CISCO NAT 配置學習經典
阿新 • • 發佈:2020-10-12
NAT基礎知識
● NAT簡介
NAT(Network Address Translation)的功能,就是指在一個網路內部,根據需要可以隨意自定義的IP地址,而不需要經過申請。在網路內部,各計算機間通過內部的IP地址進行通訊。而當內部的計算機要與外部internet網路進行通訊時,具有NAT功能的裝置(比如:路由器)負責將其內部的IP地址轉換為合法的IP地址(即經過申請的IP地址)進行通訊。
● NAT 的應用環境:
情況1:一個企業不想讓外部網路使用者知道自己的網路內部結構,可以通過NAT將內部網路與外部Internet 隔離開,則外部使用者根本不知道通過NAT設定的內部IP地址。
CISCO NAT經典基礎配置
● 全部採用埠:ISP分配的IP202.99.160.129
interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
in nat inside
no shutdown
interface fastethernet0/1
ip address 192.168.2..1 255.255.255.0
duplex auto
speed auto
in nat outside
no shutdown
ip nat pool OnlyYou 202.99.160.130 202.99.160.130 netmask 255.255.255.252
//OnlyYou代表地址池的名稱。 2個202.99.160.130是代表只用一個ip做轉換後ip.
access-list 1 permit 192.168.2.0 0.0.0.255
ip nat inside source list1 pool OnlyYou overload ● 動態地址轉換+埠:ISP分配的IP 有:202.99.160.130~190 255.255.255.192 Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Ip address 192.168.2.1 255.255.255.0 secondary
Duplex auto
Ip nat inside
No shutdown
Interface serial 0/0
Ip address 202.99.160.129 255.255.255.192
Duplex auto
Speed auto
Ip nat outside
No shutdwon
Ip nat pool OutPort 202.99.160.190 202.99.160.190 netmask 255.255.255.192
Ip nat pool OutPool 202.99.160.130 202.99.160.190 netmask 255.255.255.192
Ip nat inside source list1 pool OutPort //192.168.1.0段主機全部轉成202.99.160.190
//出於訪問ftp站點等考慮:192.168.2.0和192.168.3.0段主機全部
//轉成202.99.160.130到202.99.160.189中的所有地址。
Access-list1 permit 192.168.1.0 0.0.0.255
Access-list2 permit 192.168.2.0 0.0.0.255
Access-list2 permit 192.168.3.0 0.0.0.255 ● 靜態地址轉換:ISP分配的IP地址是:211.82.220.80~211.82.220.87、211.82.220.81 255.255.255.248。要求Intranet上的Web.E-mail.Ftp.Media可以被外部訪問。 Interface fastethernet0/0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown Interface fastethernet0/1
Ip address 211.82.220.81 255.255.255.248
Speed auto
Duplex auto
Ip nat outside
No shutdown Ip nat pool Outpool 211.82.220.86 211.82.20.86 netmask 255.255.255.248
Access-list 1 permit 192.168.1.2 0.0.0.255
Access-list 1 permit 192.168.1.3 0.0.0.255
Access-list 1 permit 192.168.1.4 0.0.0.255
Access-list 1 permit 192.168.1.5 0.0.0.255
Ip nat inside source list1 pool Outpool overload
Ip nat inside source static 192.168.1.2 211.82.220.82
Ip nat inside source static 192.168.1.3 211.82.220.83
Ip nat inside source static 192.168.1.4 211.82.220.84
Ip nat inside source static 192.168.1.5 211.82.220.85 ● NAT對映:如果ISP提供的IP地址比較多還可以,但如果不是的時候(如就兩個時),一個用於內網地址轉換,另一個用於對外網提供服務。ISP提供的內網上網IP。 Interface ethernet0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 211.82.220.129 255.255.255.248
Duplex auto
Speed auto
Ip nat outside
No shutdown
Access-list 1 permit 192.168.1.0 0.0.0.255
Ip nat pool Everybody 211.82.220.130 211.82.220.130 network 255.255.255.252
Ip nat inside source list1 pool Everybody overload
Ip nat inside source static tcp 192.168.1.2 80 202.99.220.130 80
Ip nat inside source static tcp 192.168.1.3 21 202.99.220.130 21
Ip nat inside source static tcp 192.168.1.4 25 202.99.220.130 25
Ip nat inside source static tcp 192.168.1.5 110 202.99.220.130 110 ● 利用地址轉換實現負載均衡:當有如象騰訊公司似的多伺服器時,使用路由器實現負載平衡,可以使它們有平等的訪問機會. Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 202.110.198.81 255.2555.255.248
Duplex auto
Speed auto
Ip nat outside
Access-list 1 permit 202.110.198.82
Access-list 2 permit 202.110.198.83
Access-list 3 permit 192.168.1.0 0.0.0.255
Ip nat pool Webser 192.168.1.2 192.168.1.3 255.255.255.248 type rotary
Ip nat pool Ftpser 192.168.1.4 192.168.1.5 255.255.255.248 type rotary
Ip nat pool normal 202.110.198.84 202.110.198.84 netmask 255.255.255.248
Ip nat inside destination list 1 pool Webser
Ip nat inside destination list 2 pool Ftpser
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
in nat inside
no shutdown
interface fastethernet0/1
ip address 192.168.2..1 255.255.255.0
duplex auto
speed auto
in nat outside
no shutdown
ip nat pool OnlyYou 202.99.160.130 202.99.160.130 netmask 255.255.255.252
//OnlyYou代表地址池的名稱。 2個202.99.160.130是代表只用一個ip做轉換後ip.
access-list 1 permit 192.168.2.0 0.0.0.255
ip nat inside source list1 pool OnlyYou overload ● 動態地址轉換+埠:ISP分配的IP 有:202.99.160.130~190 255.255.255.192 Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Ip address 192.168.2.1 255.255.255.0 secondary
Duplex auto
Ip nat inside
No shutdown
Interface serial 0/0
Ip address 202.99.160.129 255.255.255.192
Duplex auto
Speed auto
Ip nat outside
No shutdwon
Ip nat pool OutPort 202.99.160.190 202.99.160.190 netmask 255.255.255.192
Ip nat pool OutPool 202.99.160.130 202.99.160.190 netmask 255.255.255.192
Ip nat inside source list1 pool OutPort //192.168.1.0段主機全部轉成202.99.160.190
//出於訪問ftp站點等考慮:192.168.2.0和192.168.3.0段主機全部
//轉成202.99.160.130到202.99.160.189中的所有地址。
Access-list1 permit 192.168.1.0 0.0.0.255
Access-list2 permit 192.168.2.0 0.0.0.255
Access-list2 permit 192.168.3.0 0.0.0.255 ● 靜態地址轉換:ISP分配的IP地址是:211.82.220.80~211.82.220.87、211.82.220.81 255.255.255.248。要求Intranet上的Web.E-mail.Ftp.Media可以被外部訪問。 Interface fastethernet0/0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown Interface fastethernet0/1
Ip address 211.82.220.81 255.255.255.248
Speed auto
Duplex auto
Ip nat outside
No shutdown Ip nat pool Outpool 211.82.220.86 211.82.20.86 netmask 255.255.255.248
Access-list 1 permit 192.168.1.2 0.0.0.255
Access-list 1 permit 192.168.1.3 0.0.0.255
Access-list 1 permit 192.168.1.4 0.0.0.255
Access-list 1 permit 192.168.1.5 0.0.0.255
Ip nat inside source list1 pool Outpool overload
Ip nat inside source static 192.168.1.2 211.82.220.82
Ip nat inside source static 192.168.1.3 211.82.220.83
Ip nat inside source static 192.168.1.4 211.82.220.84
Ip nat inside source static 192.168.1.5 211.82.220.85 ● NAT對映:如果ISP提供的IP地址比較多還可以,但如果不是的時候(如就兩個時),一個用於內網地址轉換,另一個用於對外網提供服務。ISP提供的內網上網IP。 Interface ethernet0
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 211.82.220.129 255.255.255.248
Duplex auto
Speed auto
Ip nat outside
No shutdown
Access-list 1 permit 192.168.1.0 0.0.0.255
Ip nat pool Everybody 211.82.220.130 211.82.220.130 network 255.255.255.252
Ip nat inside source list1 pool Everybody overload
Ip nat inside source static tcp 192.168.1.2 80 202.99.220.130 80
Ip nat inside source static tcp 192.168.1.3 21 202.99.220.130 21
Ip nat inside source static tcp 192.168.1.4 25 202.99.220.130 25
Ip nat inside source static tcp 192.168.1.5 110 202.99.220.130 110 ● 利用地址轉換實現負載均衡:當有如象騰訊公司似的多伺服器時,使用路由器實現負載平衡,可以使它們有平等的訪問機會. Interface fastethernet0/1
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Ip nat inside
No shutdown
Interface fastethernet0/0
Ip address 202.110.198.81 255.2555.255.248
Duplex auto
Speed auto
Ip nat outside
Access-list 1 permit 202.110.198.82
Access-list 2 permit 202.110.198.83
Access-list 3 permit 192.168.1.0 0.0.0.255
Ip nat pool Webser 192.168.1.2 192.168.1.3 255.255.255.248 type rotary
Ip nat pool Ftpser 192.168.1.4 192.168.1.5 255.255.255.248 type rotary
Ip nat pool normal 202.110.198.84 202.110.198.84 netmask 255.255.255.248
Ip nat inside destination list 1 pool Webser
Ip nat inside destination list 2 pool Ftpser