A Cisco router
1, static NAT: applicable environmental static NAT internal local address and internal address legitimate one-turn
ip nat inside source static 192.168.2.2 10.10.10.4 --------------------- former address within the network, which is external addresses
interface GigabitEthernet0 / 1 ---------------------------------------------- ----- external interface
ip address 10.10.10.1 255.255.255.0
ip outside NAT
interface GigabitEthernet0 / 2 ---------------------------------------------- ----- internal network interface
ip address 192.168.3.2 255.255.255.0
ip NAT inside
If external networks are used ospf, then the border router that requires'
ospf process inside the internal network configuration: default-information originate
router ospf 1
log-adjacency-changes
network 192.168.3.0 0.0.0.255 area 0
default-information originate
Also you need to configure a default route to point to external networks: ip route 0.0.0.0 0.0.0.0 10.10.10.2
The network can access the Internet, the Internet can access the Internet
ip nat inside source static tcp 192.168.2.2 80 10.10.10.4 80 (8080) --------------------- former address within the network, which is external addresses can be converted port, convenient access external networks
Internal server, the port may be the same inside and outside the port, the port may be different, within 80 ------> 80 or outer 80 ------> 8080 outer
interface GigabitEthernet0 / 1 ---------------------------------------------- ----- external interface
ip address 10.10.10.1 255.255.255.0
ip outside NAT
interface GigabitEthernet0 / 2 ---------------------------------------------- ----- internal network interface
ip address 192.168.3.2 255.255.255.0
ip NAT inside
2, the applicable environmental dynamic address translation : Dynamic address translation is the local address and the internal address valid one turn change, matching the network address will be selected randomly inside the public address pool address conversion, using the public network address after the remaining addresses will not be deleted during the network.
access-list 99 permit 192.168.1.0 0.0.0.255
ip nat pool test 10.10.10.3 10.10.10.10 netmask 255.255.255.0
ip nat inside source list 99 pool test
interface GigabitEthernet0 / 1 ---------------------------------------------- ----- external interface
ip address 10.10.10.1 255.255.255.0
ip outside NAT
interface GigabitEthernet0 / 2 ---------------------------------------------- ----- internal network interface
ip address 192.168.3.2 255.255.255.0
ip NAT inside
3, multiplexed with applicable environmental dynamic address translation (PNAT): multiplexing first dynamic address translation is a dynamic address translation, it may allow a plurality of internal addresses share a local internal legal address, identified by a port with a randomly generated different conversion address.
access-list 99 permit 192.168.1.0 0.0.0.255
ip nat pool test 10.10.10.3 10.10.10.10 netmask 255.255.255.0
ip nat inside source list 99 pool test overload
interface GigabitEthernet0 / 1 ---------------------------------------------- ----- external interface
ip address 10.10.10.1 255.255.255.0
ip outside NAT
interface GigabitEthernet0 / 2 ---------------------------------------------- ----- internal network interface
ip address 192.168.3.2 255.255.255.0
ip NAT inside
To achieve external network can access the network server, you must convert static address port;
Second, the Huawei router NAT
1, static NAT
interface GigabitEthernet0/0/1
ip address 10.10.10.1 255.255.255.0
nat static global 10.10.10.3 inside 192.168.1.2 netmask 255.255.255.255
nat static protocol tcp global 10.10.10.4 www inside 192.168.2.2 www netmask 255.255.255.255
nat static enable
2、动态NAT
[GW]nat address-group 0 202.100.1.100 202.100.1.200
[GW]acl number 2000
[GW-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[GW-GigabitEthernet0/0/0]int g0/0/1
[GW-GigabitEthernet0/0/1] nat outbound 2000 address-group 0 no-pat
注:no-pat表示一对一转换,只转换地址,不转换端口,直接回车表示IP和端口都做转换
3、端口复用PAT
[GW]nat address-group 0 202.100.1.100 202.100.1.200
[GW]acl number 2000
[GW-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[GW-GigabitEthernet0/0/0]int g0/0/1
[GW-GigabitEthernet0/0/1] nat outbound 2000 address-group 0