一个以太口做Nat实例
2006-11-1 17:06:00
interface Loopback0
ip address 10.0.1.1 255.255.255.252
ip nat outside
!--- Creates a virtual interface called Loopback 0 and assigns an
!--- IP address of 10.0.1.1 to it. Defines interface Loopback 0 as
!--- NAT outside.
!
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.0 secondary
ip address 10.0.0.2 255.255.255.0
ip Nat inside
!--- Assigns a primary IP address of 10.0.0.2 and a secondary IP
!--- address of 192.168.1.2 to Ethernet 0. Defines interface Ethernet 0
!--- as NAT inside. The 192.168.1.2 address will be used to communicate
!--- through the CM to the CMTS and the Internet. The 10.0.0.2 address
!--- will be used to communicate with the local hosts.
ip policy route-map Nat-loop
!--- Assigns route-map "Nat-loop" to Ethernet 0 for policy routing.
!
ip Nat pool external 192.168.2.2 192.168.2.3 prefix-length 29
ip Nat inside source list 10 pool external overload
ip Nat inside source static 10.0.0.12 192.168.2.1
!--- NAT is defined: packets matching access-list 10 will be
!--- translated to an address from the pool called "external".
!--- A static NAT translation is defined for 10.0.0.12 to be
!--- translated to 192.168.2.1 (this is for host 2 which needs
!--- to be accessed from the Internet).
ip classless
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 Ethernet0
!--- Static default route set as 192.168.1.1, also a static
!--- route for network 192.168.2.0/24 directly attached to
!--- Ethernet 0
!
!
access-list 10 permit 10.0.0.0 0.0.0.255
!--- Access-list 10 defined for use by NAT statement above.
access-list 102 permit ip any 192.168.2.0 0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
!--- Access-list 102 defined and used by route-map "Nat-loop"
!--- which is used for policy routing.
!
Access-list 177 permit icmp any any
!--- Access-list 177 used for debug.
!
route-map Nat-loop permit 10
match ip address 102
set ip next-hop 10.0.1.2
!--- Creates route-map "Nat-loop" used for policy routing.
!--- Route map states that any packets matching access-list 102 will
!--- have the next hop set to 10.0.1.2 and be routed "out" the
!--- loopback interface. All other packets will be routed normally.
!
end
NAT-router#
ip address 10.0.1.1 255.255.255.252
ip nat outside
!--- Creates a virtual interface called Loopback 0 and assigns an
!--- IP address of 10.0.1.1 to it. Defines interface Loopback 0 as
!--- NAT outside.
!
!
interface Ethernet0
ip address 192.168.1.2 255.255.255.0 secondary
ip address 10.0.0.2 255.255.255.0
ip Nat inside
!--- Assigns a primary IP address of 10.0.0.2 and a secondary IP
!--- address of 192.168.1.2 to Ethernet 0. Defines interface Ethernet 0
!--- as NAT inside. The 192.168.1.2 address will be used to communicate
!--- through the CM to the CMTS and the Internet. The 10.0.0.2 address
!--- will be used to communicate with the local hosts.
ip policy route-map Nat-loop
!--- Assigns route-map "Nat-loop" to Ethernet 0 for policy routing.
!
ip Nat pool external 192.168.2.2 192.168.2.3 prefix-length 29
ip Nat inside source list 10 pool external overload
ip Nat inside source static 10.0.0.12 192.168.2.1
!--- NAT is defined: packets matching access-list 10 will be
!--- translated to an address from the pool called "external".
!--- A static NAT translation is defined for 10.0.0.12 to be
!--- translated to 192.168.2.1 (this is for host 2 which needs
!--- to be accessed from the Internet).
ip classless
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 Ethernet0
!--- Static default route set as 192.168.1.1, also a static
!--- route for network 192.168.2.0/24 directly attached to
!--- Ethernet 0
!
!
access-list 10 permit 10.0.0.0 0.0.0.255
!--- Access-list 10 defined for use by NAT statement above.
access-list 102 permit ip any 192.168.2.0 0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
!--- Access-list 102 defined and used by route-map "Nat-loop"
!--- which is used for policy routing.
!
Access-list 177 permit icmp any any
!--- Access-list 177 used for debug.
!
route-map Nat-loop permit 10
match ip address 102
set ip next-hop 10.0.1.2
!--- Creates route-map "Nat-loop" used for policy routing.
!--- Route map states that any packets matching access-list 102 will
!--- have the next hop set to 10.0.1.2 and be routed "out" the
!--- loopback interface. All other packets will be routed normally.
!
end
NAT-router#
本文转自loveme2351CTO博客,原文链接: http://blog.51cto.com/loveme23/8005,如需转载请自行联系原作者