NA -NAT地址转换问题

renguiqing

想问下前辈们关于TK16中
2 t9 [# @5 c, h! |/ ~
bomar路由器s0/0配置的是192.0.2.113  ISP是192.0.2.114。
0 @: L- ~7 D9 A  Q6 wNAT地址转换是把192.168.16.32-46网段转换成198.18.237.225-230网段。
那么私有地址在传送到bomar路由器时，将被转换成198.18.237.225-30
问题是198.18.237.225这个网段怎么能ping通ISP的192.0.2.114？

" g0 L- y$ b1 l
困惑已久，请指点。在线等

q123571963

我给你配置清单你看吧RouterA#show running-config
!
hostname RouterA
# K2 U  p" h' A$ j) X8 `8 l!
/ I. S% k7 D* h. Z' K9 E" P+ ano ip domain-lookup
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
serial restart-delay 0
1 }4 q5 ^2 k: u. W! X clock rate 64000
" ?. S4 g! b. f+ O8 j0 {+ i!
interface FastEthernet1/0
  Z  A% b* B) r) v( Q ip address 10.1.1.1 255.255.255.0
% D0 m, D0 @+ U$ P4 N ip nat inside
speed 100
% v5 c' q) d( R$ X! O& N: L4 G full-duplex
  l  t% r, `: n!
7 _* N5 |6 i6 ^' z6 a0 j; |, Uip nat inside source static 10.1.1.2 192.168.1.10
2 x: {  ^. {- R9 Cip nat inside source static 10.1.1.3 192.168.1.11
+ G, h% Q" r$ \$ B/ {ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip http server
!
5 X5 A$ `* P9 \/ V/ z* g!
. J" n- u: D1 _  L5 G' w1 Yline con 0
line aux 0
7 i* C4 `; M& Nline vty 0 4
, c3 }2 F" }' |!
  T1 \* s, M8 k7 U+ y8 B) bend
0 N+ E! U9 f7 o3 p) }% B$ V



! l' G7 A) B  _6 J7 X0 j- g! X) N
! [* ^6 p. l( f1 P# N+ b) n; y( G! o7 bRouterB#show running-config
!
5 O0 Y$ f# V$ u, T9 K1 e4 hhostname RouterB
: k: m" X5 e6 M!
no ip domain-lookup
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
ip nat outside
serial restart-delay 0
!
7 U/ N) d% x( i8 ]interface FastEthernet1/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
7 W+ _: X) X6 W, Y% d speed 100
full-duplex
% p" O2 p5 Z- m2 \( g' g!
ip nat inside source static 172.16.1.2 192.168.1.20
ip nat inside source static 172.16.1.3 192.168.1.21
ip classless
# i) k0 h6 n% x- }: W8 Sip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
# v1 e  A( C( f. ^+ R, j+ t% i2 {!
!
9 i7 u% o- f+ T: N6 i  z- g$ B' g% Mline con 0
line aux 0
line vty 0 4
+ r9 I" {$ Z$ f8 ?" K7 F!
end


, h3 [+ ^; c9 ^& C: i  c

PC1#show running-config
!
hostname PC1
6 K/ t- ~2 k- U( r5 _4 d9 ]2 F& r- u!
. d9 {' z$ X. Eno ip routing
# v1 B5 o# P$ a+ o# }!
& Z7 I+ F! q4 L! y+ vno ip domain-lookup
9 q7 R( Y" _* j3 a  x: [!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
" t: k- F( Z! L no ip route-cache
speed 100
full-duplex
!
ip default-gateway 10.1.1.1
+ X" O. p% ~. t0 Pip classless
ip http server
( k3 A% L6 B  b!
% B, Z0 j5 ?" L. D( o6 `!
line con 0
line aux 0
line vty 0 4
$ X) l" j+ a2 C1 u2 j: z) k!
2 @% F" L2 b) I1 ]end
/ h5 N9 n* A/ z

: |% V6 k. N- Z! D) Q
PC2#show running-config
!
hostname PC2
!
no ip routing
7 _) H$ U; O: m6 D!
no ip domain-lookup
!
) `7 t2 Q" Y8 P$ q& W& x; einterface FastEthernet0/0
; h' o+ p/ ?# R4 o! J# I$ C ip address 10.1.1.3 255.255.255.0
1 ?3 t4 k% S, e: P% c( g no ip route-cache
7 {! d' K5 z. u. l& H: U6 b speed 100
full-duplex
!
ip default-gateway 10.1.1.1
ip classless
/ R; i4 h. n( S% w. jip http server
!
2 R7 j" g$ N7 ~!
3 `2 y6 E; z( `2 U. Jline con 0
line aux 0
line vty 0 4
8 G" e0 M) d  d- Z2 u% g!
end
; ~3 |3 d4 Q0 w3 Q0 }2 D; K
6 ]+ W2 i) [3 A2 \" Z' b* e2 E
PC3#show ru
!
$ ~8 j2 F. B& z5 F# Dhostname Router
!
no ip routing
6 O+ i5 |% M0 f( L) g) S+ S!
3 N, R+ M% N5 O! Q- {& r# {no ip domain-lookup
+ H- b! z" _0 {! R6 X# B3 d!
9 t. M1 u* E/ [" R5 i& `interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
0 o  S/ T) }( v1 i, ~ no ip route-cache
speed 100
full-duplex
!
ip default-gateway 172.16.1.1
# n: j: L% S* z( e! uip classless
ip http server
!
  Z# F' |5 I/ L: B* K6 y; W0 a- d!
; Y3 N. r# t* r3 U: }% a+ Sline con 0
line aux 0
line vty 0 4
!
- P. r# y" j7 r- E0 t" ?end
3 t& b# E' b$ j% G2 `) M
7 A( ?& H  O: {' u5 o* T3 N. x
; z# G: _# d3 N* b8 C. X$ b* f

PC4#show running-config
- \7 u4 i. P, A3 Q!
hostname PC4
!
no ip routing
0 K5 O0 `* T" m, Y) r! @! w2 m!
1 y: |/ @( X* |, j1 eno ip domain-lookup
8 T+ s; Q; F' O+ r& ]!
interface FastEthernet0/0
1 j( Y) [/ Z% A- B  }  i9 f( @ ip address 172.16.1.3 255.255.255.0
no ip route-cache
& A6 ^6 L! ?9 h" ?$ o, ?5 h! S1 H speed 100
full-duplex
!
2 i& N) q. b' H) ^0 Y6 U! Fip classless
ip http server
% I/ q) f7 h9 k- W!
, U' Q* ]! u- X" E$ `* T!
line con 0
line aux 0
line vty 0 4
9 x1 X9 x0 i" q!
end

- V! b- G: A$ J- E7 {: O- W! f
& T* G' x& Q  {  F. J
7 W% B% S! d3 k' J9 B0 k. |SwitchA#show running-config
!
hostname SwitchA
% S* u0 }$ x9 t0 g; Z# `  [!
no ip routing
  h- f% z& X2 d3 i!
4 l7 Q* l0 S% O3 |/ [, x3 p' \interface FastEthernet0/0
duplex full
: h% U! o# R( A% k- N& f4 D; E! |8 L3 ^ speed 100
!
) s3 T8 d  {, z# N7 U, O$ ^interface FastEthernet0/1
duplex full
8 E) d4 x$ ?" h1 X7 p speed 100
7 o6 Q, m1 u# n0 j0 o8 j!
interface FastEthernet0/2
* y1 V! @* Z: H' d$ \8 C duplex full
. l+ W3 n% G9 M; U4 z9 J7 H speed 100

end



" s: O( Q5 X+ \/ xSwitchB#show running-config
Building configuration...
( q4 Y' ~2 C( {6 _!
  T8 Y. @8 N3 O1 T, a; J( ^hostname SwitchB
!
no ip routing
!
interface FastEthernet0/0
3 T- U( ]$ ^, D- W! D, ? duplex full
' v. D9 A$ n  E( A. Z- q: S+ j3 o speed 100
8 r; M8 }8 o, P9 U!
interface FastEthernet0/1
, L7 s3 ?+ d  i6 x; ?5 k" i# N duplex full
speed 100
) b* p2 L2 W5 T* V/ b3 h5 F!
6 {( r( z6 V* x: d% u- Zinterface FastEthernet0/2
! y  B/ ]- _6 S3 \ duplex full
speed 100
!
1 W1 h1 w4 A2 x* r* I$ eend
) X' W& N4 e" j/ w. |" `& f
DEBUG调试结果
" o# c. ?1 d, \+ tRouterA#debug ip nat detailed
9 \  G, w9 }9 KIP NAT detailed debugging is on
' r6 h  e7 |3 O6 ^RouterA#
- i9 u7 @/ v- M" x9 b00:20:48: NAT*: i: icmp (10.1.1.2, 8) -> (172.16.1.3, 8) [40]
- A; I( ?" o) m5 H7 W$ W00:20:48: NAT*: s=10.1.1.2->192.168.1.10, d=172.16.1.3 [40]
00:20:49: NAT*: o: icmp (192.168.1.21, 8) -> (192.168.1.10, 8) [40]
0 T+ x6 Z( |# R0 M- `# a00:20:49: NAT*: s=192.168.1.21, d=192.168.1.10->10.1.1.2 [40]
+ j8 t1 y* u$ }( c. j3 K00:20:49: NAT*: i: icmp (10.1.1.2, 8) -> (172.16.1.3, 8) [41]
00:20:49: NAT*: s=10.1.1.2->192.168.1.10, d=172.16.1.3 [41]
3 k3 f4 T; }9 }/ _00:20:49: NAT*: o: icmp (192.168.1.21, 8) -> (192.168.1.10, 8) [41]
00:20:49: NAT*: s=192.168.1.21, d=192.168.1.10->10.1.1.2 [41]
  R0 t# d% w  N5 A& G% ^( d00:20:49: NAT*: i: icmp (10.1.1.2, 8) -> (172.16.1.3, 8) [42]
* A) ]7 U) U& r* t2 q% j7 R00:20:49: NAT*: s=10.1.1.2->192.168.1.10, d=172.16.1.3 [42]
00:20:50: NAT*: o: icmp (192.168.1.21, 8) -> (192.168.1.10, 8) [42]
00:20:50: NAT*: s=192.168.1.21, d=192.168.1.10->10.1.1.2 [42]
00:20:50: NAT*: i: icmp (10.1.1.2, 8) -> (172.16.1.3, 8) [43]
" f% C7 O- x* d+ N2 t! O00:20:50: NAT*: s=10.1.1.2->192.168.1.10, d=172.16.1.3 [43]
' X' C& _" Z/ u6 x4 z6 a00:20:50: NAT*: o: icmp (192.168.1.21, 8) -> (192.168.1.10, 8) [43]
00:20:50: NAT*: s=192.168.1.21, d=192.168.1.10->10.1.1.2 [43]
00:20:51: NAT*: i: icmp (10.1.1.2, 8) -> (172.16.1.3, 8) [44]
& X9 o0 I4 I2 R00:20:51: NAT*: s=10.1.1.2->192.168.1.10, d=172.16.1.3 [44]
00:20:51: NAT*: o: icmp (192.168.1.21, 8) -> (192.168.1.10, 8) [44]
00:20:51: NAT*: s=192.168.1.21, d=192.168.1.10->10.1.1.2 [44]
2 x9 O% W' Y$ t: U* R4 `
  Y  T3 N4 @: f9 u

RouterB#
00:20:54: NAT*: i: icmp (172.16.1.3, 8) -> (192.168.1.10, 8) [40]
9 N" _; W. s" e# K00:20:54: NAT*: s=172.16.1.3->192.168.1.21, d=192.168.1.10 [40]
00:20:54: NAT*: i: icmp (172.16.1.3, 8) -> (192.168.1.10, 8) [41]
00:20:54: NAT*: s=172.16.1.3->192.168.1.21, d=192.168.1.10 [41]
0 V8 q$ I+ t/ ^8 A" ?* ?* c00:20:55: NAT*: i: icmp (172.16.1.3, 8) -> (192.168.1.10, 8) [42]
3 g! N0 N  u, r4 n. r! h' l5 ]00:20:55: NAT*: s=172.16.1.3->192.168.1.21, d=192.168.1.10 [42]
00:20:56: NAT*: i: icmp (172.16.1.3, 8) -> (192.168.1.10, 8) [43]
4 Z! T/ H5 [% i00:20:56: NAT*: s=172.16.1.3->192.168.1.21, d=192.168.1.10 [43]
00:20:56: NAT*: i: icmp (172.16.1.3, 8) -> (192.168.1.10, 8) [44]
00:20:56: NAT*: s=172.16.1.3->192.168.1.21, d=192.168.1.10 [44]

你看了就明白了

xcvd

  

delwei

我爱鸿鹄论坛。