NAT之Easy IP

NAT之Easy IP

允许多个私网地址转换成一个公网IP,很常用

CAL用来做匹配范围时,没有默认隐含允许所有的规则
NAT之Easy IP_第1张图片

PC1(IP地址)
IP地址:192.168.31.1
子网掩码:255.255.255.0
网关:192.168.31.254
PC2(IP地址)
IP地址:192.168.31.2
子网掩码:255.255.255.0
网关:192.168.31.254
Server1(IP地址)
IP地址:192.168.31.3
子网掩码:255.255.255.0
网关:192.168.31.254
Client1(IP地址)
IP地址:9.9.9.9
子网掩码:255.255.255.0
网关:9.9.9.1
R1(设置IP地址)
system-view     //进入全局配置模式
[Huawei]undo info-center enable      //关闭信息告警提示
[Huawei]sysname R1     //改名
[R1]interface g0/0/0     //进入接口
[R1-GigabitEthernet0/0/0]ip address 192.168.31.254 24     //设置IP地址
[R1-GigabitEthernet0/0/0]quit     //退出
[R1]interface g0/0/1     //进入接口
[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 29      //设置IP地址
[R1-GigabitEthernet0/0/1]quit     //退出
[R1]
R2(设置IP地址)
system-view     //进入全局配置模式
[Huawei]undo info-center enable     //关闭信息告警提示
[Huawei]sysname R2     //改名
[R2]interface g0/0/0     //进入接口
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 29     //设置IP地址
[R2-GigabitEthernet0/0/0]quit     //退出
[R2]interface g0/0/1     //进入接口
[R2-GigabitEthernet0/0/1]ip address 9.9.9.1 24     //设置IP地址
[R2-GigabitEthernet0/0/1]quit     //退出
[R2]
R1(默认路由)
[R1]ip route-static 0.0.0.0 0 12.1.1.2     //设置默认路由
[R1]
R1(ACL用来做匹配范围时,没有默认隐含允许所有的规则)
[R1]acl number 2000     //创建ACL2000
[R1-acl-basic-2000]rule permit source 192.168.31.0 0.0.0.255     //设置ACL匹配范围
[R1-acl-basic-2000]quit     //退出
[R1]
R1(内网的私网地址出包时转换成公网接口G0/0/0的IP地址)
[R1]interface g0/0/1     //进入接口
[R1-GigabitEthernet0/0/1]nat outbound 2000     //当ACL2000应用于出接口转换为公网IP
[R1-GigabitEthernet0/0/1]quit     //退出
[R1]
PC1(测试是否可以ping通Client1)
PC>ping 9.9.9.9     //测试是否可以ping通Client1

Ping 9.9.9.9: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
From 9.9.9.9: bytes=32 seq=3 ttl=253 time=31 ms     //ping通
From 9.9.9.9: bytes=32 seq=4 ttl=253 time=31 ms
From 9.9.9.9: bytes=32 seq=5 ttl=253 time=32 ms

--- 9.9.9.9 ping statistics ---
  5 packet(s) transmitted
  3 packet(s) received
  40.00% packet loss
  round-trip min/avg/max = 0/31/32 ms

PC>
PC2(测试是否可以ping通Client1)
PC>ping 9.9.9.9     //测试是否可以ping通Client1

Ping 9.9.9.9: 32 data bytes, Press Ctrl_C to break
From 9.9.9.9: bytes=32 seq=1 ttl=253 time=47 ms     //ping通
From 9.9.9.9: bytes=32 seq=2 ttl=253 time=32 ms
From 9.9.9.9: bytes=32 seq=3 ttl=253 time=47 ms
From 9.9.9.9: bytes=32 seq=4 ttl=253 time=78 ms
From 9.9.9.9: bytes=32 seq=5 ttl=253 time=15 ms

--- 9.9.9.9 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 15/43/78 ms

PC>

你可能感兴趣的:(#,NAT,ACL,Easy,Easy,IP,多对一)