NAT概述
NAT是将IP数据报文头中的IP地址转换为另一个IP地址的过程,主要用于实现内部网络(私有IP地址)访问外部网络(公有IP地址)的功能。Basic NAT是实现一对一的IP地址转换,而NAPT可以实现多个私有IP地址映射到同一个公有IP地址上。
配置
静态
interface gigabitethernet ID
nat static global 2.2.2.3 inside 192.168.0.2 netmask 255.255.255.255
动态
acl number 2000
rule 5 permit source 192.168.20.0 0.0.0.255
#
nat address-group 1 2.2.2.100 2.2.2.200
#
interface gigabitethernet ID
nat outbound 2001 address-group 1 no-pat
#
NAPT
#
acl number 2000
rule 5 permit source 192.168.20.0 0.0.0.255
#
nat address-group 1 2.2.2.100 2.2.2.200
#
interface gigabitethernet ID
nat outbound 2001 address-group 1
EASY IP
#
acl number 2000
rule 5 permit source 192.168.0.0 0.0.0.255
#
interface gigabitethernet ID
nat outbound 2000
#
两次NAT
#
sysname Router
#
acl number 3180
rule 5 permit ip source 1.1.1.0 0.0.0.255
#
nat alg dns enable
#
nat address-group 1 2.2.2.100 2.2.2.200
#
nat overlap-address 0 1.1.1.100 3.3.3.100 pool-length 254
#
interface GigabitEthernet2/0/0
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 2.2.2.2 255.255.255.0
nat outbound 3180 address-group 1
#
ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
ip route-static 3.3.3.100 255.255.255.255 GigabitEthernet1/0/0 2.2.2.1
#
return
综合示例
要求:内网用户和外网用户可以通过公网地址11.11.11.6正常访问内网服务器。内网用户可以访问外网。
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
#
acl number 3000
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 11.11.11.6 0
#
interface GigabitEthernet1/0/0
ip address 192.168.1.1 255.255.255.0
nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
nat outbound 3000
#
interface GigabitEthernet2/0/0
ip address 11.11.11.1 255.0.0.0
nat static global 11.11.11.6 inside 192.168.1.2 netmask 255.255.255.255
nat outbound 2000
#
ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
#
return
