- 论坛徽章:
- 0
|
NAT配置
一.使用ACL做NAT决策
ip nat pool trusted_pool 192.168.2.1 192.168.2.254 prefix-lenght 24
ip nat pool untrusted_pool 192.168.3.1 192.168.3.254 prefix-lenght 24
ip nat inside source list 102 pool trusted_pool
ip nat inside source list 103 pool untrusted_pool
int e0
ip addr 10.1.1.1 255.255.0.0
ip nat inside
no sh
exit
int serial 0
ip addr 172.16.2.1 255.255.255.0
ip nat outside
no sh
exit
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 permit ip 10.1.1.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 103 permit ip 10.1.1.0 0.0.0.255 any
使用路由映射表配置NAT
ip nat pool sales_pool 192.168.2.1 192.168.2.254 prefix-lenght 24
ip nat pool acct_pool 192.168.3.1 192.168.3.254 prefix-lenght 24
ip nat inside source route-map what_is_sales_doing pool sales_pool
ip nat inside source route-map what_is_acct_doing pool acct_pool
iint e0
ip addr 10.1.1.1 255.255.0.0
ip nat inside
no sh
exit
int s0
ip addr 192.16.2.1 255.255.255.0
ip nat outside
no sh
exit
route-map what_is_sales_doing permit 10
match ip address 2
route-map what_is_acct_doing permit 10
match ip address 3
access-list 2 permit 10.1.2.0 0.0.0.255
access-list 3 permit 10.1.3.0 0.0.0.255
验证:
sh ip nat translations
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/14201/showart_182594.html |
|
免费注册
发表于 2006-10-11 10:42