一.测试拓扑:
参照:https://supportforums.cisco.com/message/3648386#3648386
据说是12.3(14)T 的IOS才开始有的功能:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
二.基本配置:
A.R1
int e0/0
ip add 192.168.10.1 255.255.255.0
no sh
line vty 0 5
password cisco
login
ip route 0.0.0.0 0.0.0.0 192.168.10.254
B.R2
interface Ethernet0/0
ip address 192.168.10.254 255.255.255.0
no shut
interface Ethernet0/1
ip address 202.100.1.2 255.255.255.0
no shut
C.R3
interface Ethernet0/0
ip address 202.100.1.3 255.255.255.0
no shut
二.R2的NVI配置:
int e0/0
ip nat enable
int e0/1
ip nat enable
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
ip nat source list 101 interface e0/1 overload
!--动态NVI-NAT Virtual Interface
ip nat source static 192.168.10.1 202.100.1.1 extendable
!--静态NVI
三.测试:
A.R3能telnet通R1映射后的公网地址
R3#telnet 202.100.1.1
Trying 202.100.1.1 ... Open
User Access Verification
Password:
R1>show users
Line User Host(s) Idle Location
0 con 0 idle 00:01:12
*130 vty 0 idle 00:00:00 202.100.1.3
Interface User Mode Idle Peer Address
R1>
B.R1也能telnet自己的映射后的公网地址
R1#telnet 202.100.1.1
Trying 202.100.1.1 ... Open
User Access Verification
Password:
R1>show users
Line User Host(s) Idle Location
0 con 0 202.100.1.1 00:00:00
*131 vty 1 idle 00:00:00 202.100.1.1
Interface User Mode Idle Peer Address
R1>
----可以看到,R1telnet自己的NAT后的公网地址,用的是经过地址转换后的地址
C.PC1也能telnet通R1映射后的公网地址
C:\Documents and Settings\Administrator>telnet 202.100.1.1
User Access Verification
Password:
R1>show users
Line User Host(s) Idle Location
0 con 0 idle 00:00:11
*130 vty 0 idle 00:00:00 202.100.1.2
Interface User Mode Idle Peer Address
R1>
---PC1连接R1 NAT后的公网地址,也用的是经过NAT后的地址
本文出自 “httpyuntianjxxll.spac..” 博客。