Experimental topology
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/92/wKiom1WgqZTTCjORAADD0sW7Qp0942.jpg "title=" mri% E7rp3i1~meh]t6r9rzs.png "alt=" Wkiom1wgqzttcjoraadd0sw7qp0942.jpg "/>
PC1 belongs to VLAN10,PC2 belongs to VLAN20
PC1 ip:192.168.10.254/24 R1 g0/0/0 ip:12.0.0.1/24
PC2 ip:192.168.20.254/24 R2 g0/0/0 ip:12.0.0.2/24
SW1 VLAN1 ip:192.168.1.10/24
SW2 VLAN1 ip:192.168.1.20/24
Experimental content
R1 analog Network Export routing, R2 analog operator equipment
1. Do static NAT on R1 to enable intranet members to access the extranet
2. Do dynamic NAT on R1 to enable intranet members to access the extranet
3, Pat on the R1 so that the network members can access the extranet
4. Do static port mapping on R1, so R2 can manage SW1 and SW2 remotely.
1. Static NAT Configuration
Existing 2 public network addresses
202.106.1.1/32
202.106.1.2/32
static NAT is a pair cannot save IP address
R1 static NAT configuration:
<r1>system-view
[R1]int g0/0/0
[R1-gigabitethernet0/0/0]nat Static global 202.106.1.1 inside 192.168.10.254// Map this public address to the internal IP: 192.168.10.254 's host is the C1
[R1-gigabitethernet0/0/0]nat Static global 202.106.1.2 inside 192.168.20.254//Ibid map to C2
R2 Configure backhaul routing:
[R2]ip route-static 202.106.1.1 32 12.0.0.1
[R2]ip route-static 202.106.1.2 32 12.0.0.1
Now, C1 and C2 should be able to communicate with the outside network.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/8F/wKioL1WgtaWys1iSAAH4udFOXAU489.jpg "style=" float: none; "title=" {$1gvcxd]4zw8~imfdn9f ' x.png "alt=" Wkiol1wgtawys1isaah4udfoxau489.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/92/wKiom1Wgs9GyZ_ibAAH4MgKqQV8335.jpg "style=" float: none; "Title=" @DA49JHE6JPQKX8QHB ' (e%t.png "alt=" Wkiom1wgs9gyz_ibaah4mgkqqv8335.jpg "/>
Capture the packet on R2 Verify that the source address is 202.106.1.1 and 202.106.1.2
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/92/wKiom1WgtM7zlkr8AAGSI8L8mmI791.jpg "style=" float: none; "title="}lxp]7jbazr]h ' e6{pj%) 72.png "alt=" Wkiom1wgtm7zlkr8aagsi8l8mmi791.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/8F/wKioL1WgtqODHJtTAAG3tlJh3pk769.jpg "style=" float: none; "Title=" H) 8$m5j~16}pszpz}q%bm~7.png "alt=" Wkiol1wgtqodhjttaag3tljh3pk769.jpg "/>
2. Dynamic NAT
The existing public network address 202.106.1.0/24
Dynamic NAT is an address pool made on the egress router, which gets a public IP from the address pool when the intranet PC accesses the extranet.
R1 Dynamic NAT Configuration:
[R1]nat address-group 1 202.106.1.1 202.106.1.254//Create a NAT address pool
[R1]ACL 2000//Define an Access control list
[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface g0/0/0
[R1-gigabitethernet0/0/0]nat Outbound Address-group 1 No-pat//associate ACL with address pool, no-pat means not reusable
R2 Configure backhaul routing:
[R2]ip route-static 202.106.1.0 24 12.0.0.1
Grab Bag test
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/93/wKiom1Wgud6wa_hBAAIHr2BkvBE087.jpg "title=" Weqz@5y6cchc0[]v (j8mh2i.png "alt=" Wkiom1wgud6wa_hbaaihr2bkvbe087.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgunyDAKkMAAPEQDZ-bIY529.jpg "title=" (TDP9} 2q4~%) SKW ' ur2tlpm.png "alt=" wkiom1wgunydakkmaapeqdz-biy529.jpg "/> will find here that the simulator is a bug, the ping command sends 5 packets, Here, each package gets an address.
3. Pat Configuration
A public network address is available 202.106.1.1/32
Pat is using a public address over and over again, and all of the hosts use it to surf the net.
R1 Pat Configuration:
[R1]nat address-group 1 202.106.1.1 202.106.1.1//Create an address pool
[R1]ACL 2000//Define an Access control list
[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255
[R1-gigabitethernet0/0/0]nat Outbound Address-group 1//associate ACL with address pool
R2 on backhaul routes:
[R2]ip route-static 202.106.1.1 32 12.0.0.1
Grab Bag test
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/93/wKiom1WgvdTwMbn4AAHxFH4N5j0717.jpg "title=" $4y~ MCR ' fk_ykfozhw8%yzu.png ' alt= "wkiom1wgvdtwmbn4aahxfh4n5j0717.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/93/wKiom1WgvmDgPe0iAANwy3o7OJw218.jpg "title=" 2o~s24 %v%$1[zpbbwmhce6r.png "alt=" Wkiom1wgvmdgpe0iaanwy3o7ojw218.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgvuCDRjTtAAH8zfXnkho341.jpg "title=" 5V " Wuqi78s0tq[pbj2~p9n0.png "alt=" Wkiom1wgvucdrjttaah8zfxnkho341.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/90/wKioL1WgwRfwJ6luAANjy_X_DCo865.jpg "title=" 17EM] hp8w~~) 3]~kk[vz9mr.png "alt=" Wkiol1wgwrfwj6luaanjy_x_dco865.jpg "/>
Now a public network IP is not only one external network port g0/0/0ip:12.0.0.1
[R1]ACL 2000//Define an Access control list
[R1-acl-basic-2000]rule Permit Source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]rule Permit Source 192.168.20.0 0.0.0.255
[R1]interface g0/0/0
[R1-gigabitethernet0/0/0]ip Address 12.0.0.1 24
[R1-gigabitethernet0/0/0]nat Outbound 2000//Reuse Current interface address
Capture Package Verification
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/90/wKioL1WgwyrS82GSAALOKxLlHtQ152.jpg "title=" K}) xbh51wz20~ ' Fjs~06r64.png "alt=" Wkiol1wgwyrs82gsaalokxllhtq152.jpg "/>
5. Static port mapping
On the basis of Pat, enter the following command
R1:
[R1-gigabitethernet0/0/0]nat Static Protocol TCP global Current-interface Telnet
Inside 192.168.1.10 telnet
Map Port 23 of the current interface to Port 23 of 192.168.1.10, where the port number or protocol can be
[R1-gigabitethernet0/0/0]nat Static Protocol TCP global Current-interface 1212 inside 192.168.1.20 telnet
Map Port 1212 of the current interface to port 23 of 192.168.1.20
Test
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/93/wKiom1WgyNCShfB8AAEWAEFz-vI388.jpg "title=" "[$ 10M1 (I0)%s) 2oug88}2.png "alt=" Wkiom1wgyncshfb8aaewaefz-vi388.jpg "/>
-------------------------------------------------------------------------------------------
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/90/wKioL1WgywXj3NJEAACzheNdMMk251.jpg "title="%1cflm %A ' Ov%1vcpbploj72.png "alt=" Wkiol1wgywxj3njeaaczhendmmk251.jpg "/>
Huawei, NAT configuration detailed