实验一
会配置地址转换
理解地址转换的工作原理
配置Nat Server
拓扑
192.168.1.0/24为内网网段,12.1.1.0/24为公网网段,分别使用Easy IP和NAPT技术打通通信
将内网的Server1通过Nat Server方式映射出去
配置Easy IP打通内外网
PC1配置,Server1,Client1同理
Server1开启HTTP服务
AR2配置
<Huawei>sys
[Huawei]sys AR2
[AR2]inte gi 0/0/0
[AR2-GigabitEthernet0/0/0]ip addr 12.1.1.3 255.255.255.0
[AR2-GigabitEthernet0/0/0]inte lo 1
[AR2-LoopBack1]ip addr 8.8.8.8 32
AR1基础配置
<Huawei>sys
[Huawei]sys AR1
[AR1]inte gi 0/0/2
[AR1-GigabitEthernet0/0/2]ip addr 192.168.1.254 255.255.255.0
[AR1-GigabitEthernet0/0/2]inte gi 0/0/1
[AR1-GigabitEthernet0/0/1]ip addr 12.1.1.1 255.255.255.0
[AR1-GigabitEthernet0/0/1]q
[AR1]ip route-static 0.0.0.0 0 12.1.1.3
AR1配置Easy IP
[AR1]acl 2000 //配置ACL,匹配允许NAT的来源IP
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR1-acl-basic-2000]q
[AR1]inte gi 0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2000 //接口的出方向开启NAT,ACL规则为2000
AR1配置Nat Server
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface www i
nside 192.168.1.1 80
[AR1]dis nat server
Nat Server Information:
Interface : GigabitEthernet0/0/1
Global IP/Port : current-interface/80(www) (Real IP : 12.1.1.1)
Inside IP/Port : 192.168.1.1/80(www)
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----
Description : ----
Total : 1
测试
PC1 ping AR2的环回口地址8.8.8.8
PC>ping 8.8.8.8
Ping 8.8.8.8: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 8.8.8.8: bytes=32 seq=2 ttl=254 time=78 ms
From 8.8.8.8: bytes=32 seq=3 ttl=254 time=47 ms
--- 8.8.8.8 ping statistics ---
3 packet(s) transmitted
2 packet(s) received
33.33% packet loss
round-trip min/avg/max = 0/62/78 ms
在AR1的GE0/0/1口抓包,发现源地址已经被转换为公网地址
在AR1的GE0/0/2口抓包,发现公网IP已经转换为内网IP
client 访问HTTP服务器
在AR1的GE0/0/1抓包,发现client访问接口的80端口
根据接口配置的Nat Server,将目的IP和端口转换为内网服务器的IP和端口
配置NAPT
AR1
[AR1]nat address-group 1 12.1.1.4 12.1.1.6 //创建NAT地址池
[AR1]inte gi 0/0/1
[AR1-GigabitEthernet0/0/1]undo nat outbound 2000 //删除之前配置的Easy IP
[AR1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 //配置转换的公网地址池为1,且配置ACL规则为2000
PC1 ping 8.8.8.8
PC>ping 8.8.8.8
Ping 8.8.8.8: 32 data bytes, Press Ctrl_C to break
From 8.8.8.8: bytes=32 seq=1 ttl=254 time=94 ms
From 8.8.8.8: bytes=32 seq=2 ttl=254 time=78 ms
From 8.8.8.8: bytes=32 seq=3 ttl=254 time=94 ms
--- 8.8.8.8 ping statistics ---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/88/94 ms
在AR1的GE0/0/1口抓包,发现转换的公网IP为配置的地址池中的地址了
© 版权声明
文章版权归作者所有,未经允许请勿转载。
相关文章
暂无评论...