预配置
r1
hostname r1
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
no shutdown
!
interface Serial5/0
ip address 20.0.0.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 20.0.0.100
!
end
r2pc
hostname r2pc
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
no shutdown
!
no ip routing
!
ip default-gateway 10.0.0.254
!
end
r4
hostname r4
!
interface Serial5/1
ip address 20.1.1.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 20.1.1.100
!
endr8
hostname r8
!
interface Serial5/2
ip address 20.2.2.1 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 20.2.2.100
!
end
r7isp
hostname r7isp
!
interface Serial5/0
ip address 20.0.0.100 255.255.255.0
no shutdown
!
interface Serial5/1
ip address 20.1.1.100 255.255.255.0
no shutdown
!
interface Serial5/2
ip address 20.2.2.100 255.255.255.0
no shutdown
!
end需求场景 同一主机,访问不同目的时,源地址转换为不同的地址
企业总部内网 r2pc (10.0.0.1)访问企业分支A 的r4公网接口(20.1.1.1)时,源地址转换为20.0.0.4, 访问企业分支B的r8公网接口(20.2.2.1)时,源地址转换为20.0.0.8。
r1 配置如下:
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
!
interface Serial5/0
ip address 20.0.0.1 255.255.255.0
ip nat outside
!
!
ip nat inside source static 10.0.0.1 20.0.0.4 route-map r4
ip nat inside source static 10.0.0.1 20.0.0.8 route-map r8
!
ip access-list extended natr4
permit ip host 10.0.0.1 host 20.1.1.1
ip access-list extended natr8
permit ip host 10.0.0.1 host 20.2.2.1
!
!
route-map r4 permit 10
match ip address natr4
!
route-map r8 permit 10
match ip address natr8
!验证:在r2pc 上分别ping r4的 20.1.1.1 和 r8的 20.2.2.1
r1上通过 show ip nat translations 命令查看NAT转换表项
r2pc 上ping r4的 20.1.1.1, r4通过debug ip icmp 验证源转换
r2pc 上ping r8的 20.2.2.1, r8通过debug ip icmp 验证源转换
