华为路由器配置简单NAT实例
2016-07-19 15:21
351 查看
session 1 NAT
NAT网络地址转换,将内网用户私有ip地址转换为公网ip地址实现上网。
简单的配置分为静态NAT、动态NAT、端口PAT、NAT-server发布等,下面以实际配置为例:
一、静态NAT转换
AR1上配置
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat server global 12.1.1.100 inside 192.168.2.10 在接口下将192.168.2.10转换成12.1.1.100地址访问公网
nat static enable 启用nat功能(全局或者接口都可以配置)
#
或者全局下也可以配置静态NAT:
[Huawei] nat static global 12.1.1.10 inside 192.168.1.10 netmask 255.255.255.255
AR2上配置
interface GigabitEthernet0/0/0 AR2模拟internet设备,配置公网ip即可
ip address 12.1.1.2 255.255.255.0
#
二、动态NAT配置
AR1上配置
#
acl number 2000
rule 1 permit source 192.168.1.0 0.0.0.3 使用acl匹配需要进行转换的内网ip地址(1.1-1.8这8个ip地址)
#
#
nat address-group 1 12.1.1.10 12.1.1.18 配置nat转换用的公网地址池1,地址范围12.1.1.10~12.1.1.18
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat outbound 2000 address-group 1 no-pat 在接口出方向上使用动态NAT,不做PAT端口复用
#
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
三、端口多路复用PAT配置
AR1上的配置
#
acl number 2000 使用acl匹配所有ip流量
rule 1 permit
#
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat outbound 2000 在出接口上使用PAT端口复用
#
或者可以使用loopback接口(将公网ip配置在loopback接口上)来做PAT接口ip地址,这样当物理接口ip地址没有了也不会影响NAT,提高稳定性:
[Huawei-GigabitEthernet0/0/2]nat outbound 2000 interface loopback 0
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
验证可以使用PC2去ping模拟internet的AR2的接口ip:12.1.1.2
PC>ping 12.1.1.2
Ping 12.1.1.2: 32 data bytes, Press Ctrl_C to break
From 12.1.1.2: bytes=32 seq=1 ttl=254 time=47 ms
From 12.1.1.2: bytes=32 seq=2 ttl=254 time=32 ms
From 12.1.1.2: bytes=32 seq=3 ttl=254 time=16 ms
From 12.1.1.2: bytes=32 seq=4 ttl=254 time=31 ms
From 12.1.1.2: bytes=32 seq=5 ttl=254 time=15 ms
--- 12.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/28/47 ms
PC>
四、NAT发布内网服务器到公网,供公网用户访问。
AR1上配置
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat server global 12.1.1.100 inside 192.168.1.10 发布内网PC服务器到公网,将192.168.1.10发布到公网使用ip地址12.1.1.100
#
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
测试,使用internet上的AR2来ping发布的PC的外网ip地址12.1.1.100
[Huawei]ping 12.1.1.100
PING 12.1.1.100: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.100: bytes=56 Sequence=1 ttl=127 time=70 ms
Reply from 12.1.1.100: bytes=56 Sequence=2 ttl=127 time=60 ms
Reply from 12.1.1.100: bytes=56 Sequence=3 ttl=127 time=60 ms
Reply from 12.1.1.100: bytes=56 Sequence=4 ttl=127 time=50 ms
Reply from 12.1.1.100: bytes=56 Sequence=5 ttl=127 time=50 ms
--- 12.1.1.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/58/70 ms
[Huawei]
NAT网络地址转换,将内网用户私有ip地址转换为公网ip地址实现上网。
简单的配置分为静态NAT、动态NAT、端口PAT、NAT-server发布等,下面以实际配置为例:
一、静态NAT转换
AR1上配置
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat server global 12.1.1.100 inside 192.168.2.10 在接口下将192.168.2.10转换成12.1.1.100地址访问公网
nat static enable 启用nat功能(全局或者接口都可以配置)
#
或者全局下也可以配置静态NAT:
[Huawei] nat static global 12.1.1.10 inside 192.168.1.10 netmask 255.255.255.255
AR2上配置
interface GigabitEthernet0/0/0 AR2模拟internet设备,配置公网ip即可
ip address 12.1.1.2 255.255.255.0
#
二、动态NAT配置
AR1上配置
#
acl number 2000
rule 1 permit source 192.168.1.0 0.0.0.3 使用acl匹配需要进行转换的内网ip地址(1.1-1.8这8个ip地址)
#
#
nat address-group 1 12.1.1.10 12.1.1.18 配置nat转换用的公网地址池1,地址范围12.1.1.10~12.1.1.18
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat outbound 2000 address-group 1 no-pat 在接口出方向上使用动态NAT,不做PAT端口复用
#
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
三、端口多路复用PAT配置
AR1上的配置
#
acl number 2000 使用acl匹配所有ip流量
rule 1 permit
#
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat outbound 2000 在出接口上使用PAT端口复用
#
或者可以使用loopback接口(将公网ip配置在loopback接口上)来做PAT接口ip地址,这样当物理接口ip地址没有了也不会影响NAT,提高稳定性:
[Huawei-GigabitEthernet0/0/2]nat outbound 2000 interface loopback 0
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
验证可以使用PC2去ping模拟internet的AR2的接口ip:12.1.1.2
PC>ping 12.1.1.2
Ping 12.1.1.2: 32 data bytes, Press Ctrl_C to break
From 12.1.1.2: bytes=32 seq=1 ttl=254 time=47 ms
From 12.1.1.2: bytes=32 seq=2 ttl=254 time=32 ms
From 12.1.1.2: bytes=32 seq=3 ttl=254 time=16 ms
From 12.1.1.2: bytes=32 seq=4 ttl=254 time=31 ms
From 12.1.1.2: bytes=32 seq=5 ttl=254 time=15 ms
--- 12.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/28/47 ms
PC>
四、NAT发布内网服务器到公网,供公网用户访问。
AR1上配置
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
nat server global 12.1.1.100 inside 192.168.1.10 发布内网PC服务器到公网,将192.168.1.10发布到公网使用ip地址12.1.1.100
#
AR2上配置
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
nat static enable
#
测试,使用internet上的AR2来ping发布的PC的外网ip地址12.1.1.100
[Huawei]ping 12.1.1.100
PING 12.1.1.100: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.100: bytes=56 Sequence=1 ttl=127 time=70 ms
Reply from 12.1.1.100: bytes=56 Sequence=2 ttl=127 time=60 ms
Reply from 12.1.1.100: bytes=56 Sequence=3 ttl=127 time=60 ms
Reply from 12.1.1.100: bytes=56 Sequence=4 ttl=127 time=50 ms
Reply from 12.1.1.100: bytes=56 Sequence=5 ttl=127 time=50 ms
--- 12.1.1.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/58/70 ms
[Huawei]
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 