EASY NAT<动态地址+端口转换>:
配置EASY NAT,实现多个私网地址通过一个动态获取的公网地址不同端口转换访问INETERNET,提高公网地址的利用率:
[RTA]int e0/0
[RTA-Ethernet0/0]ip add 10.0.0.254 24
[RTA-Ethernet0/0]undo shutdown
[RTA ]动态获取的公网地址为198.76.28.1 24
[RTA]rip
[RTA-rip-1]ver 2
[RTA-rip-1]undo summ
[RTA-rip-1]undo summary
[RTA-rip-1]network 198.76.28.0
[RTA]int e0/0
[RTA-Ethernet0/0]ip add 198.76.28.2 24
[RTA-Ethernet0/0]undo shutdown
[RTA-Ethernet0/1]int e0/1
[RTA-Ethernet0/1]ip add 198.76.29.1 24
[RTA-Ethernet0/1]undo shutdown
[RTA]rip
[RTA-rip-1]ver 2
[RTA-rip-1]undo summ
[RTA-rip-1]undo summary
[RTA-rip-1]network 198.76.28.0
[RTA-rip-1]network 198.76.29.0
PCA:10.0.0.1 255.255.255.0 GT:10.0.0.254
PCB:10.0.0.2 255.255.255.0 GT:10.0.0.254
SERVER:198.76.29.4 255.255.255.0 GT:198.76.29.1
此时公网网络已经正常访问,私网无法访问公网server:
[RTA]ping 198.76.29.4
PING 198.76.29.4: 56 data bytes, press CTRL_C to break
Request time out
Reply from 198.76.29.4: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 198.76.29.4: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 198.76.29.4: bytes=56 Sequence=4 ttl=255 time=15 ms
Reply from 198.76.29.4: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 198.76.29.4 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 1/6/15 ms
C:\Documents and Settings\xiaofei>ping 198.76.29.4
Pinging 198.76.29.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 198.76.29.4:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
私网10.0.0.0网段需要访问公网server就需要使用EASY NAT进行地址转换:
[RTA]firewall enable
[RTA]firewall default permit
[RTA]acl number 2000
[RTA-acl-basic-2000]rule 0 permit source 10.0.0.0 0.0.0.255 定义基本ACL允许私网可以访问的网段。
[RTA-acl-basic-2000]quit
[[RTA]int e0/1
[RTA-Ethernet0/1]nat outbound 2000 在接口绑定ACL规则,无须定义地址池信息
此时的私网网段可以成功访问公网的server:
C:\Documents and Settings\xiaofei>ping 198.76.29.4
Pinging 198.76.29.4 with 32 bytes of data:
Reply from 198.76.29.4: bytes=32 time=1ms TTL=254
Reply from 198.76.29.4: bytes=32 time=2ms TTL=254
Reply from 198.76.29.4: bytes=32 time=15ms TTL=254
Reply from 198.76.29.4: bytes=32 time=16ms TTL=254
Ping statistics for 198.76.29.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 16ms, Average = 8ms
在NAT表中可以看出,多个私网地址通过一个动态获取的公网地址多个端口进行转换来访问公网server:
[RTA]disp nat session
There are currently 2 NAT sessions:
Protocol GlobalAddr Port InsideAddr Port DestAddr Port
1 198.76.28.10 12288 10.0.0.1 512 198.76.29.4 512
×××: 0, status: 11, TTL: 00:01:00, Left: 00:00:49
1 198.76.28.10 12289 10.0.0.2 512 198.76.29.4 512
×××: 0, status: 11, TTL: 00:01:00, Left: 00:01:00