H3C官方模拟器H3C Cloud Lab实验二十四:网络地址转换NAT拓扑一、实验要求1、理解网络地址转换的概念、作用及分类；2、熟练掌握几种常见的网络地址转换（Static NAT、Basic NAT、NAPT、Easy IP）；3、掌握NAT Server的应用场合及配置方法；二、网络测试，内网计算机无法访问外网三、几种NAT配置方法1、Static NAT/静态地址转换内外地址绑定 II静态地址转换内外地址绑定在RT中作如下配置：fRTnat static outbound 172.16.1.1 198.1.1.101 RTJnat static outbound 172.16.1.2 198.1.1.102LRTjintsl/ORT-Serial l/0nat static enable/!接口开启 nat static 功能RT-Seriall/Oquit用 pclpingl98.1.1.2 测试，连通！RTjdis nat staticII查看静态地址转换信息Static NAT mappings:Totally 2 outbound static NAT mappings.IP-to-IP:Local IP : 172.16.1.1 Global IP : 198.1.1.101Config status: ActiveIP-to-IP:Local IP : 172.16.1.2 Global IP : 198.1.1.102 Config status: ActiveInterfaces enabled with static NAT:Totally 1 interfaces enabled with static NAT. Interface: Serial 1/0Config status: ActiveRTJdis nat session verbose Slot 0:Initiator:/查看转换会话详细信息Source IP/port: 172.16.1.1 /49920Destination IP/port: 198.1.1.2/2048DS-Lite tunnel peer: -VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: GigabitEthernetO/O Responder:Source IP/port: 198.1.1.2/49920Destination IP/port: 198.1.1.101/0DS-Lite tunnel peer:-VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: Serial 1/0 State: ICMPREPLY Application: OTHER Start time: 2015-05-26 10:38:04 TTL: 4s Initiator-Responder:0 packets0 bytesResponder-Initiator:0 packets0 bytesTotal sessions found: 1 RT2、Basic NAT在RT中先清除静态NAT配置： RTJundo nat static outbound 172.16.1.1 RTundo nat static outbound 172.16.1.2/删除nat绑定 /删除nat绑定RTintsI/0RT-Serial 1/01 undo nat static enableII关闭nat static使會旨RT-Seriall/0/创建允许转换的地址范，作如下配置： fRTlacl basic 2000RT-acl-ipv4-basic-2000rule permit source 172.16.1.0 0.0.0.255RT-acl-ipv4-basic-2000quitRTjnat address-group 0II创建外部地址池，将动态分配给内网主机使用RT-address-group-0 address 198.1.1.11 198.1.1.20RT-address-group-0quitRTlintsl/O RT-Seriall/Onat outbound ?INTEGER Use an ACL to specify the addresses to be translatedaddress-groupds-lite-b4port-block-groupport-preservedSpecify a NAT address groupConfigure NAT for DS-Lite B4Specify a NAT port block groupAttempt to preserve the original source port number during PATvpn-instanceSpecify a VPN instanceRT-Seriall/0nat outbound 2000 address-group 0 ? no-patDisable Port Address Translation (PAT)port-preserved Attempt to preserve the original source port number during PAT vpn-instance Specify a VPN instanceRT-Serial l/0nat outbound 2000 address-group 0 no-pat /在端口上设置 nat用 pclpingl98.1.1.2 测试，连通！RTdis nat session verbose II查看nat 会话详细信息 Slot 0:Initiator:Source IP/port: 172.16.1.1 /50688 Destination IP/port: 198.1.1.2/2048 DS-Lite tunnel peer: -VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: GigabitEthernet0/0 Responder:Source IP/port: 198.1.1.2/50688 Destination IP/port: 198.1.1.11/0 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: Serial 1/0State: ICMP_REPLYApplication: OTHERStart time: 2015-05-26 10:56:06Initiator-Responder:Responder-Initiator:TTL: 19s0 packets0 bytes0 packets0 bytesTotal sessions found: 1 RT3、NAPT在RT中先清除Basic NAT配置：RTintsl/0RT-Serial 1/0undo nat outbound 2000/删除 nat 绑定RT-Seriall/0quitRTundo nat address-group 0/删除nat地址池,注意没有删除允许转换的内网地址作如下配置:RTJnat address-gro叩0!/重新创建外部地址池，注意地址数量RT-address-group-0 add 198.1.1.6 198.1.1.6 fRT-address-group-0quitRTintsl/0RT-Seriall/0nat outbound 2000 address-group 0 /注意与上例的区别 RT-Seriall/0分别用pci、pc2 pingl98.1.1.2测试，均连通!RTJdis nat session verboseSlot 0:Initiator:Source IP/port: 172.16.1.2/46592 Destination IP/port: 198.1.1.2/2048 DS-Lite tunnel peer:- VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: GigabitEthernetO/O Responder:Source IP/port: 198.1.1.2/3 Destination IP/port: 198.1.1.6/0 DS-Lite tunnel peer: - VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: Serial 1/0 State: ICMP一REPLY Application: OTHERStart time: 2015-05-26 11:12:50 TTL: 26sInitiator-Responder:0 packets0 bytesResponder-Initiator:0 packets0 bytesInitiator:Source IP/port: 172.16.1.1/51712Destination IP/port: 198.1.1.2/2048DS-Lite tunnel peer: -VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: GigabitEthernet0/0 Responder:Source TP/port: 198.1.1.2/2Destination IP/port: 198.1.1.6/0DS-Lite tunnel peer:-VPN instance/VLAN ID/VLL ID:Protocol: ICMP(l)Inbound interface: Serial 1/0 State: ICMP一REPLY Application: OTHERStart time: 2015-05-26 11:12:39 TTL: 15sInitiator-Responder:0 packets0 bytesResponder-Initiator:0 packets0 bytesTotal sessions found: 2从上面红色的两条转换会话可以看出，pci、pc2均转换为198.1.1.6地址。4、