思科 配置NAT PNAT 端口映射

      

思路及步骤：

            1.配置PC1 的ip：192.168.10.1 255.255.255.0

            

                 配置PC2 的ip：192.168.10.2 255.255.255.0

                    

                2.配置R3的0端口网关：192.168.10.254 255.255.255.0

                    配置R3的1端口ip：100.1.1.1 255.255.255.0

                        

                   3. 配置R4的1端口ip：100.1.1.2 255.255.255.0 

                        配置R4的0端口ip：200.1.1.1 255.255.255.0

                                

                    4. 配置R5的1端口ip：200.1.1.2 255.255.255.0

                                

                        5.在R3全局配置模式下配置浮动静态路由：

                                ip route 0.0.0.0 0.0.0.0 100.1.1.2

                                    

                            

                 6.在R4全局配置模式下 配置RIP

                               router rip

                               version 2

                               no auto-summary

                               network 100.0.0.0

                               network 200.1.1.0

                               passive-interface g1/0

                        

                

                7.在R5全局模式下   配置RIP

                         router rip

                          version 2

                         no auto-summayr

                         network 200.1.1.0

                        

                

                8.确定NAT的边界 在R3全局模式下配置：

                        interface g1/0

                        ip nat inside

                        interface g2/0

                        ip nat  ouside

                            

                    9.在R3全局配置模式下(

                        配置：ip nat inside sourse static 192.168.10.1 100.1.1.1

                                

                        或配置：ip nat inside sourse static 192.168.10.2 100.1.1.1

                                

                10.    pc机1或2 可以ping R5

                            pc1：

                                

                            pc2：

                                

                        

=========================================================================================================

配置PNAT:

        思路及步骤：

                    步骤1--8 与配置NAT的步骤相同

                        9.在R3全局配置模式下           

                            配置：access-list 1 permit 192.168.10.0 0.0.0.255(通配符）

                            ip nat inside sourse list 1 interfaceg1/0(外网端口）

                            

                    

                10.测试：   pc1和pc2 都可ping通 R5

                            pc1:

                                

                               pc2:

                                  

                           11.验证：

                                11.1     show ip nat statistics

                                    

                                11.2      show ip access-list

                                    

                                11.3  show ip nat translation(未ping之前 无任何显示  ping通之后就会显示）

                                        ping之前：

                                                

                                        ping之后：

                                                

                                11.4  特权模式下 启用抓包功能

                                            debug ip nat

                                                

=========================================================================================================

    端口映射：

            首先要配置好PNAT  所有设备均可ping通。

                    

                       1.在RT3全局配置模式下

                                    GW(config)#ip nat inside sourse static tcp 192.168.10.1 23  100.1.1.1 23456                                                                           

                                                                                    (192.168.10.1为pc1机的ip 23为tcp端口号  100.1.1.1为网关ip  23456仅为进入指定端口的号 无其他意义）

                        

                    

                        2.在PC1在全局配置模式下：

                                line vty 0 4

                                no login

                                    

                        3.在网关R3上，在全局模式下配置：

                                    

                                 line vty 0 4

                                 no login

                                

                        

                                4.在R5权限模式下进行测试：

                                        telnet 100.1.1.1 23456