nat的主要功能
1.延緩ipv4位址枯竭.
2.保護內網主機(埠對映).
3.對於tcp流量可動態負載均衡.
1.靜態nat
將乙個私有ip位址轉換為乙個公有ip位址.
2.動態nat
多個私有ip位址轉換為多個公有ip位址,源埠號標識每個會話.
思科實驗
靜態nat
r1:(邊界路由器)
ip nat inside source static 192.168.1.1 100.0.12.100
ip route 0.0.0.0 0.0.0.0 ethernet0/1 100.0.12.2
inte***ce ethernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
inte***ce ethernet0/1
ip address 100.0.12.1 255.255.255.0
ip nat outside
r2:(isp)
inte***ce loopback0
ip address 2.2.2.2 255.255.255.0
inte***ce ethernet0/1
ip address 100.0.12.2 255.255.255.0
動態nat
r5:(邊界路由器)
access-list 1 permit 192.168.5.0 0.0.0.255
ip nat pool nat 100.0.56.10 100.0.56.20 netmask 255.255.255.0
ip nat inside source list 1 pool nat
ip route 0.0.0.0 0.0.0.0 ethernet0/0 100.0.56.6
inte***ce ethernet0/0
ip address 100.0.56.5 255.255.255.0
ip nat outside
inte***ce ethernet0/1
ip address 192.168.5.254 255.255.255.0
ip nat inside
r6:(isp)
inte***ce loopback0
ip address 5.5.5.5 255.255.255.0
inte***ce ethernet0/0
ip address 100.0.56.6 255.255.255.0
inte***ce ethernet0/1
ip address 6.6.6.1 255.255.255.0
vpc10 6.6.6.6 gaw : 6.6.6.1
注意:去往外網網段的終端 一定要配置閘道器
r5#show ip nat translations
pro inside global inside local outside local outside global
--- 100.0.56.10 192.168.5.1 --- ---
--- 100.0.56.11 192.168.5.2 --- ---
show 命令:
show ip nat statistics
show ip nat translations
華為實驗
靜態nat
ar1:(邊界路由器)
#nat static global 100.0.12.100 inside 192.168.1.253 netmask 255.255.255.255
inte***ce gigabitethernet0/0/0
ip address 100.0.12.1 255.255.255.0
[r1-gigabitethernet0/0/0] nat static global 100.0.12.100 inside 192.168.1.253(第二種方式,建議在全域性模式下配置)
nat static enable
inte***ce gigabitethernet0/0/1
ip address 192.168.1.254 255.255.255.0
nat static enable
ip route-static 0.0.0.0 0.0.0.0 100.0.12.2
ar2:(isp)
inte***ce gigabitethernet0/0/0
ip address 100.0.12.2 255.255.255.0
inte***ce gigabitethernet0/0/1
ip address 2.2.2.1 255.255.255.0
[r1]dis nat static
static nat information:
inte***ce : gigabitethernet0/0/0
global ip/port : 100.0.12.100/----
inside ip/port : 192.168.1.253/----
protocol : ----
vpn instance-name : ----
acl number : ----
netmask : 255.255.255.255
description : ----
total : 1
動態nat
ar1:(邊界路由器)
#acl number 2000
rule 20 permit source 192.168.1.0 0.0.0.255
nat address-group 2 100.0.12.10 100.0.12.30
inte***ce gigabitethernet0/0/0
ip address 100.0.12.1 255.255.255.0
nat outbound 2000 address-group 2
inte***ce gigabitethernet0/0/1
ip address 192.168.1.254 255.255.255.0
dhcp select global
ip route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0/0 100.0.12.2
ar2:(isp)
inte***ce gigabitethernet0/0/0
ip address 100.0.12.2 255.255.255.0
inte***ce gigabitethernet0/0/1
ip address 2.2.2.1 255.255.255.0
思科 華為NAT的配置比較
思科nat配置 靜態nat 主要用於外網訪問內網伺服器 ip nat inside source static 192.168.1.1 100.1.1.1 外網位址100.1.1.1轉換為內網位址192.168.1.1 ip nat inside source static tcp 192.168....
思科NAT對映詳解
1.實驗拓撲圖如下 左側模仿內網,右側模仿外網 2.分別給裝置配置ip,內網配置預設路由 r1配置如下 配置路由 r1 ip route 0.0.0.0 0.0.0.0 200.0.0.2 r2配置如下 r3配置如下 pc配置如下 3.配置nat轉換 r1上操作如下 r1 config access...
華為防火牆NAT策略原理 實驗驗證!
二 黑洞路由 三 sever map表 四 華為防火牆nat實驗 4.5 實驗成功結束 當防火牆上配置某些內類的nat後,在防火牆上會生成server map,預設生成兩個server map條目,分別是正向條目和反向條目 reverse 此時server map表的作用是 3.3.1 主動模式 3...