在R1通过动态NAT实现企业内网192.160.1.0/24转换为公网地址12.1.1.3-12.1.1.6,访问192.160.2.1
网络拓扑如图:
R1:fa 0/0 12.1.1.1/29, fa 1/0 192.160.1.254/24
PC1:192.160.1.1/24,PC2:192.160.1.2/24
R2:fa 0/0 12.1.1.2/29,fa 1/0 192.160.2.254/24
PC3:192.160.2.1/24
R1>enable
configure terminal
interface fa 0/0
no shutdown
ip address 12.1.1.1 255.255.255.248
interface fa 1/0
no shutdown
ip address 192.160.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 fa 0/0把所有对外出口甩给fa 0/0端口(静态路由)
R2>enable
configure terminal
interface fa 0/0
no shutdown
ip address 12.1.1.2 255.255.255.248
interface fa 1/0
no shutdown
ip address 192.160.2.254 255.255.255.0
R1>
access-list 1 permit 192.160.1.0 0.0.0.255 标准ACL 1允许1.0网段通过路由表
ip nat pool xxwj 12.1.1.3 12.1.1.6 netmask 255.255.255.248
定义名为xxwj 的全局地址池进行分配为1.3-1.6网段
ip nat inside source list 1 pool xxwj
建立动态源转换,源list 1 的IP段转换为 地址池xxwj 的IP段
interface fa 0/0
ip nat outside
interface fa 1/0
ip nat inside
exit
用PC1和PC2 ping 192.160.2.1
再在R1上用 show ip nat translations 查看 活动的转换
发现己经转换成1.3 和 1.4了.
Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 12.1.1.3:15 192.160.1.1:15 192.160.2.1:15 192.160.2.1:15
icmp 12.1.1.3:16 192.160.1.1:16 192.160.2.1:16 192.160.2.1:16
icmp 12.1.1.3:17 192.160.1.1:17 192.160.2.1:17 192.160.2.1:17
icmp 12.1.1.3:18 192.160.1.1:18 192.160.2.1:18 192.160.2.1:18
icmp 12.1.1.4:21 192.160.1.2:21 192.160.2.1:21 192.160.2.1:21
icmp 12.1.1.4:22 192.160.1.2:22 192.160.2.1:22 192.160.2.1:22
icmp 12.1.1.4:23 192.160.1.2:23 192.160.2.1:23 192.160.2.1:23
icmp 12.1.1.4:24 192.160.1.2:24 192.160.2.1:24 192.160.2.1:24
动态生成了转换IP了。