5种NAT类型

1、静态NTT:将内网主机的私网ip地址一对一映射到公网IP地址

将上图在R1上配置静态NAT将内网主机的私有地址一对一映射到公有地址


(相关资料图)

[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 24

[R1-GigabitEthernet0/0/1]nat static enable 开启静态NAT功能

[R1-GigabitEthernet0/0/1]nat static global 12.1.1.2 inside 192.168.1.1

[R1-GigabitEthernet0/0/1]nat static global 12.1.1.3 inside 192.168.1.2

[R1-GigabitEthernet0/0/1]nat static global 12.1.1.4 inside 192.168.1.3

2、动态NAT:将内网主机私有地址转换为公网里面的地址

[R1]nat address-group 1 12.1.1.2 12.1.1.4

[R1] acl 2000

[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255

[R1-acl-basic-2000]quit

[R1]interface gigabitethernet 0/0/1

[R1-interface gigabitethernet 0/0/1] nat outbound 2000 address-group 1 no-pat

3、NAPT:端口NAT,从地址池中选择地进行转换时不仅转换ip地址,同时也会对端口号进行转换

[R1]nat address-group 1 12.1.1.2 12.1.1.4 配置nat地址池

[R1] acl 2000

[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255

[R1-acl-basic-2000]quit

[R1]interface gigabitethernet 0/0/1

[R1-interface gigabitethernet 0/0/1] nat outbound 2000 address-group 1

将acl 2000匹配的源地址转换为address-group 1定义的公网地址,关键字no-pat表示做端口转换


4、Easy ip 特殊NAPT

在R1上配置。让内网所有私有地址转换为路由器接口上面地址12.1.1.1,访问公网

[R1] acl 2000

[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255

[R1-acl-basic-2000]quit

[R1]interface gigabitethernet 0/0/1

[R1-interface gigabitethernet 0/0/1] nat outbound 2000


5、NAT server,将内部服务器映射搭配公网,在出口路由器R1配置NATserver,内网服务器192.168.1.10的80端口映射到公网地址12.1.1.1的80端口,外部互联网用户访问12.1.1.1的80端口,可以自动跳转访问内部web服务器192.168.1.10的80端口,主要隐藏内部服务器

[R1] interface gigabitethernet 0/0/1

[R1-interface gigabitethernet 0/0/1] ip address 12.1.1.1 24

[R1-interface gigabitethernet 0/0/1]nat server protocol tcp global 12.1.1.1 80 inside 192.168.1.10 将12.1.1.1的80端口,映射到内网192.168.1.10 的80端口

推荐内容