路由器模拟防火墙进行双向NAT
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
拓扑图
拓扑描述
路由器R1
F1/0接口IP:12.12.12.12/24
Loopback0接口IP:1.1.1. 1/32
路由:ip route 0.0.0.0 0.0.0.0 12.12.12.21 路由器R2
F1/0接口IP:12.12.12.21/24
F1/1接口IP:23.23.23.23/24
Loopback0接口IP:2.2.2.2/32
路由:
ip route 1.1.1.1 255.255.255.255 12.12.12.12 ip route 3.3.3.3 255.255.255.255 23.23.23.32
路由器R3
F1/0接口IP:23.23.23.32/24
Loopback0接口IP:3.3.3.3/32
路由:ip route 0.0.0.0 0.0.0.0 23.23.23.23
功能需求
1、1.1.1.1访问3.3.3.3时,将目的地址3.3.3.3翻译成33.33.33.33,同时将源地址1.1.1.1翻译成11.11.11.11。
2、3.3.3.3方位1.1.1.1时,将目的地址1.1.1.1翻译成11.11.11.11,同时将源地址3.3.3.3翻译成33.33.33.33。
3、所有地址转换在路由器R2上实现。
脚本分析
interface FastEthernet1/0
ip address 12.12.12.21 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
interface FastEthernet1/1
ip address 23.23.23.23 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex full
speed auto
ip nat inside source static 1.1.1.1 11.11.11.11
ip nat outside source static 3.3.3.3 33.33.33.33
ip route 33.33.33.33 255.255.255.255 23.23.23.32//注意该路由必须添加,否则不通。
验证
路由器R1
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 12.12.12.12 YES NVRAM up up Loopback0 1.1.1.1 YES NVRAM up up
R1#ping 3.3.3.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/49/92 ms
R1#ping 33.33.33.33 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/50/76 ms
R1#telnet 33.33.33.33 /source-interface loopback 0
Trying 33.33.33.33 ... Open
User Access Verification
Password:
R3>成功登陆
在R3上验证
R3# who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 00:00:2
3 11.11.11.11
Interface User Mode Idle Peer Address
路由器R3
R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 23.23.23.32 YES NVRAM up up Loopback0 3.3.3.3 YES NVRAM up up
R3#ping 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/76/124 ms
R3#ping 11.11.11.11 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/55/108 ms
R3#telnet 11.11.11.11 /source-interface loopback 0
Trying 11.11.11.11 ... Open
User Access Verification
Password:
Password:
R1>登陆成功
在R1上验证
R1#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 00:01:16 33.33.33.33
Interface User Mode Idle Peer Address