天天看点
返回

PAT配置

PAT配置

2007-11-23 17:13

PAT配置

PAT 是把内部地址映射到外部网络的IP地址的不同端口上,实现一对多

对于节省IP地址是最为有效的

注意 与动态NAT的比较

PAT步骤三步走:

一、定义NAT映射地址池

二、配置成PAT:ip nat inside source list 1 pool "nat" ouerload

三、设置内部允许出去的访问列表

四、指定进口和出接口

问题:

PAT命令的标准格式?

访问列表的作用?不设定访问列表会如何?

R1(config)#int f1/0

R1(config-if)#ip add 192.168.1.254 255.255.255.0

R1(config-if)#no sh

R1(config-if)#int s2/0

R1(config-if)#ip add 202.96.1.1 255.255.255.0

R1(config-if)#exit

R1(config)#

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#no au

R1(config-router)#net 202.96.1.0

R1(config-router)#exit

R1(config)#exit

R1#

R1#conf t

R1(config)#ip nat pool na 202.96.1.3 202.96.1.100 netmask 255.255.255.0

R1(config)#ip nat inside source list 1 pool na overload

R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255

R1(config-if)#ip nat inside

R1(config-if)#ip nat outside

R1#debug ip nat

IP NAT debugging is on

*Nov 23 16:46:02.327: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [15]

*Nov 23 16:46:02.419: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [15]

*Nov 23 16:46:02.483: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [16]

*Nov 23 16:46:02.515: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [16]

*Nov 23 16:46:02.547: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [17]

*Nov 23 16:46:02.575: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [17]

*Nov 23 16:46:02.607: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [18]

*Nov 23 16:46:02.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [18]

*Nov 23 16:46:02.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [19]

*Nov 23 16:46:02.731: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [19]

*Nov 23 16:46:13.719: NAT: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [5]

*Nov 23 16:46:13.811: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [5]

*Nov 23 16:46:13.871: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [6]

*Nov 23 16:46:13.927: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [6]

*Nov 23 16:46:13.983: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [7]

*Nov 23 16:46:14.015: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [7]

*Nov 23 16:46:14.039: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [8]

*Nov 23 16:46:14.075: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [8]

*Nov 23 16:46:14.111: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [9]

*Nov 23 16:46:14.139: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [9]

*Nov 23 16:46:43.623: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 2 (2)

*Nov 23 16:47:02.731: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 3 (3)

*Nov 23 16:47:14.139: NAT: expiring 202.96.1.3 (192.168.1.2) icmp 1 (1)

R1#sh ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

icmp 202.96.1.3:4      192.168.1.1:4      2.2.2.2:4          2.2.2.2:4

*Nov 23 16:47:59.403: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [20]

*Nov 23 16:47:59.459: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [20]

*Nov 23 16:47:59.531: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [21]

*Nov 23 16:47:59.563: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [21]

*Nov 23 16:47:59.575: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [22]

*Nov 23 16:47:59.623: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [22]

*Nov 23 16:47:59.639: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [23]

*Nov 23 16:47:59.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [23]

*Nov 23 16:47:59.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [24]

*Nov 23 16:47:59.719: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [24]

icmp 202.96.1.3:2      192.168.1.2:2      2.2.2.2:2          2.2.2.2:2

*Nov 23 16:48:43.655: NAT: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [10]

*Nov 23 16:48:43.711: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [10]

*Nov 23 16:48:43.775: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [11]

*Nov 23 16:48:43.795: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [11]

*Nov 23 16:48:43.827: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [12]

*Nov 23 16:48:43.855: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [12]

*Nov 23 16:48:43.891: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [13]

*Nov 23 16:48:43.919: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [13]

*Nov 23 16:48:43.983: NAT*: s=192.168.1.2->202.96.1.3, d=2.2.2.2 [14]

*Nov 23 16:48:44.015: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.2 [14]

icmp 202.96.1.3:5      192.168.1.1:5      2.2.2.2:5          2.2.2.2:5

*Nov 23 16:48:55.531: NAT: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [25]

*Nov 23 16:48:55.587: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [25]

*Nov 23 16:48:55.655: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [26]

*Nov 23 16:48:55.671: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [26]

*Nov 23 16:48:55.703: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [27]

*Nov 23 16:48:55.715: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [27]

*Nov 23 16:48:55.743: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [28]

*Nov 23 16:48:55.775: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [28]

*Nov 23 16:48:55.807: NAT*: s=192.168.1.1->202.96.1.3, d=2.2.2.2 [29]

*Nov 23 16:48:55.843: NAT*: s=2.2.2.2, d=202.96.1.3->192.168.1.1 [29]

*Nov 23 16:48:59.719: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 4 (4)

R1#sh ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 2 extended)

Outside interfaces:

Serial2/0

Inside interfaces:

FastEthernet1/0

Hits: 54 Misses: 6

Expired translations: 4

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 pool na refcount 2

pool na: netmask 255.255.255.0

        start 202.96.1.3 end 202.96.1.100

        type generic, total addresses 98, allocated 1 (1%), misses 0

R1#sh ip nat tran

R1#sh ip nat translations ver

R1#sh ip nat translations verbose

    create 00:00:51, use 00:00:51, left 00:00:08, Map-Id(In): 1,

    flags:

extended, use_count: 0

    create 00:00:39, use 00:00:39, left 00:00:20, Map-Id(In): 1,

*Nov 23 16:49:44.015: NAT: expiring 202.96.1.3 (192.168.1.2) icmp 2 (2)

*Nov 23 16:49:55.843: NAT: expiring 202.96.1.3 (192.168.1.1) icmp 5 (5)
职场 PAT 休闲
上一篇: Pat 1020
下一篇: PAT trie

继续阅读