NAT是网络地址转换(Network Address Translation)的缩写,是属于广域网技术里把私网地址转换成公网地址的一种普遍应用的技术,通过在路由器上配置NAT可以解决IP地址不够用的麻烦,而且可以让私网内的设备免受外网的攻击。下面就是一个通过路由器配置NAT的实例实验,目的、环境和方法都一一列出。
实验目的:
通过配置静态源地址转换,使内网的R4可以访问外网的R5
配置动态源地址转换。使内网的R2可以访问外网的R3
设置R1的f0/0为inside端口,s2/0为outside端口。
实验环境:
拓扑图如上,R1的S2/0口与R3,R5通过FRAME-RELAY交换机连接形成外网。R1的F0/0口通过局域网交换机与R2,R4连接形成内网。
配置实例
R1
conf t
ip nat inside source static 1.1.2.4(local) 1.1.3.5(global) /*静态源地址转换
ip nat pool pool1 1.1.3.2 1.1.3.3(global ip) prefix-length 24 /*创建地址池,动态源地址转换
ip nat inside source list 1 pool pool1 /*使ACL与地址池对应
access-list 1 permit 1.1.2.0 0.0.0.255
int f 0/0
ip ad 1.1.2.1 255.255.255.0
ip nat inside /*配置f0/0为inside端口
no shut
exit
int s2/0
ip ad 1.1.3.1 255.255.255.0
encap frame
no arp f
no frame inver
frame map ip 1.1.3.3 103 b
frame map ip 1.1.3.5 105 b
ip nat outside /*配置s2/0为outside端口
no shut
end
R2
conf t
int f 0/0
ip ad 1.1.2.2 255.255.255.0
no shut
end
R3
conf t
int s2/0
ip ad 1.1.3.3 255.255.255.0
encap frame
no arp f
no frame inver
frame map ip 1.1.3.1 301 b
no shut
end
R4
conf t
int f 0/0
ip ad 1.1.2.4 255.255.255.0
no shut
end
R5
conf t
int s2/0
ip ad 1.1.3.5 255.255.255.0
encap frame
no arp f
no frame inver
frame map ip 1.1.3.1 501 b
no shut
end
校验
R1#sh ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial2/0
Inside interfaces:
FastEthernet0/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool pool1 refcount 0
pool pool1: netmask 255.255.255.0
start 1.1.3.2 end 1.1.3.3
type generic, total addresses 2, allocated 0 (0%), misses 0
R1#sh ip nat t
Pro Inside global Inside local Outside local Outside global
--- 1.1.3.5 1.1.2.4 --- --- |