cisco映射方法.docx

一、组网结构及需求某企业的网络拓扑图如下所示，路由器通过专线连接到外网，只有一个公网地址：；内网的网段是/24，内网有一台Web服务器（00）和一台Ftp服务器（01）需要同时对外网提供服务。要求在路由器上设置端口映射，把公网地址的TCP80端口映射到Web服务器服务器；TCP21端口映射到Ftp服务器。二、配置步骤和方法1、配置路由器接口地址和路由interface FastEthernet0/0 ip address ip nat inside （nat内网接口）duplex auto speed auto interface Serial0/0 description to internet ip address 52 ip nat outside （nat外网接口）encapsulation ppp ip route （默认路由指向internet) 2、配置NAT（假如内网地址不访问公网，此步骤可以不做）ip nat inside source list 1 interface Serial0/0 overload （将的地址转换为接口s1/1的地址）access-list 1 permit 55 （建立访问控制列表允许的地址做nat转换）3、配置端口映射ip nat inside source static tcp 00 80 80 extendable ip nat inside source static tcp 01 21 21 extendable 把公网地址的tcp80端口和tcp21端口分别映射到00和01服务器；因为这个地址已经应用在s0/0接口上并做了NAT转换的地址，这里必须加上extendable这个关键字，否则报错。如果用另外的外网ip比如，在这里就可以不加extendable。三、端口映射信息查询命令show ip nat translations可以查看nat转换情况，如下：Router#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp :21 00:21 :11000 :11000 tcp :80 00:80 --- --- tcp :21 00:21 --- --- tcp :80 00:80 :11001 :11001 四、路由器配置脚本Router#sh run Building configuration... Current configuration : 1148 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! memory-size iomem 15 ip subnet-zero ! call rsvp-sync ! interface FastEthernet0/0 ip address ip nat inside duplex auto speed auto ! interface Serial0/0 description to internet ip address 52 ip nat outside encapsulation ppp ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 no ip address shutdown ! ! ip nat inside source list 1 interface Serial0/0 overload ip nat inside source static tcp 00 80 80 extendable ip nat inside source static tcp 01 21 21 extendable ip classless ip route ip http server ! access-list 1 permit 55 ! dial-peer cor custom ! line con 0 line aux 0 line vty 0 4 ! end