关于NAT 转换的问题
现在情况是这样的,就是通过一个路由器cisco2821和一个WS-C3560E-24TD-E的三层交换机,路由器2821与电信的端口相接,电信那边分配了 8个地址 10.1.1.2-10.1.1.16 子网掩码:255.255.255.240 然后通过路由器上做NAT 转换,然后用内部的WEB服务器映射到公网地址10.1.1.7 另一个FTP服务器映射到公网地址10.1.1.8:
在R上的配置:
nterface GigabitEthernet0/0
ip address 10.1.1.2 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip address 10.1.1.2 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 172.168.1.0 255.255.255.0 192.168.1.2
ip route 172.168.2.0 255.255.255.0 192.168.1.2
ip route 172.168.3.0 255.255.255.0 192.168.1.2
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool sss 10.1.1.3 10.1.1.6 netmask 255.255.255.240
ip nat inside source list 1 pool sss overload
ip nat inside source static tcp 172.168.3.253 80 10.1.1.7 80
ip nat inside source static tcp 172.168.3.252 21 10.1.1.8 21
!
access-list 1 permit 172.168.0.0 0.0.255.255
!
!
control-plane
!
line con 0
login local
line aux 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
no login
transport input telnet
ip route 172.168.2.0 255.255.255.0 192.168.1.2
ip route 172.168.3.0 255.255.255.0 192.168.1.2
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool sss 10.1.1.3 10.1.1.6 netmask 255.255.255.240
ip nat inside source list 1 pool sss overload
ip nat inside source static tcp 172.168.3.253 80 10.1.1.7 80
ip nat inside source static tcp 172.168.3.252 21 10.1.1.8 21
!
access-list 1 permit 172.168.0.0 0.0.255.255
!
!
control-plane
!
line con 0
login local
line aux 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
no login
transport input telnet
在交换机上的配置:
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C6tJ$E8LCdgTGeT0nbycZiIz5Z.
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/23
no switchport
ip address 192.168.1.2 255.255.255.252
!
interface GigabitEthernet0/24
no switchport
no ip address
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface TenGigabitEthernet0/1
!
interface TenGigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.168.1.1 255.255.255.0
!
interface Vlan20
ip address 172.168.2.1 255.255.255.0
!
interface Vlan30
ip address 172.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C6tJ$E8LCdgTGeT0nbycZiIz5Z.
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet0/23
no switchport
ip address 192.168.1.2 255.255.255.252
!
interface GigabitEthernet0/24
no switchport
no ip address
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface TenGigabitEthernet0/1
!
interface TenGigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.168.1.1 255.255.255.0
!
interface Vlan20
ip address 172.168.2.1 255.255.255.0
!
interface Vlan30
ip address 172.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
现在出现一种情况,内部的网络都能正常上网,但是做NAT 转换的WEB和FTP服务器之后再外部能够ping通他映射的公网地址,也能够打开FTP服务器,但是打开不到5分钟就直接断掉了;打开web服务器无论怎么搞都打不开,但是ping他的映射的公网地址也是刚开始把NAT转换配置在路由器上就能够ping通公网的地址是通的,但是过不到5分钟就不通了,打开web页面也打不开。也不知道是怎么回事,有那个高手指教一下!!谢谢!!要有什么不清楚的,+++QQ : 396128474
本文出自 “遨天之鹰” 博客,转载请与作者联系!