静态NAT

实验来源：工大瑞普Cisco网络技术论坛

1.按照试验拓扑，配置好各台路由器的IP地址，R1 and R2模拟普通PC机；

r1(config)#no ip routing
r1(config)#ip default-gateway 192.168.1.3

r2(config)#no ip routing
r2(config)#ip default-gateway 192.168.1.3

2.R3模拟PC机的网关，配置一条默认路由：

r3(config)#ip route 0.0.0.0 0.0.0.0 202.101.48.129

3.R4模拟ISP，配置一条静态路由：

r4(config)#ip route 192.168.1.0 255.255.255.0 202.101.48.1

4.使用ping命令验证个台路由器的连通行，这里略。。。
5.在R3上配置NAT

方法1：静态NAT（static）
r3(config)#ip nat inside source static 192.168.1.1 202.101.48.1
r3(config)#int f0/0
r3(config-if)#ip nat inside
r3(config-if)#int s1/2
r3(config-if)#ip nat outside
验证：
r1#ping 202.101.48.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.48.129, timeout is 2 seconds:
!!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 120/134/140 ms
在R4上debug ip packet
r4#debug ip pacet
*Mar  1 00:08:46.631: %SYS-5-CONFIG_I: Configured from console by console
IP packet debugging is on
*Mar  1 00:09:51.267: IP: tableid=0, s=202.101.48.1 (Serial1/2), d=202.101.48.129 (Serial1/2), routed via RIB
*Mar  1 00:09:51.267: IP: s=202.101.48.1 (Serial1/2), d=202.101.48.129 (Serial1/2), len 100, rcvd 3
*Mar  1 00:09:51.271: IP: tableid=0, s=202.101.48.129 (local), d=202.101.48.1 (Serial1/2), routed via FIB

验证成功；

方法2：动态NAT（dynamic）
r3(config)#ip nat pool test 202.101.48.2 202.101.48.10 netmask 255.255.255.0
r3(config)#ip nat inside source list 100 pool test overload
r3(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any
验证：
r1#ping 202.101.48.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.48.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/149/200 ms
在R4上debug ip packet
r4#debug ip pacet
*Mar  1 00:08:46.631: %SYS-5-CONFIG_I: Configured from console by console
IP packet debugging is on
*Mar  1 00:16:17.955: IP: tableid=0, s=202.101.48.3 (Serial1/2), d=202.101.48.129 (Serial1/2), routed via RIB
*Mar  1 00:16:17.955: IP: s=202.101.48.3 (Serial1/2), d=202.101.48.129 (Serial1/2), len 100, rcvd 3
*Mar  1 00:16:17.959: IP: tableid=0, s=202.101.48.129 (local), d=202.101.48.3 (Serial1/2), routed via FIB

验证成功；

方法3：all-to-one
r3(config)#ip nat inside source list 100 interface serial 1/2 overload
r3(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any
验证：
r1#ping 202.101.48.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.48.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/139/160 ms
在R4上debug ip packet
r4#debug ip packet
IP packet debugging is on
r4#
*Mar  1 00:19:06.435: IP: tableid=0, s=202.101.48.1 (Serial1/2), d=202.101.48.129 (Serial1/2), routed via RIB
*Mar  1 00:19:06.435: IP: s=202.101.48.1 (Serial1/2), d=202.101.48.129 (Serial1/2), len 100, rcvd 3
*Mar  1 00:19:06.439: IP: tableid=0, s=202.101.48.129 (local), d=202.101.48.1 (Serial1/2), routed via FIB

验证成功。
我们在R3上使用命令debug ip nat查看一下转换过程：

r3#debug ip nat
IP NAT debugging is on
r3#
*Mar  1 00:05:39.831: NAT*: s=192.168.1.1->202.101.48.1, d=202.101.48.129 [35]
*Mar  1 00:05:39.891: NAT*: s=202.101.48.129, d=202.101.48.1->192.168.1.1 [35]

NAT的三种方式全部实验完。
OK,试验完。
（纠正：在配置好NAT后，可以把之前建立的用于测试连通性的默认路由删除掉。感谢syt007提出的这个问题！）