第一步:配置R1、R2、R3的接口
R1(config)#
R1(config)#int s1/2
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s1/3
R1(config-if)#ip add 131.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#net 0.0.0.0 0.0.0.0 area 0
R2(config)#int s2/1 R2(config-if)#ip add 192.168.0.2 255.255.255.0 R2(config-if)#no sh R2(config-if)#exit R2(config)#router ospf 1 R2(config-router)#net 0.0.0.0 0.0.0.0 area 0 R2(config-router)#
R3(config)#int s3/1 R3(config-if)#ip add 131.1.1.3 255.255.255.0 R3(config-if)#no sh R3(config-if)#exit R3(config)#^Z R3(config)#router ospf 1 R3(config-router)#net 0.0.0.0 0.0.0.0 area 0
第二步:在R1上定义NAT的静态映射 R1(config)#int s1/2 R1(config-if)#ip nat in R1(config-if)#ip nat inside R1(config)#int s1/3 R1(config-if)#ip nat outside R1(config-if)# 第三步:在R1上定义NAT的静态映射 R1(config)#ip nat inside source static 192.168.0.2 131.1.1.1 R1(config)#exit 第四步:在R2上进行ping R2#sh ip rou Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route
Gateway of last resort is not set
131.1.0.0/24 is subnetted, 1 subnets O 131.1.1.0 [110/128] via 192.168.0.1, 00:09:10, Serial2/1 C 192.168.0.0/24 is directly connected, Serial2/1 R2#ping 131.1.1.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 131.1.1.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/72/104 ms R2# 第五步:在R2ping的同时打开R1的nat过程 R1#debug ip nat detailed IP NAT detailed debugging is on R1# 00:21:08: NAT*: i: icmp (192.168.0.2, 243) -> (131.1.1.3, 243) [5] 00:21:08: NAT*: o: icmp (131.1.1.3, 243) -> (131.1.1.1, 243) [5] 00:21:08: NAT*: i: icmp (192.168.0.2, 244) -> (131.1.1.3, 244) [6] 00:21:08: NAT*: o: icmp (131.1.1.3, 244) -> (131.1.1.1, 244) [6] 00:21:08: NAT*: i: icmp (192.168.0.2, 245) -> (131.1.1.3, 245) [7] 00:21:08: NAT*: o: icmp (131.1.1.3, 245) -> (131.1.1.1, 245) [7] 00:21:08: NAT*: i: icmp (192.168.0.2, 246) -> (131.1.1.3, 246) [8] 00:21:08: NAT*: o: icmp (131.1.1.3, 246) -> (131.1.1.1, 246) [8] 00:21:08: NAT*: i: icmp (192.168.0.2, 247) -> (131.1.1.3, 247) [9] 00:21:08: NAT*: o: icmp (131.1.1.3, 247) -> (131.1.1.1, 247) [9]
R1#debug ip nat IP NAT debugging is on R1# 00:22:21: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [10] //可以看到源地址是由192.168.0.2转换为131.1.1.1 00:22:21: NAT*: s=131.1.1.3, d=131.1.1.1->192.168.0.2 [10] 00:22:21: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [11] 00:22:21: NAT*: s=131.1.1.3, d=131.1.1.1->192.168.0.2 [11] 00:22:21: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [12] 00:22:21: NAT*: s=131.1.1.3, d=131.1.1.1->192.168.0.2 [12] 00:22:21: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [13] 00:22:21: NAT*: s=131.1.1.3, d=131.1.1.1->192.168.0.2 [13] 00:22:21: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [14] 00:22:21: NAT*: s=131.1.1.3, d=131.1.1.1->192.168.0.2 [14] R1#
R1#sh ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Serial1/3 Inside interfaces: Serial1/2 Hits: 30 Misses: 0 Expired translations: 0 Dynamic mappings: R1#
R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global --- 131.1.1.1 192.168.0.2 --- --- R1# 第六步:在R3上pingR2的192.168.0.2接口
R3#ping 192.168.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/57/108 ms R3# 第七步:在R1上进行debug ip nat查看转换过程 R1# 00:26:47: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [5] 00:26:47: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [6] 00:26:47: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [7] 00:26:47: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [8] 00:26:47: NAT*: s=192.168.0.2->131.1.1.1, d=131.1.1.3 [9] R1#
