Cisco router Ppoe client+nat address reflow problem test

One. Test the topology:


Two. Test ideas:


Three. Basic configuration:
A.R1:
Interface ethernet0/0
IP address 202.100.1.1 255.255.255.0
No shutdown
IP Route 0.0.0.0 0.0.0.0 202.100.1.2

B.R2:
1. Interface configuration:
Interface ethernet0/0
IP address 202.100.1.2 255.255.255.0
No shutdown
Interface ETHERNET0/1
No IP address
No shutdown
2.PPPOE Server configuration:
AAA New-model
AAA Authentication PPP Default Local
Username Cisco password 0 Cisco

IP dhcp excluded-address 202.100.2.2
IP dhcp pool ppoe
   network 202.100.2.0 255.255.255.0
& nbsp;  default-router 202.100.2.2

Bba-group PPPoE TEST
 virtual-template 1

Interface Virtual-template1
 ip address 202.100.2.2 255.255.255.0
 peer default IP address dhcp-pool ppoe
 PPP Authentication chap callin
Interface ETHERNET0/1
 pppoe enable group TEST
C.R3:
1. Interface configuration:
Interface ethernet0/0
 no IP address
 no shutdown
!
Interface ETHERNET0/1
 ip address 192.168.1.3 255.255.255.0
 no shutdown
2.PPPOE Client configuration:
Interface e0/0
 pppoe enable group Global
 pppoe-client dial-pool-number 1
Interface Dialer0
 mtu 1492
 ip address negotiated
 encapsulation PPP
 dialer Pool 1
 PPP chap hostname Cisco
 PPP chap password 0 Cisco

D.R4:

Interface ethernet0/0
IP address 192.168.1.4 255.255.255.0
No shutdown

IP Route 0.0.0.0 0.0.0.0 192.168.1.3

E.R5:

Interface ethernet0/0
IP address 192.168.1.5 255.255.255.0
No shutdown

IP Route 0.0.0.0 0.0.0.0 192.168.1.3

Four. Resolve Address Reflow

---are all configured on R3.

A. method one: NVI
1. Dynamic PAT Configuration:
IP Access-list Extended PAT
Permit IP 192.168.1.0 0.0.0.255 any

IP NAT Source List PAT Interface Dialer0 overload

Interface ETHERNET0/1
IP NAT Enable

Interface Dialer0

IP NAT Enable

2. Static NAT configuration:

IP Nat source static 192.168.1.4 202.100.2.4 extendable

3. Test:

---R5 can be accessed via the R4 mapped public address R4

R5#telnet 202.100.2.4
Trying 202.100.2.4 ... Open


User Access Verification

Password:
R4>show Users
Line User Host (s) Idle location
0 Con 0 UNKNOWN 00:00:16
*130 vty 0 Idle 00:00:00 202.100.2.3

Interface User Mode Idle Peer Address

R4>

---R4 can also be accessed via the R4 mapped public address R4

R4#telnet 202.100.2.4
Trying 202.100.2.4 ... Open


User Access Verification

Password:
R4>show Users
Line User Host (s) Idle location
0 Con 0 202.100.2.4 00:00:00
*131 vty 1 Idle 00:00:00 202.100.2.4

Interface User Mode Idle Peer Address

R4>

---automatically modifies the DNS record back package (similar to the ASA's DNS rewrite) when accessed through a domain name

R2 (config) #ip DNS server
R2 (config) #ip host R4.yuntian.cn 202.100.2.4

R5 (config) #ip domain-lookup
R5 (config) #ip name-server 202.100.2.2

R5#ping R4.yuntian.cn

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Translating "R4.yuntian.cn" ... domain server (202.100.2.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds:
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 8/32/52 ms
r5#
*mar 1 02:13:40.991:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.047:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.087:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.095:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
*mar 1 02:13:41.139:icmp:echo reply Rcvd, src 192.168.1.4, DST 192.168.1.5
r5#

Through the different location of the grab packet can be seen, router R3 modified the DNS return packet, the public address is modified to the intranet address:

B. method Two: Modify DNS records

This article is from the "Httpyuntianjxxll.spac.." Blog, make sure to keep this source http://333234.blog.51cto.com/323234/1664185

Cisco router Ppoe client+nat address reflow problem test