二、匹配规则:
inside:先路由,后NAT
outside:先NAT,后路由
三、四种NAT:
ip nat inside source static 192.168.1.2 202.67.54.3
从inside进入,从outside出去的源IP地址为192.168.1.2转换为202.67.54.3
ip nat inside destination static 192.168.1.2 202.67.54.3
从inside进入,outside出去的目的IP为192.168.1.2转换为202.67.54.3
ip nat outside source static 192.168.1.2 202.67.54.3
从outside进入,inside出去的源IP为192.168.1.2转换为202.67.54.3
ip nat outside destination static 192.168.1.2 202.67.54.3
从outside进入,inside出去的目的IP为192.168.1.2转换为202.67.54.3
第一条等价于第四条,第二条等价于第三条
四、实验现象
ip nat inside 一定是出outside才会发生转换
ip nat outside 一定是出inside才会发生转换
http://www.2cto.com/net/201309/244766.html
五、实操
自己总结的第四步可能有些问题,但是不知道PC1为什么会把发给他的包丢掉,又找不到合理解释,希望有了解的人可以告诉我下。
各设备配置:
R0:
Router#show running-config
Building configuration...
Current configuration : 757 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 8.8.8.7 255.255.255.0
ip nat inside
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
ip nat outside source static 1.1.1.2 2.2.2.3
ip classless
ip route 0.0.0.0 0.0.0.0 8.8.8.8
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
R1:
Router#show running-config
Building configuration...
Current configuration : 662 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 8.8.8.8 255.255.255.0
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 8.8.8.7
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
PC1:
参考:http://www.2cto.com/net/201309/244766.html
但还是不明白回包流程为什么会失败,也许他解释的太抽象,有理解的,请举个小例子给我解释下回包为什么会失败,不胜感激
本文出自 “飞奔的小GUI” 博客,请务必保留此出处http://9237101.blog.51cto.com/9227101/1923618
原文地址:http://9237101.blog.51cto.com/9227101/1923618