一个以太口做Nat实例

2006-11-1 17:06:00
interface Loopback0
  ip address 10.0.1.1 255.255.255.252
  ip nat outside
  !--- Creates a virtual interface called Loopback 0 and assigns an
  !--- IP address of 10.0.1.1 to it. Defines interface Loopback 0 as
  !--- NAT outside.
  !
  !
  interface Ethernet0
  ip address 192.168.1.2 255.255.255.0 secondary
  ip address 10.0.0.2 255.255.255.0
  ip Nat inside
  !--- Assigns a primary IP address of 10.0.0.2 and a secondary IP
  !--- address of 192.168.1.2 to Ethernet 0. Defines interface Ethernet 0
  !--- as NAT inside. The 192.168.1.2 address will be used to communicate
  !--- through the CM to the CMTS and the Internet. The 10.0.0.2 address
  !--- will be used to communicate with the local hosts.
  
  ip policy route-map Nat-loop
  !--- Assigns route-map "Nat-loop" to Ethernet 0 for policy routing.
  !
  ip Nat pool external 192.168.2.2 192.168.2.3 prefix-length 29
  ip Nat inside source list 10 pool external overload
  ip Nat inside source static 10.0.0.12 192.168.2.1
  !--- NAT is defined: packets matching access-list 10 will be
  !--- translated to an address from the pool called "external".
  !--- A static NAT translation is defined for 10.0.0.12 to be
  !--- translated to 192.168.2.1 (this is for host 2 which needs
  !--- to be accessed from the Internet).
  
  ip classless
  !
  !
  ip route 0.0.0.0 0.0.0.0 192.168.1.1
  ip route 192.168.2.0 255.255.255.0 Ethernet0
  !--- Static default route set as 192.168.1.1, also a static
  !--- route for network 192.168.2.0/24 directly attached to
  !--- Ethernet 0
  !
  !
  access-list 10 permit 10.0.0.0 0.0.0.255
  !--- Access-list 10 defined for use by NAT statement above.
  
  access-list 102 permit ip any 192.168.2.0 0.0.0.255
  access-list 102 permit ip 10.0.0.0 0.0.0.255 any
  !--- Access-list 102 defined and used by route-map "Nat-loop"
  !--- which is used for policy routing.
  !
  Access-list 177 permit icmp any any
  !--- Access-list 177 used for debug.
  !
  route-map Nat-loop permit 10
  match ip address 102
  set ip next-hop 10.0.1.2
  !--- Creates route-map "Nat-loop" used for policy routing.
  !--- Route map states that any packets matching access-list 102 will
  !--- have the next hop set to 10.0.1.2 and be routed "out" the
  !--- loopback interface. All other packets will be routed normally.
  !
  end
  NAT-router#