本文共 2543 字,大约阅读时间需要 8 分钟。
需求如下:CISCO2621路由器需要做NAT地址转换内网是192.168.1.0 192.168.2.0 两个网段上网外口是218.98.0.1NAT地址是外口地址配置:interface Fastethernet 0/0ip address 218.98.0.1 255.255.255.0ip nat outsideinterface fastethernet 0/1ip address 192.168.1.1 255.255.254.0ip nat insideip nat pool aaa 218.98.0.1 218.98.0.1 netmask 255.255.255.0ip nat inside source list 1 pool aaaaccess-list 1 permit 192.168.1.0 0.0.1.255ip nat pool office 192.168.3.123 192.168.3.123 netmask 255.255.255.0ip nat inside source list 1 pool officeaccess-list 1 permit 192.168.3.0 0.0.0.255
port mapped
ip nat inside source static tcp 172.16.1.1 80 192.168.1.3 500 extendable
show ip nat translation
Router#show ip nat translation
例 11.3. 2911 NAT
interface GigabitEthernet0/1 description Default-Shenzhen-IPLC-Hongkong-WAN ip address 192.168.1.254 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto!interface FastEthernet0/0/0 description Office-1 ip address 192.168.40.254 255.255.255.240 ip nat inside ip virtual-reassembly in duplex auto speed auto!interface FastEthernet0/0/1 description Office-2 ip address 192.168.50.254 255.255.255.128 ip nat inside ip nat enable ip virtual-reassembly in duplex auto speed auto!ip nat inside source list 100 interface GigabitEthernet0/1 overloadip route 0.0.0.0 0.0.0.0 192.168.1.1!access-list 100 permit ip any any
access-list extended
ip nat inside source list nat interface FastEthernet0/0/0 overloadip route 0.0.0.0 0.0.0.0 192.168.1.1!ip access-list extended nat permit ip any anyip nat inside source list pat interface FastEthernet0/0/1 overload!ip access-list extended pat permit ip 192.168.1.0 0.0.0.255 any
enaconf tip nat inside source static 192.168.1.4 200.200.200.200int f0/0ip nat outsideno shutint f0/1ip nat insideno shut
至少做两条NAT,因为FTP有两个端口,20,21,一个数据,一个指令端口映射:ip nat inside source static tcp 192.168.1.4 21 200.200.200.200 21ip nat inside source static tcp 192.168.1.4 20 200.200.200.200 20在外网的接口(你的f0/0)上配置Router(config-if)#ip nat outside(只能有一个出接口)在内网的接口(你的f0/1)上配置Router(config-if)#ip nat inside(可以有多个进接口)
cisco上做端口映射,要求192.168.0.180:8000和192.168.0.181:8000分别映射外网202.122.111.66的3000和3002端口 其他192.168.0.0/24的主机可以上网,具体配置
int fa0/0ip nat insideint fa0/1ip nat outside全局模式:access-list 10 permit anyip nat inside source list 10 interface fa0/1 overload端口映射:ip nat inside source static tcp 192.168.0.180 8000 interface fa0/1 3000ip nat inside source static tcp 192.168.0.181 8000 interface fa0/1 3002interface fa0/1是外网的端口