预配置:
r7isp
hostname r7isp
!
interface Serial5/0
ip address 20.0.0.100 255.255.255.0
no shutdown
!
end
r1
hostname r1
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
no shutdown
!
interface FastEthernet1/0
ip address 10.1.1.254 255.255.255.0
no shutdown
!
interface Serial5/0
ip address 20.0.0.1 255.255.255.0
no shutdown
!
endr2pc
hostname r2pc
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
no shutdown
!
no ip routing
!
ip default-gateway 10.0.0.254
!
end
r3server
hostname r3server
!
interface FastEthernet1/0
ip address 10.1.1.1 255.255.255.0
no shutdown
!
no ip routing
!
ip default-gateway 10.1.1.254
!
end预配置
需求场景 内部网络访问外网时,源地址转换为动态地址池中的地址
企业总部9台PC、Server,需访问互联网进行补丁升级,在路由器上配置源地址转换,当10.0.0.0/24和10.1.1.0/24访问外部资源时,将其源地址转换20.0.0.11-19中的地址。
r1 配置如下:
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
!
interface FastEthernet1/0
ip address 10.1.1.254 255.255.255.0
ip nat inside
!
interface Serial5/0
ip address 20.0.0.1 255.255.255.0
ip nat outside
!
ip nat pool mypool 20.0.0.11 20.0.0.19 netmask 255.255.255.0
ip nat inside source list POOLNAT pool mypool
!
ip access-list extended POOLNAT
permit ip 10.0.0.0 0.0.0.255 any
permit ip 10.1.1.0 0.0.0.255 any
!
end
—————————————————————————-
注意:ip nat inside source list POOLNAT pool mypool overload
如果内网有更多的PC、SERVER需要访问公网,当动态地址池中的地址使用完后,部分用户将不能正常的进行地址转换,仍需使用端口复用技术,加上overload 参数 即PAT。验证:在r2pc 和 r3server上ping r7isp的接口地址20.0.0.100
r1上通过 show ip nat translations 命令查看NAT转换表项
r7isp通过debug ip icmp 验证源转换
