|
发信人: messiah_lu(小雨) 整理人: sglzx(2001-12-05 15:50:52), 站内信件 |
| Translate Inside Source Addresses
Use this feature to translate your own IP addresses into globally unique IP addresses when communicating outside of your network. You can configure static or dynamic inside source translation as follows: ·Static translation establishes a one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside. ·Dynamic translation establishes a mapping between an inside local address and a pool of global addresses NAT Inside Source Translation The following process describes inside source address Translation 1. The user at Host 1.1.1.1 opens a connection to Host B. 2. The first packet that the router receives from Host 1.1.1.1 causes the router to check its NAT table. · If a static translation entry was configured, the router goes to Step 3. ·If no translation entry exists, the router determines that source address (SA) 1.1.1.1 must be translated dynamically, selects a legal, global address from the dynamic address pool, and creates a translation entry. This type of entry is called a simple entry. 3. The router replaces the inside local source address of Host 1.1.1.1 with the translation entry's global address, and forwards the packet. 4. Host B receives the packet and responds to Host 1.1.1.1 by using the inside global IP destination address (DA) 2.2.2.2. 5. When the router receives the packet with the inside global IP address, it performs a NAT table lookup by using the inside global address as a key. It then translates the address to the inside local address of Host 1.1.1.1 and forwards the packet to Host 1.1.1.1. 6. Host 1.1.1.1 receives the packet and continues the conversation. The router performs Steps 2 through 5 for each packet. Configure Static Translation 配置如下: 1.ip nat inside source static local-ip global-ip Establish static translation between an inside local address and an inside global address. 2.interface type number Specify the inside interface. 3.ip nat inside Mark the interface as connected to the inside. 4.interface type number Specify the outside interface. 5. ip nat outside Mark the interface as connected to the outside. Configure Dynamic Translation 配置如下: 1.ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} Define a pool of global addresses to be allocated as needed. 2.access-list access-list-number permit source [source-wildcard] Define a standard access list permitting those addresses that are to be translated. 3.ip nat inside source list access-list-number pool name Establish dynamic source translation, specifying the access list defined in the prior step. 4.interface type number Specify the inside interface. 5.ip nat inside Mark the interface as connected to the inside. 6.interface type number Specify the outside interface. 7.ip nat outside Mark the interface as connected to the outside. 具体配置例子如下: 
Router A Configuration ip nat pool routerA 199.57.10.5 199.57.10.10 netmask 255.255.255.0 access-list permit 192.168.10.0 0.0.0.255 ip nat inside source list 1 pool routerA ! interface serial0 ip add 199.57.10.1 255.255.255.0 ip nat outside ! interface ethernet 0 ip add 192.168.10.1 255.255.255.0 ip nat inside ! Router B Configuration ip nat inside source source static 192.168.12.5 198.45.10.5 ! interface serial0 ip add 198.45.10.1 255.255.255.0 ip nat outside ! interface ethernet 0 ip add 192.168.12.1 255.255.255.0 ip nat inside Monitor and Maintain NAT 1.clear ip nat translation * Clear all dynamic address translation entries from the NAT translation table. 2.clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] Clear a simple dynamic translation entry containing an inside translation, or both inside and outside translation. 3.clear ip nat translation outside local-ip global-ip Clear a simple dynamic translation entry containing an outside translation. 4.clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] Clear an extended dynamic translation entry. 还有一个理解实例,点绿色和红色按钮 |
|
[关闭][返回] |