CCNA培训课总结笔记--NAT转换实验(十二)

实验目的

理解 NAT 地址转换的原理 , 熟悉 NAT 地址转换的配置命令及过程 . 理解 NAT 转换在节省 IP 地址资源方面的强大作用 , 理解 NAT 地址转换过程中是如何将内部地址转换为外部地址的 .

实验拓扑图

一、静态NAT

实验内容 :

原理是先在 R1 上建立两个环回接口 loopback 0 、loopback1,为每一个loopback口分配一个IP地址,用来模拟2台内部的PC机.R1的S1/0看成外网的接口,而R2即当作是外部的某台服务器.若PC要想与R2通信的话,只能利用NAT来将内部的IP地址转换成R1上的S1/0口的地址来实现.

路由器上的配置

R1 上的配置

Router>en

Router#conf t

粘贴上基本的路由配置命令

Router(config)#enable password cisco

Router(config)#no ip domain-lookup

Router(config)#line con 0

Router(config-line)# exec-timeout 0 0

Router(config-line)# logging synchronous

Router(config-line)#

Router(config-line)#line aux 0

Router(config-line)# exec-timeout 0 0

Router(config-line)# logging synchronous

Router(config-line)#line vty 0 4

Router(config-line)#

Router(config-line)#

Router(config-line)# exec-timeout 0 0

Router(config-line)# password cisco

Router(config-line)#

Router(config-line)# login

Router(config-line)#

Router(config-line)#

Router(config-line)#alias exec a sh ip int bri

Router(config)#alias exec b sh ip route

Router(config)#alias exec c sh ip route rip

Router(config)#alias exec d sh run

配置好名称 , 接口和逻辑接口的 IP 地址

Router(config)#host R1

R1(config)#int loopback0

R1(config-if)#ip add 10.1.1 .1 255.255.255.0

R1(config-if)#int loopback1

R1(config-if)#ip add 10.1.2 .1 255.255.255.0

R1(config-if)#int s1/0

R1(config-if)#ip add 202.192.4.6 255.255.255.0 

R1(config-if)#clock rate 64000

R1(config-if)#no shut

R2 上的配置

粘贴命令省略掉

Router(config)#host R2

R2(config)#int s1/1

R2(config-if)#ip add 202.192.4.5 255.255.255.0

R2(config-if)#no shut

好了 , 现在从 R1 用扩展的 ping 以 10.1.1 . 1 、10.1.2.1为源地址以202.192.4.5为目的地址验证一下

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.1 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.1 .1

.....

Success rate is 0 percent (0/5)

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.2 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.2 .1

.....

Success rate is 0 percent (0/5)

明显是不能通的 , 因为内部地址无法直接与外部地址通信 . 那就让我们用下 NAT 来进行转换看下 .

在 R1 的 S1/0 上启用 NAT 静态转换

R1(config)#int s1/0

R1(config-if)#int loopback0

R1(config-if)#ip nat inside

R1(config-if)#exit

R1(config)#int loop1

R1(config-if)#ip nat inside

R1(config-if)#exit

R1(config)#int s1/0

R1(config-if)#ip nat outside

R1(config-if)#exit

R1(config)#ip nat inside source static 10.1.1 .1 202.192.4.6  ( 将内部的 loop0 地址静态的一对一转换为 202.192.4.6)

R1(config)#ip nat inside source static 10.1.2 .1 202.192.4.7  ( 将内部的 loop1 地址静态的一对一转换为 202.192.4.7)

好了 , 现在用内部的逻辑地址扩展 pingR2 的目的为 202.192.4.5 地址

R1#debug ip nat  ( 开放 debug 进行发送 ping) 包时抓包转换测试 )

IP NAT debugging is on

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.1 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.1 .1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/96 ms

R1#

*Mar  1 00:11:13.227: NAT: s= 10.1.1 .1->202.192.4.6, d=202.192.4.5 [10]

( 这里很清楚地看到逻辑的源地址已经进行了转换 , 将转换后的地址与目的地址通信 )

*Mar  1 00:11:13.319: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [10]

*Mar  1 00:11:13.319: NAT: s= 10.1.1 .1->202.192.4.6, d=202.192.4.5 [11]

*Mar  1 00:11:13.415: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [11]

*Mar  1 00:11:13.415: NAT: s= 10.1.1 .1->202.192.4.6, d=202.192.4.5 [12]

*Mar  1 00:11:13.463: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [12]

*Mar  1 00:11:13.463: NAT: s= 10.1.1 .1->202.192.4.6, d=202.192.4.5 [13]

*Mar  1 00:11:13.535: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [13]

*Mar  1 00:11:13.535: NAT: s= 10.1.1 .1->202.192.4.6, d=202.192.4.5 [14]

R1#

*Mar  1 00:11:13.607: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [14]

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.2 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.2 .1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/76/96 ms

R1#

*Mar  1 00:13:47.739: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [15]

*Mar  1 00:13:47.807: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [15]

*Mar  1 00:13:47.807: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [16]

*Mar  1 00:13:47.879: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [16]

*Mar  1 00:13:47.879: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [17]

*Mar  1 00:13:47.975: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [17]

*Mar  1 00:13:47.975: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [18]

*Mar  1 00:13:48.047: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [18]

*Mar  1 00:13:48.047: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [19]

R1#

*Mar  1 00:13:48.119: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [19]

经过 ping 的结果可以知道 , 现在内部 PC 能够和外部的服务器进行通信了 . 再加上 debug 命令调试 , 可以清楚地看到 NAT 地址转换的进行 . 静态 NAT 转换是最简单的地址转换 . 如果有大量的地址转换的话要根据地址一对一地去转换 , 输入命令很多 , 配置起来很麻烦 .

二、动态NAT

首先给 R1 的 loopback0 定义多个逻辑地址来模仿多个 PC 机

R1(config)#int loop0

R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#ip add 192.168.1.2 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.3 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.4 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.5 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.6 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.7 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.8 255.255.255.0 secondary

R1(config-if)#ip add 192.168.1.9 255.255.255.0 secondary

接下来定义外部转换的地址池

R1(config)#ip nat pool outpool 202.192.4.6 202.192.4.7 netmask 255.255.255.0 ( 定义一个转换地址池名称为 outpool, 内部地址转换后的地址都是从这个 outpool 里面的地址的 )

R1(config)#access-list 10 permit host 192.168.1.1 ( 这里即是定义内部转换的地址 )

R1(config)#access-list 10 permit host 10.1.2 .1   

R1(config)#access-list 10 permit host 192.168.1.2

R1(config)#access-list 10 permit host 192.168.1.3

R1(config)#access-list 10 permit host 192.168.1.4

定义转换

R1(config)#ip nat inside source list 10 pool outpool  ( 定义了内部地址转换要通过 access―list 10 的验证控制 , 转换后的地址即是从 outpool 里面挑选 )

好了 , 配置好动态 NAT 转换了 , 下面让我们来验证一下转换的效果如何

用扩展的 ping 以 192.168.1.1 和 10.1.1 .1 为源地址 , 以 202.192.4.5 为目的地址 , 注意观察转换效果

R1#ping      

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.1

 

*Mar  1 00:21:56.091: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [25]

*Mar  1 00:21:56.183: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [25].!

*Mar  1 00:21:58.087: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [26]

*Mar  1 00:21:58.199: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [26]

*Mar  1 00:21:58.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [27]

*Mar  1 00:21:58.295: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [27].!

*Mar  1 00:22:00.199: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [28]

*Mar  1 00:22:00.239: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [28]

*Mar  1 00:22:00.239: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [29]

*Mar  1 00:22:00.311: NAT*: s=202.192.4.5, d=202.192.4.6-> 10.1.1 .1 [29].

Success rate is 40 percent (2/5), round-trip min/avg/max = 40/76/112 ms

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.2 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.2 .1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/91/120 ms

R1#

*Mar  1 00:24:04.467: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [35]

*Mar  1 00:24:04.559: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [35]

*Mar  1 00:24:04.559: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [36]

*Mar  1 00:24:04.631: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [36]

*Mar  1 00:24:04.631: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [37]

*Mar  1 00:24:04.727: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [37]

*Mar  1 00:24:04.727: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [38]

*Mar  1 00:24:04.847: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [38]

*Mar  1 00:24:04.847: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [39]

R1#

*Mar  1 00:24:04.919: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [39]

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.3

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/76/120 ms

R1#

*Mar  1 00:27:24.771: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [65]

*Mar  1 00:27:24.815: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [65]

*Mar  1 00:27:24.815: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [66]

*Mar  1 00:27:24.887: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [66]

*Mar  1 00:27:24.887: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [67]

*Mar  1 00:27:25.007: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [67]

*Mar  1 00:27:25.007: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [68]

*Mar  1 00:27:25.079: NAT*: s=202.192.4.5, d=202.192.4.7->192.168.1.3 [68]

*Mar  1 00:27:25.079: NAT: s=192.168.1.3->202.192.4.7, d=202.192.4.5 [69]

R1#

*Mar  1 00:27:25.151: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [69]

可以看到转换的外部地址是变化着的 , 即是动态的转换 .

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.4

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.4

 

*Mar  1 00:27:37.035: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.

*Mar  1 00:27:39.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.

*Mar  1 00:27:41.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.

*Mar  1 00:27:43.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.

*Mar  1 00:27:45.031: NAT: translation failed (E), dropping packet s=192.168.1.4 d=202.192.4.5.

Success rate is 0 percent (0/5)

到这里要留意一下了 , 当用三个地址连续地 ping202.192.4.5 的时候 , 到第三个地址时提示出现在了错误 .NAT 放弃了地址的转换 . 细心的你可能发现了我们的外部转换地址只有 2 个 , 所以即使是动态转换也只能转换两个内部地址 . 如果要进行第 3 个地址转换的话 , 就只能等到前面的 2 个地址转换有一个转换停止 . 由此可看出这样的转换也有很大的局限性 . 如果想要实现多个地址去转换一个地址的话 , 就要用到新的转换方法了 , 也就下面所说的 NAT 超载转换 .

三、NAT超载转换(PAT转换)

NAT 超载的配置其实很简单 , 只需要在动态 NAT 配置命令的后面多加一个“ overload ”即可

R1(config)#ip nat inside source list 10 pool outpool overload  (overload 表示重复地选取地址池中的地址进行转换 . 其实是采用了逻辑地址的多个端口来进行映射交换 , 也就是一个被用来转换的外部地址可以取不同的端口对应内部的地址 , 这种技术称作 PAT)

现在连续地用地址 192.168.1. 1 、192.168.1.2、192.168.1.3、192.168.1.4、 10.1.2 .1扩展地去ping对端R2的S1/1(202.192.4.5),看一下能否连续地进行转换?会不会又像上面的动态NAT转换出现错误的信息?

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5 

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/100/120 ms

R1#

*Mar  1 00:10:58.127: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [15]

*Mar  1 00:10:58.243: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [15]

*Mar  1 00:10:58.243: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [16]

*Mar  1 00:10:58.339: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [16]

*Mar  1 00:10:58.339: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [17]

*Mar  1 00:10:58.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [17]

*Mar  1 00:10:58.435: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [18]

*Mar  1 00:10:58.531: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [18]

*Mar  1 00:10:58.531: NAT: s=192.168.1.1->202.192.4.6, d=202.192.4.5 [19]

R1#

*Mar  1 00:10:58.627: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.1 [19]

R1#ping

Protocol [ip]:

Target IP address:

% Bad IP address

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.2

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms

R1#

*Mar  1 00:11:12.671: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [20]

*Mar  1 00:11:12.787: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [20]

*Mar  1 00:11:12.787: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [21]

*Mar  1 00:11:12.859: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [21]

*Mar  1 00:11:12.859: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [22]

*Mar  1 00:11:12.955: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [22]

*Mar  1 00:11:12.955: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [23]

*Mar  1 00:11:13.075: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [23]

*Mar  1 00:11:13.075: NAT: s=192.168.1.2->202.192.4.6, d=202.192.4.5 [24]

R1#

*Mar  1 00:11:13.147: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.2 [24]

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.3

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/100/120 ms

R1#

*Mar  1 00:11:30.719: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [25]

*Mar  1 00:11:30.811: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [25]

*Mar  1 00:11:30.811: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [26]

*Mar  1 00:11:30.931: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [26]

*Mar  1 00:11:30.931: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [27]

*Mar  1 00:11:31.003: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [27]

*Mar  1 00:11:31.003: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [28]

*Mar  1 00:11:31.099: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [28]

*Mar  1 00:11:31.099: NAT: s=192.168.1.3->202.192.4.6, d=202.192.4.5 [29]

R1#

*Mar  1 00:11:31.219: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.3 [29]

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.4

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms

R1#

*Mar  1 00:11:40.247: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [30]

*Mar  1 00:11:40.315: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [30]

*Mar  1 00:11:40.315: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [31]

*Mar  1 00:11:40.435: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [31]

*Mar  1 00:11:40.435: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [32]

*Mar  1 00:11:40.507: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [32]

*Mar  1 00:11:40.507: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [33]

*Mar  1 00:11:40.603: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [33]

*Mar  1 00:11:40.603: NAT: s=192.168.1.4->202.192.4.6, d=202.192.4.5 [34]

R1#

*Mar  1 00:11:40.723: NAT*: s=202.192.4.5, d=202.192.4.6->192.168.1.4 [34]

R1#ping

Protocol [ip]:

Target IP address: 202.192.4.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.1.2 .1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.192.4.5, timeout is 2 seconds:

Packet sent with a source address of 10.1.2 .1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/96/120 ms

R1#

*Mar  1 00:11:49.463: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [35]

*Mar  1 00:11:49.579: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [35]

*Mar  1 00:11:49.579: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [36]

*Mar  1 00:11:49.651: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [36]

*Mar  1 00:11:49.651: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [37]

*Mar  1 00:11:49.723: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [37]

*Mar  1 00:11:49.723: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [38]

*Mar  1 00:11:49.819: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [38]

*Mar  1 00:11:49.819: NAT: s= 10.1.2 .1->202.192.4.7, d=202.192.4.5 [39]

R1#

*Mar  1 00:11:49.939: NAT*: s=202.192.4.5, d=202.192.4.7-> 10.1.2 .1 [39]

细心的你可能发现了 , 前面的三个内部地址转换都是转换成 202.192.4.6. 这就说明了它是充许将多个地址转换成外部一个地址的 . 也就是所谓的 NAT 超载转换了 . 这种 NAT 地址转换可以大大地扩展 IP 地址的数量 , 为我们节省了大量的 IP 地址 . 因此是最常用的 NAT 地址转换方法 .