写几个9.X 后的NAT 帮助理解记忆(只涉及NAT,不涉及ACL 或者其他哦):
1. 内网web服务器映射
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.10
2. Dynamic NAT for Inside, Static NAT for Outside Web Server
hostname(config)# object network myNatPool
hostname(config-network-object)# range 209.165.201.20 209.165.201.30
hostname(config)# object network myInsNet
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic myNatPool
hostname(config)# object network myWebServ
hostname(config-network-object)# host 209.165.201.12
hostname(config-network-object)# nat (outside,inside) static 10.1.2.20
3. 静态端口转发
hostname(config)# object network FTP_SERVER
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp ftp ftp
hostname(config)# object network HTTP_SERVER
hostname(config-network-object)# host 10.1.2.28
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp http http
hostname(config)# object network SMTP_SERVER
hostname(config-network-object)# host 10.1.2.29
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
4.Twice NAT
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config)# object network DMZnetwork1
hostname(config-network-object)# subnet 209.165.201.0 255.255.255.224
hostname(config)# object network PATaddress1
hostname(config-network-object)# host 209.165.202.129
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress1 destination static DMZnetwork1 DMZnetwork1
hostname(config)# object network DMZnetwork2
hostname(config-network-object)# subnet 209.165.200.224 255.255.255.224
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress2 destination static DMZnetwork2 DMZnetwork2
5.Twice NAT with Different Destination Ports
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config)# object network TelnetWebServer
hostname(config-network-object)# host 209.165.201.11
hostname(config)# object network PATaddress1
hostname(config-network-object)# host 209.165.202.129
hostname(config)# object service TelnetObj
hostname(config-network-object)# service tcp destination eq telnet
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress1 destination static TelnetWebServer TelnetWebServer service
TelnetObj TelnetObj
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
hostname(config)# object service HTTPObj
hostname(config-network-object)# service tcp destination eq http
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress2 destination static TelnetWebServer TelnetWebServer service HTTPObj HTTPObj
1. 内网web服务器映射
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.10
2. Dynamic NAT for Inside, Static NAT for Outside Web Server
hostname(config)# object network myNatPool
hostname(config-network-object)# range 209.165.201.20 209.165.201.30
hostname(config)# object network myInsNet
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic myNatPool
hostname(config)# object network myWebServ
hostname(config-network-object)# host 209.165.201.12
hostname(config-network-object)# nat (outside,inside) static 10.1.2.20
3. 静态端口转发
hostname(config)# object network FTP_SERVER
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp ftp ftp
hostname(config)# object network HTTP_SERVER
hostname(config-network-object)# host 10.1.2.28
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp http http
hostname(config)# object network SMTP_SERVER
hostname(config-network-object)# host 10.1.2.29
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
4.Twice NAT
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config)# object network DMZnetwork1
hostname(config-network-object)# subnet 209.165.201.0 255.255.255.224
hostname(config)# object network PATaddress1
hostname(config-network-object)# host 209.165.202.129
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress1 destination static DMZnetwork1 DMZnetwork1
hostname(config)# object network DMZnetwork2
hostname(config-network-object)# subnet 209.165.200.224 255.255.255.224
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress2 destination static DMZnetwork2 DMZnetwork2
5.Twice NAT with Different Destination Ports
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
hostname(config)# object network TelnetWebServer
hostname(config-network-object)# host 209.165.201.11
hostname(config)# object network PATaddress1
hostname(config-network-object)# host 209.165.202.129
hostname(config)# object service TelnetObj
hostname(config-network-object)# service tcp destination eq telnet
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress1 destination static TelnetWebServer TelnetWebServer service
TelnetObj TelnetObj
hostname(config)# object network PATaddress2
hostname(config-network-object)# host 209.165.202.130
hostname(config)# object service HTTPObj
hostname(config-network-object)# service tcp destination eq http
hostname(config)# nat (inside,outside) source dynamic myInsideNetwork PATaddress2 destination static TelnetWebServer TelnetWebServer service HTTPObj HTTPObj
