NAT网络地址转换

静态NAT
1、普通映射ip nat inside source static local-ip global-ip
2、指定端口映射ip nat inside source static tcp local-ip 80 global-ip 8080
ip nat inside
ip nat outside
show ip nat translations

动态NAT
ip nat pool name start-ip end-ip netmask 255.255.255.0
access-list access-list-number permit [source] [source-wildcard]
ip nat inside source list access-list-number pool name
ip nat inside
ip nat outside

PAT
access-list acess-list-number permit [source] [source-wildcard]
ip nat inside source list access-list-number interface s0/0 overload
ip nat inside
ip nat outside

show  run int s0/1  查看接口详细信息

PC(config)#no ip routing
PC(config)#int f0/0
PC(config-if)#ip add 192.168.1.1 255.255.255.0
PC(config-if)#no shut
PC(config-if)#exit
PC#ping 202.101.100.30   ----未配置NAT之前，无法ping通

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PC#ping 202.101.100.30   --------配了NAT之后可以ping通

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/104/172 ms

server(config)#no ip routing
server(config)#int f0/0
server(config-if)#ip add 192.168.1.100 255.255.255.0
server(config-if)#no shut
server(config-if)#exit
server(config)#ip default-gateway 192.168.1.254
server#show ip route
Default gateway is 192.168.1.254

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty
server#ping 202.101.100.30 -----配置NAT后可以访问外网

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/280/1064 ms
server(config)#line vty 0 4
server(config-line)#pass
server(config-line)#password 123
server(config-line)#login
server(config-line)#exit

R4(config)#int s0/0
R4(config-if)#ip add 202.101.100.30 255.255.224.0
R4(config-if)#no shut
R4(config-if)#exit
R4#ping 192.168.1.1  ----未配置NAT之前无法访问内网

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R4#telnet 202.101.100.1  ---配置静态NAT后外网可以通过访问202.101.100.1来访问内网
Trying 202.101.100.1 ... Open

User Access Verification

Password:
server>exit

[Connection to 202.101.100.1 closed by foreign host]
R4#telnet 202.101.100.1    -----指定端口映射以后地址后不加端口无法访问
Trying 202.101.100.1 ... Open

Password required, but none set

[Connection to 202.101.100.1 closed by foreign host]
R4#telnet 202.101.100.1 8080  -----指定端口映射以后加端口才能访问
Trying 202.101.100.1, 8080 ... Open

User Access Verification

Password:
server>exit

[Connection to 202.101.100.1 closed by foreign host]

R3(config)#int s1/0
R3(config-if)#ip add 202.101.100.1 255.255.224.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#int f0/0
R3(config-if)#ip add 192.168.1.254 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#access-list 1 permit 192.168.1.0 0.0.0.255  ---配置PAT（端口复用NAT）
R3(config)#ip nat inside source list 1 s1/0 ov
R3(config)#ip nat inside source list 1 interface s1/0 overload
R3(config)#int s1/0
R3(config-if)#ip nat outside
R3(config-if)#int f0/0
R3(config-if)#ip nat inside
R3#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 202.101.100.1:1   192.168.1.1:1      202.101.100.30:1   202.101.100.30:1
icmp 202.101.100.1:0   192.168.1.100:0    202.101.100.30:0   202.101.100.30:0
R3(config)#ip nat inside source static 192.168.1.100 202.101.100.1  ---此静态NAT所有端口映射暴露给外网不安全
R3(config)#no ip nat inside source static 192.168.1.100 202.101.100.1

Static entry in use, do you want to delete child entries? [no]: y
R3(config)#ip nat inside source static tcp 192.168.1.100 23 202.101.100.1 8080  ---指定端口映射