5种NAT类型
1、静态NTT:将内网主机的私网ip地址一对一映射到公网IP地址
将上图在R1上配置静态NAT将内网主机的私有地址一对一映射到公有地址
(相关资料图)
[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[R1-GigabitEthernet0/0/1]nat static enable 开启静态NAT功能
[R1-GigabitEthernet0/0/1]nat static global 12.1.1.2 inside 192.168.1.1
[R1-GigabitEthernet0/0/1]nat static global 12.1.1.3 inside 192.168.1.2
[R1-GigabitEthernet0/0/1]nat static global 12.1.1.4 inside 192.168.1.3
2、动态NAT:将内网主机私有地址转换为公网里面的地址
[R1]nat address-group 1 12.1.1.2 12.1.1.4
[R1] acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface gigabitethernet 0/0/1
[R1-interface gigabitethernet 0/0/1] nat outbound 2000 address-group 1 no-pat
3、NAPT:端口NAT,从地址池中选择地进行转换时不仅转换ip地址,同时也会对端口号进行转换
[R1]nat address-group 1 12.1.1.2 12.1.1.4 配置nat地址池
[R1] acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface gigabitethernet 0/0/1
[R1-interface gigabitethernet 0/0/1] nat outbound 2000 address-group 1
将acl 2000匹配的源地址转换为address-group 1定义的公网地址,关键字no-pat表示做端口转换
4、Easy ip 特殊NAPT
在R1上配置。让内网所有私有地址转换为路由器接口上面地址12.1.1.1,访问公网
[R1] acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface gigabitethernet 0/0/1
[R1-interface gigabitethernet 0/0/1] nat outbound 2000
5、NAT server,将内部服务器映射搭配公网,在出口路由器R1配置NATserver,内网服务器192.168.1.10的80端口映射到公网地址12.1.1.1的80端口,外部互联网用户访问12.1.1.1的80端口,可以自动跳转访问内部web服务器192.168.1.10的80端口,主要隐藏内部服务器
[R1] interface gigabitethernet 0/0/1
[R1-interface gigabitethernet 0/0/1] ip address 12.1.1.1 24
[R1-interface gigabitethernet 0/0/1]nat server protocol tcp global 12.1.1.1 80 inside 192.168.1.10 将12.1.1.1的80端口,映射到内网192.168.1.10 的80端口