Cisco NAT
From HackerNet
Revision as of 09:18, 25 April 2016 by Helikopter (talk | contribs)
Contents
Overload
access-list 10 permit [ip-address] [wildcard-mask] ip nat inside source list 10 interface [outside-interface] overload
Verify
show ip nat translations
Static NAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
NAT
ip nat inside source static 192.168.0.20 10.10.10.20
Verify
show ip nat translations
Dynamic NAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
NAT
ip access-list standard CLIENT-LIST permit 192.168.0.0 0.0.0.15 ip nat pool DYNAMIC 10.10.10.15 10.10.10.19 prefix-length 29 ip nat inside source list CLIENT-LIST pool DYNAMIC
Verify
show ip nat translations
Static PAT
interface Gi0/1 ip address 10.10.10.10 255.255.255.0 ip nat outside interface Gi0/2 ip address 192.168.0.1 255.255.255.0 ip nat inside
PAT
ip nat inside source static tcp 192.168.0.55 80 10.10.10.10 80
Verify
show ip nat translations
Static NAT and IP Aliasing
Utan alias besvaras inte ARP-förfrågningar för den IP-adressen.
ip nat inside source static 192.168.0.20 10.10.10.20 no-alias
Verify
show ip alias
Static Policy NAT
Route Maps
Overlapping Subnets
Antingen får man NATa på båda sidorna eller bara ena.
TCP Load Distribution
HSRP
Primary/Backup
NVI
Default Interface
Reversible NAT
Static Extendable NAT
Verify
show ip alias | i dynamic show ip nat statistics show ip snat distributed show ip snat distributed verbose
Kolla om NAT funkar
telnet 1.1.1.1 /source lo0 who
Debug
debug ip nat
