Skip to main content


NVI解决内网访问内部服务器的外部映射地址

2013-01-03 23:45 浏览:

一.测试拓扑:

 

参照:https://supportforums.cisco.com/message/3648386#3648386
据说是12.3(14)T 的IOS才开始有的功能:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
二.基本配置:
A.R1
int e0/0
ip add 192.168.10.1 255.255.255.0
no sh
line vty 0 5
password cisco
login
ip route 0.0.0.0 0.0.0.0 192.168.10.254
B.R2
interface Ethernet0/0
ip address 192.168.10.254 255.255.255.0
no shut
interface Ethernet0/1
ip address 202.100.1.2 255.255.255.0
no shut
C.R3
interface Ethernet0/0
ip address 202.100.1.3 255.255.255.0
no shut
二.R2的NVI配置:
int e0/0
ip nat enable
int e0/1
ip nat enable
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
ip nat source list 101 interface e0/1 overload 
!--动态NVI-NAT Virtual Interface
ip nat source static 192.168.10.1 202.100.1.1 extendable 
!--静态NVI
三.测试:
A.R3能telnet通R1映射后的公网地址
R3#telnet 202.100.1.1
Trying 202.100.1.1 ... Open
User Access Verification
Password: 
R1>show users
Line       User       Host(s)              Idle       Location
0 con 0                idle                 00:01:12   
*130 vty 0                idle                 00:00:00 202.100.1.3
  Interface    User               Mode         Idle     Peer Address
R1>
B.R1也能telnet自己的映射后的公网地址
R1#telnet 202.100.1.1
Trying 202.100.1.1 ... Open
User Access Verification
Password: 
R1>show users
Line       User       Host(s)              Idle       Location
0 con 0                202.100.1.1          00:00:00
*131 vty 1                idle                 00:00:00 202.100.1.1
Interface    User               Mode         Idle     Peer Address
R1>
----可以看到,R1telnet自己的NAT后的公网地址,用的是经过地址转换后的地址
C.PC1也能telnet通R1映射后的公网地址
C:\Documents and Settings\Administrator>telnet 202.100.1.1
User Access Verification
Password:
R1>show users
Line       User       Host(s)              Idle       Location
0 con 0                idle                 00:00:11
*130 vty 0                idle                 00:00:00 202.100.1.2

Interface    User               Mode         Idle     Peer Address
R1>
---PC1连接R1 NAT后的公网地址,也用的是经过NAT后的地址

本文出自 “httpyuntianjxxll.spac..” 博客。