了解 网络地址转换(NAT,Network Address Translation)

实验配置拓扑图

 

路由器ISP的配置
Building configuration...

Current configuration : 469 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
interface FastEthernet0/0
 ip address 221.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 223.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
line con 0
line vty 0 4
 login
!
end

路由器Company的配置
Building configuration...

Current configuration : 648 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Company
!
interface FastEthernet0/0
 ip address 221.1.1.2 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 221.1.1.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
line vty 0 4
 login
!
end

 在路由器Company上配置PAT的命令
Company(config)#ip route 0.0.0.0 0.0.0.0 221.1.1.1  //配置默认路由
Company(config)#access-list 1 permit 192.168.1.0 0.0.0.255  //配置一个标准访问控制列表
Company(config)#ip nat inside source list 1 int f0/0 overload //启用PAT私有IP地址的来源来自于ACL 1,使用f0/0上的公共IP地址进行转换,overload表示使用端口号进行转换
Company(config)#int fa0/1
Company(config-if)#ip nat inside
Company(config-if)#int f0/0
Company(config-if)#ip nat outside

测试
192.168.1.0段的PC0客户端PING公网WEBSERVER是否可以PING通?

再访问一下WEB网站

没有问题!实验成功!

成功的项目 我放在附件上了,有需要的可以下载!