2019/5/13 - - -
on to explain the experimental NAT address translation
NAT Network Address Translation
effect:
1、让内网用户共享上网 -- SNAT(源地址转换)
2、服务器的发布(端口映射),也就是说让外网用户访问内网架设的服务器--DNAT(目标地址转换)
NAT configuration template
Lab topology
is conveniently configured, there is provided a profile
link: https://pan.baidu.com/s/1W5yrkv7IS0XyoaIU8doCQw
extraction code: yw8h
In Beijing, for example:
1, the definition of Internet traffic
access-list 1 permit 192.168.1.0 /24 或 0.0.0.255 -- 标准列表
2, the interface defined direction
内网--inside
外网--outside
interface ethernet0/0
ip nat outside
interface loopback 0
ip nat inside
3, the definition of NAT scheme
selection PAT (port-based conversion), i.e. within the network so that a plurality of users share an address of the external interface
ip nat inside source list 1 interface e0/0 overload
Second experiment, ipsec vpn Coexisting with nat
Lab topology
When used in combination, should remember to do ipsec VPN and VPN traffic NAT NAT exemption (VPN traffic do not let the NAT)
has been set up ipsec vpn spoken of before, please move to this "ipsec vpn"
1, the definition of the Internet flow
when doing NAT exemption, it is recommended to use an extended ACL
access-list 100 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
2, the interface defined direction
内网--inside
外网--outside
interface ethernet0/0
ip nat outside
interface loopback 0
ip nat inside
3, the definition of the program NAT
ip nat inside source list 100 interface e0/0 overload
show ip nat translations
see Address Translation
Finally, you can try to test
also provides a configuration file, of course, also be free to test the
link: https://pan.baidu.com/s/1ciiUg1gkgvfSyjSGMybnsg
extraction code: D56B
the OK, have any questions, comments welcome the exchange of O ( ∩_∩) O ~