cisco NAT 的配置例子
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname nat-r1
!
enable secret 5 $1$FEQr$INhRecYBeCb.UqTQ3b9mY0
!
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 172.18.150.150 255.255.0.0
no ip directed-broadcast
ip nat inside /* 定义此为网络的内部端口 */
!
interface Serial0
ip address 192.1.1.161 255.255.255.252
no ip directed-broadcast
ip nat outside /* 定义此为网络的外部端口 */
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
! /* 定义从ISP那里申请到的IP在企业内部的分配策阅 */
ip nat pool tech 192.1.1.100 192.1.1.120 netmask 255.255.255.0
ip nat pool deve 192.1.1.121 192.1.1.150 netmask 255.255.255.0
ip nat pool manager 192.1.1.180 192.1.1.200 netmask 255.255.255.0
ip nat pool soft-1 192.1.1.170 192.1.1.179 netmask 255.255.255.0
ip nat pool soft-2 192.1.1.151 192.1.1.159 netmask 255.255.255.0
ip nat pool temp-user 192.1.1.160 192.1.1.160 netmask 255.255.255.0
/* 将访问列表与地址池对应,以下为动态地址转换*/
ip nat inside source list 1 pool tech
ip nat inside source list 2 pool deve
ip nat inside source list 3 pool manager
ip nat inside source list 4 pool soft-1
ip nat inside source list 5 pool soft-2
/* 将访问列表与地址池对应,以下为复用动态地址转换*/
ip nat inside source list 6 pool temp-user overload
/* 将访问列表与地址池对应,以下为静态地址转换*/
ip nat inside source static 172.18.100.168 192.1.1.168
ip nat inside source static 172.18.100.169 192.1.1.169
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0 /* 设置一个缺省路由 */
! /* 内部网访问地址表,他指出内部网络能访问外部网的地址段,
分别定义是为了对应
不同的地址池 */
access-list 1 permit 172.18.107.0 0.0.0.255
access-list 2 permit 172.18.101.0 0.0.0.255
access-list 3 permit 172.18.108.0 0.0.0.255
access-list 4 permit 172.18.103.0 0.0.0.255
access-list 4 permit 172.18.102.0 0.0.0.255
access-list 4 permit 172.18.104.0 0.0.0.255
access-list 5 permit 172.18.105.0 0.0.0.255
access-list 5 permit 172.18.106.0 0.0.0.255
access-list 6 permit 172.18.111.0 0.0.0.255
!
line con 0
transport input none
line 1 16
line aux 0
line vty 0 4
login
!
end
