PAT配置
PAT配置
2007-11-23 17:13
PAT 是把内部地址映射到外部网络的IP地址的不同端口上,实现一对多
对于节省IP地址是最为有效的
注意 与动态NAT的比较
PAT步骤三步走: 一、定义NAT映射地址池 二、配置成PAT:ip nat inside source list 1 pool "nat" ouerload 三、设置内部允许出去的访问列表 四、指定进口和出接口
问题:
PAT命令的标准格式? 访问列表的作用?不设定访问列表会如何?
R1(config)#int f1/0
R1(config-if)#ip add 192.168.1.254 255.255.255.0 R1(config-if)#no sh
R1(config-if)#int s2/0
R1(config-if)#ip add 202.96.1.1 255.255.255.0 R1(config-if)#no sh R1(config-if)#exit R1(config)# R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no au R1(config-router)#net 202.96.1.0 R1(config-router)#exit R1(config)#exit R1# R1#conf t R1(config)#ip nat pool na 202.96.1.3 202.96.1.100 netmask 255.255.255.0 R1(config)#ip nat inside source list 1 pool na overload R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255 R1(config)#int f1/0 R1(config-if)#ip nat inside R1(config-if)#int s2/0 R1(config-if)#ip nat outside R1(config-if)#exit R1(config)#exit R1# R1#debug ip nat IP NAT debugging is on R1# *Nov 23 16:46:02.327: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [15] *Nov 23 16:46:02.419: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [15] *Nov 23 16:46:02.483: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [16] *Nov 23 16:46:02.515: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [16] *Nov 23 16:46:02.547: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [17] *Nov 23 16:46:02.575: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [17] *Nov 23 16:46:02.607: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [18] *Nov 23 16:46:02.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [18] *Nov 23 16:46:02.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [19] R1# *Nov 23 16:46:02.731: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [19] R1# *Nov 23 16:46:13.719: NAT: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [5] *Nov 23 16:46:13.811: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [5] *Nov 23 16:46:13.871: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [6] *Nov 23 16:46:13.927: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [6] *Nov 23 16:46:13.983: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [7] *Nov 23 16:46:14.015: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [7] *Nov 23 16:46:14.039: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [8] *Nov 23 16:46:14.075: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [8] *Nov 23 16:46:14.111: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [9] R1# *Nov 23 16:46:14.139: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [9] R1# *Nov 23 16:46:43.623: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 2 (2) R1# *Nov 23 16:47:02.731: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 3 (3) R1# *Nov 23 16:47:14.139: NAT: expiring 202.96.1.3 (192.168.1.2) icmp 1 (1)
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global icmp 202.96.1.3:4 192.168.1.1:4 2.2.2.2:4 2.2.2.2:4 R1# *Nov 23 16:47:59.403: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [20] *Nov 23 16:47:59.459: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [20] *Nov 23 16:47:59.531: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [21] *Nov 23 16:47:59.563: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [21] *Nov 23 16:47:59.575: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [22] *Nov 23 16:47:59.623: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [22] *Nov 23 16:47:59.639: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [23] *Nov 23 16:47:59.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [23] *Nov 23 16:47:59.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [24] R1# *Nov 23 16:47:59.719: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [24] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 202.96.1.3:2 192.168.1.2:2 2.2.2.2:2 2.2.2.2:2 icmp 202.96.1.3:4 192.168.1.1:4 2.2.2.2:4 2.2.2.2:4 R1# *Nov 23 16:48:43.655: NAT: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [10] *Nov 23 16:48:43.711: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [10] *Nov 23 16:48:43.775: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [11] *Nov 23 16:48:43.795: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [11] *Nov 23 16:48:43.827: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [12] *Nov 23 16:48:43.855: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [12] *Nov 23 16:48:43.891: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [13] *Nov 23 16:48:43.919: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [13] *Nov 23 16:48:43.983: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [14] R1# *Nov 23 16:48:44.015: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [14] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global icmp 202.96.1.3:2 192.168.1.2:2 2.2.2.2:2 2.2.2.2:2 icmp 202.96.1.3:4 192.168.1.1:4 2.2.2.2:4 2.2.2.2:4 icmp 202.96.1.3:5 192.168.1.1:5 2.2.2.2:5 2.2.2.2:5 R1# *Nov 23 16:48:55.531: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [25] *Nov 23 16:48:55.587: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [25] *Nov 23 16:48:55.655: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [26] *Nov 23 16:48:55.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [26] *Nov 23 16:48:55.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [27] *Nov 23 16:48:55.715: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [27] *Nov 23 16:48:55.743: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [28] *Nov 23 16:48:55.775: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [28] *Nov 23 16:48:55.807: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [29] R1# *Nov 23 16:48:55.843: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [29] R1# *Nov 23 16:48:59.719: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 4 (4)
R1#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 2 extended) Outside interfaces: Serial2/0 Inside interfaces: FastEthernet1/0 Hits: 54 Misses: 6 Expired translations: 4 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 pool na refcount 2 pool na: netmask 255.255.255.0 start 202.96.1.3 end 202.96.1.100 type generic, total addresses 98, allocated 1 (1%), misses 0 R1#sh ip nat tran R1#sh ip nat translations ver R1#sh ip nat translations verbose Pro Inside global Inside local Outside local Outside global icmp 202.96.1.3:2 192.168.1.2:2 2.2.2.2:2 2.2.2.2:2 create 00:00:51, use 00:00:51, left 00:00:08, Map-Id(In): 1, flags: extended, use_count: 0 icmp 202.96.1.3:5 192.168.1.1:5 2.2.2.2:5 2.2.2.2:5 create 00:00:39, use 00:00:39, left 00:00:20, Map-Id(In): 1, flags: extended, use_count: 0 R1# *Nov 23 16:49:44.015: NAT: expiring 202.96.1.3 (192.168.1.2) icmp 2 (2) R1# *Nov 23 16:49:55.843: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 5 (5) R1# |