Router configuration for TP
![[实战]Router configuration for TP ROOM_Nat](http://s3.51cto.com/wyfs02/M01/7D/0B/wKiom1be8pjCqtWpAABrc28-ddw820.jpg "clip_image002")
目标: 让外网可以访问FTP server [10.1.1.2] /Telnet(这里为了方便测试,使用telnet),中间跨了2个 Router
++++CNSO-TP01 configuration +++++
conf t
service timestamps debug datetime localtime show-timezone msec
service timestamps log datetime localtime show-timezone msec
service password-encryption
service sequence-numbers
service tcp-keepalives-in
service tcp-keepalives-out
no ip http server
no ip http secure-server
no service config
no logging console
no logging monitor
password encryption aes
key config-key password-encrypt xxxxx
ip domain name hm.com
ip name-server 8.8.8.8 8.8.8.4
hostname CNSO-TP01
ip cef
ip multicast-routing
!
!
crypto key generate rsa
1024
!
!
!
ip ssh version 2
ip ssh authentication-retries 3
!
!
!
username xxxx priv 15 password 0 xxxx
enable secret 0 xxxxx
line vty 0 4
transport input all
exec-timeout 15 0
logging synchronous
login local
exit
banner exec #
*****************************************************************
*UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED *
*You must have explicit, authorized permission to access or *
*configure this device. Unauthorized attempts and actions to *
*access or use this system may result in civil and/or criminal *
*penalties.All activities performed on this device are logged *
*and monitored. *
*****************************************************************#
!
!
!
interface f0/0
description *** TP WAN INTERFACE ***
ip address 12.1.1.2 255.255.255.0
no shut
exit
interface Vlan 1
description *** LAN INTERFACE ***
ip address 192.168.1.1 255.255.255.0
no shut
exit
!
!
Service DHCP
ip dhcp pool HM-CN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
netbios-node-type h-node
dns-server 8.8.8.8 8.8.4.4
domain-name hm.com
lease 3
exit
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
!
ip route 0.0.0.0 0.0.0.0 f0/0 12.1.1.1
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
ip nat inside source static tcp 192.168.1.11 23 int f0/0 23
!
!
interface f0/0
ip nat outside
no cdp enable
no shut
exit
interface Vlan 1
ip nat inside
cdp ena
no shut
exit
!
试验结果:
在外面可以telnet R4
![[实战]Router configuration for TP ROOM_Nat_02](http://s3.51cto.com/wyfs02/M01/7D/09/wKioL1be8xvRvHiEAADESFhXWDs883.jpg "clip_image004")
CNSO-TP01#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 12.1.1.2:23 192.168.1.11:23 15.1.1.5:24113 15.1.1.5:24113
tcp 12.1.1.2:23 192.168.1.11:23 15.1.1.5:40245 15.1.1.5:40245
tcp 12.1.1.2:23 192.168.1.11:23 --- ---
=======以上模拟测试是否能进CNSO-TP01 router=================
CNSO-TP01(config)#ip route 10.1.1.0 255.255.255.0 vlan 1
CNSO-TP01(config)#no ip nat inside source static tcp 192.168.1.11 23 int f0/0 23
CNSO-TP01(config)#ip nat inside source static tcp 192.168.1.10 23 int f0/0 23
CT(config)#int f0/1
CT(config-if)#ip nat outside
CT(config-if)#int f0/0
CT(config-if)#ip nat inside
CT(config-if)#exit
CT(config)#access-list 1 permit 10.1.1.0 0.0.0.255
CT(config)#ip nat inside source list 1 interface f0/1 overload
CT(config)#ip nat inside source static tcp 10.1.1.2 23 int f0/1 23
测试成功如下:
![[实战]Router configuration for TP ROOM_Nat_03](http://s3.51cto.com/wyfs02/M02/7D/0B/wKiom1be8pnA9Q4QAABq3ftq0bc836.jpg "clip_image006")
CNSO-TP01#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 12.1.1.2:23 192.168.1.10:23 15.1.1.5:26987 15.1.1.5:26987
tcp 12.1.1.2:23 192.168.1.10:23 --- ---
CT#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.1.10:3 10.1.1.2:3 192.168.1.1:3 192.168.1.1:3
tcp 192.168.1.10:23 10.1.1.2:23 15.1.1.5:26987 15.1.1.5:26987
tcp 192.168.1.10:23 10.1.1.2:23 --- ---
总结:学要致用!
