预配置如下:
[r1]
#
sysname r1
#
interface Serial1/0
ip address 20.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.254 255.255.255.0
#
ip route-static 0.0.0.0 0 20.0.0.100
#
return
[r2pc]
#
sysname r2pc
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.0.0.1 255.255.255.0
#
ip route-static 0.0.0.0 0 10.0.0.254
#
return[r7isp]
#
sysname r7isp
#
interface Serial1/0
ip address 20.0.0.100 255.255.255.0
#
interface Serial2/0
ip address 20.1.1.100 255.255.255.0
#
interface Serial3/0
ip address 20.2.2.100 255.255.255.0
#
return
[r4]
#
sysname r4
#
interface Serial2/0
ip address 20.1.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0 20.1.1.100
#
return[r8]
#
sysname r8
#
interface Serial3/0
ip address 20.2.2.1 255.255.255.0
#
ip route-static 0.0.0.0 0 20.2.2.100
#
return需求场景 同一主机,访问不同目的时,源地址转换为不同的地址
企业总部内网 r2pc (10.0.0.1)访问企业分支A 的r4公网接口(20.1.1.1)时,源地址转换为20.0.0.4, 访问企业分支B的r8公网接口(20.2.2.1)时,源地址转换为20.0.0.8。
配置如下:
[r1]
#
interface Serial1/0
ip address 20.0.0.1 255.255.255.0
nat outbound name r2pc-r4 address-group 4
nat outbound name r2pc-r8 address-group 8
#
acl advanced name r2pc-r4
rule 0 permit ip source 10.0.0.1 0 destination 20.1.1.1 0
#
acl advanced name r2pc-r8
rule 0 permit ip source 10.0.0.1 0 destination 20.2.2.1 0
#
nat address-group 4
address 20.0.0.4 20.0.0.4
#
nat address-group 8
address 20.0.0.8 20.0.0.8
#
return验证:在r2pc 上分别ping r4的 20.1.1.1 和 r8的 20.2.2.1
r1上通过 display nat session verbose 命令查看NAT转换会话表项
r2pc 上ping r4的 20.1.1.1 ,在r4通过debugging ip icmp 和 terminal debugging验证源转换
r2pc 上pingr8的 20.2.2.1 ,在r8通过debugging ip icmp 和 terminal debugging验证源转换
