HUAWEI-NAT的五种类型-配置案例
精选
原创
©著作权归作者所有:来自51CTO博客作者PLENGONG的原创作品,请联系作者获取转载授权,否则将追究法律责任
本实验:配置测试NAT的五种类型,静态nat、动态nat,napt和esay ip,nat server,相关资料参考华为官方文档
HUAWEI-NAT的五种类型-配置案例
实验说明:某公司PC1-PC4四台客户机对访问Internet有特殊的需求,需要配置不同类型的NAT访问外网,同时公司内部有一台Web服务器需要NAT Server对外提供WEB服务。
IP地址规划表:
本端设备
| 端口
| IP地址或所属VLAN
| 对端设备
| 端口
| IP地址或所属VLAN
|
R1
| Serial 1/0/0
| 12.0.0.1/28
| ISP
| Serial 1/0/0
| 12.0.0.1/28
|
R1
| GE 0/0/1
| 192.168.2.254/24
| SW2
| GE 0/0/1
| (NULL)
|
R1
| GE 0/0/2
| 192.168.1.254/24
| SW1
| GE 0/0/1
| (NULL)
|
SW1
| Eth 0/0/1
| (NULL)
| PC1
| Eth 0/0/1
| 192.168.1.1/24
|
SW1
| Eth 0/0/2
| (NULL)
| PC2
| Eth 0/0/1
| 192.168.1.2/24
|
SW1
| Eth 0/0/3
| (NULL)
| PC3
| Eth 0/0/1
| 192.168.1.3/24
|
SW2
| Eth 0/0/1
| (NULL)
| PC4
| Eth 0/0/1
| 192.168.2.1/24
|
SW2
| Eth 0/0/2
| (NULL)
| WebServer
| Eth 0/0/0
| 192.168.2.200/24
|
ISP
| GE 0/0/1
| 104.114.128.1/24
| Client1
| Eth 0/0/0
| 104.114.128.10/24
|
配置步骤:
- 配置接口IP地址、静态路由实现互通、
- 配置静态NAT,实现PC4私网与公网的一对一映射
- 配置动态NAT,实现PC1地址转换访问公网
- 配置NAPT,实现PC2转换地址和端口访问公网
- 配置Easy IP,实现PC3转换出接口地址访问公网
- 配置NAT Server,实现Web服务。
项目实施:
一、配置接口IP地址、静态路由实现互通
[R1]interface Serial1/0/0
[R1-Serial1/0/0] ip address 12.0.0.1 255.255.255.240
#
[R1-Serial1/0/0]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.2.254 255.255.255.0
#
[R1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.1.254 255.255.255.0
#
[R1]ip route-static 0.0.0.0 0.0.0.0 Serial1/0/0
[ISP]interface Serial1/0/0
[ISP-Serial1/0/0] ip address 12.0.0.2 255.255.255.240
#
[ISP-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[ISP-GigabitEthernet0/0/1] ip address 104.114.128.1 255.255.255.0
二、配置静态NAT
[R1-Serial1/0/0]nat static enable
[R1-Serial1/0/0]nat static global 12.0.0.3 inside 192.168.2.2 netmask 255.255.255.255
验证:
[R1]display nat static
Static Nat Information:
Interface : Serial1/0/0
Global IP/Port : 12.0.0.3/----
Inside IP/Port : 192.168.2.2/----
Protocol : ----
VPN instance-name : ----
Acl number : ----
Netmask : 255.255.255.255
Description : ----
三、配置动态NAT
[R1]acl 2001
[R1-acl-basic-2001] rule 5 permit source 192.168.1.2 0
#
[R1]nat address-group 0 12.0.0.4 12.0.0.5
#
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]nat outbound 2001 address-group 0 no-pat
验证:
[R1]display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.1.2
DestAddr Vpn : 104.114.128.10
Type Code IcmpId : 0 8 31060
NAT-Info
New SrcAddr : 12.0.0.5
New DestAddr : ----
New IcmpId : ----
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.1.2
DestAddr Vpn : 104.114.128.10
Type Code IcmpId : 0 8 31059
NAT-Info
New SrcAddr : 12.0.0.4
New DestAddr : ----
New IcmpId : ----
四、配置NAPT
[R1]acl number 2002
[R1-acl-basic-2002]
[R1-acl-basic-2002]rule 5 permit source 192.168.1.3 0
#
[R1]nat address-group 1 12.0.0.6 12.0.0.6
#
[R1-Serial1/0/0]nat outbound 2002 address-group 1
验证:
R1]display nat session all
NAT Session Table Information:
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.1.3
DestAddr Vpn : 104.114.128.10
Type Code IcmpId : 0 8 32063
NAT-Info
New SrcAddr : 12.0.0.6
New DestAddr : ----
New IcmpId : 10258
Protocol : ICMP(1)
SrcAddr Vpn : 192.168.1.3
DestAddr Vpn : 104.114.128.10
Type Code IcmpId : 0 8 32062
NAT-Info
New SrcAddr : 12.0.0.6
New DestAddr : ----
New IcmpId : 10257
五、配置Easy IP
[R1]acl number 2000
[R1-acl-basic-2000] rule 5 permit source 192.168.1.0 0.0.0.255
#
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]nat outbound 2000
验证:
[R1]dis nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Serial1/0/0 2001 0 no-pat
Serial1/0/0 2002 1 pat
Serial1/0/0 2000 12.0.0.1 easyip
--------------------------------------------------------------------------
六、配置NAT Server
[R1-Serial1/0/0]nat server protocol tcp global 12.0.0.10 www inside 192.168.2.200 www
验证:
[R1]display nat server
Nat Server Information:
Interface : Serial1/0/0
Global IP/Port : 12.0.0.10/80(www)
Inside IP/Port : 192.168.2.200/80(www)
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----
Description : ----
Total : 1