NAT中的ip nat outside source 实验配置
PC:具有公网IP172.16.1.1的某台远程主机。
NAT_Router:为执行NAT功能的企业边缘路由器(本Case只针对NAT ip natoutside进行模拟实验,ip nat inside source 忽略)。
Server:具有公网IP172.16.2.2的一台企业内部服务器。
由于本实验只针对的是NAT中的ip nat outside source进行实验配置,因此:
IL(inside local address):172.16.2.2
IG(inside global address):172.16.2.2
OL(outside local address):192.168.1.1~192.168.1.254
OG(outside global address):172.16.1.1
ip nat outside source{static|dynamic} 是OGOL的转换(流量方向dynamic:outsideinside static:insideoutside)
ip nat inside source{static|dynamic} 是ILIG的转换(流量方向insideoutside static:insideoutside)
ip nat inside destination 是IGIL的转换(负载均衡)(流量方向outsideinside)
NAT_Router configuration
NAT_Router#sh run
Building configuration...
Current configuration : 13 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NAT_Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.0
ip nat outside
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.2.1 255.255.255.0
ip nat inside
serial restart-delay 0
!
ip nat pool xinjialove 192.168.1.1 192.168.1.254 netmask 255.255.255.0 # OL(outside local address)地址池
ip nat outside source list 1 pool xinjialove #由于此实验属于动态(dynamic)ip nat outside source 因此通信流方向必须
由外至内(outside---inside),如果配置为静态(static)ip nat outside
source static ….通信流方向即可由内向外(inside-outside)又可由外向内
ip classless
ip route 192.168.1.0 255.255.255.0 Serial1/0 #必须为OL地址指定路由,否则返回流会因为没有OL路由而被drop
no ip http server
!
!
access-list 1 permit 172.16.1.1 #定义NAT ip nat outside source 的源地址即OL address,与之匹
配的将进行NAT
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
Debug NAT 信息
Show NAT 信息
