.0.0
access-list 10 permit 192.168.1.2 0.0.0.0
ip nat pool tiger 198.10.1.1 198.10.1.2 netmask 255.255.255.0
ip nat inside source list 10 pool tiger
access-list 10 permit 192.168.1.1 0.0.0.0
access-list 10 permit 192.168.1.2 0.0.0.0
ip nat pool tiger 198.10.1.1 198.10.1.2 netmask 255.255.255.0
ip nat inside source list 10 pool tiger
开始吧,画一张最简单的拓扑图:
配置命令如下:
Router 0:
Router_0#sh run
Building configuration...
Building configuration...
Current configuration : 802 bytes
!
version 12.3
no service password-encryption
!
hostname Router_0
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 198.10.1.100 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool tiger 198.10.1.1 198.10.1.2 netmask 255.255.255.0
ip nat inside source list 10 pool tiger
ip classless
ip route 0.0.0.0 0.0.0.0 198.10.1.101
!
access-list 10 permit host 192.168.1.1
access-list 10 permit host 192.168.1.2
!
!
ip dhcp pool zwin
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
line con 0
password cisco
login
line vty 0
password cisco
login
line vty 1 4
login
!
!
end
!
version 12.3
no service password-encryption
!
hostname Router_0
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 198.10.1.100 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool tiger 198.10.1.1 198.10.1.2 netmask 255.255.255.0
ip nat inside source list 10 pool tiger
ip classless
ip route 0.0.0.0 0.0.0.0 198.10.1.101
!
access-list 10 permit host 192.168.1.1
access-list 10 permit host 192.168.1.2
!
!
ip dhcp pool zwin
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
line con 0
password cisco
login
line vty 0
password cisco
login
line vty 1 4
login
!
!
end
Router1配置:
Router_1#sh run
Building configuration...
Building configuration...
Current configuration : 544 bytes
!
version 12.3
no service password-encryption
!
hostname Router_1
!
!
!
!
interface FastEthernet0/0
ip address 198.10.1.101 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
ip dhcp excluded-address 200.0.0.100 200.0.0.160
!
ip dhcp pool hh
network 200.0.0.0 255.255.255.0
default-router 200.0.0.1
dns-server 200.0.0.2
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
!
!
end
好了,配置结束了,验证一下。
!
version 12.3
no service password-encryption
!
hostname Router_1
!
!
!
!
interface FastEthernet0/0
ip address 198.10.1.101 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
ip dhcp excluded-address 200.0.0.100 200.0.0.160
!
ip dhcp pool hh
network 200.0.0.0 255.255.255.0
default-router 200.0.0.1
dns-server 200.0.0.2
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
!
!
end
好了,配置结束了,验证一下。
PC0 ping 200.0.0.2 (那个服务器)
在路由器0上看看NAT状态吧
好了,成功了。
祝大家开心啊!
本文转自 tiger506 51CTO博客,原文链接:http://blog.51cto.com/tiger506/84324,如需转载请自行联系原作者
