hello
即使命令可用,您的路由器也可能不支持NVI nat。
如果你想发夹 您仍可以使用传统nat(内部/外部域)进行此操作,其设置要复杂一些,但它确实有效。
示例
int loopback 10
ip address 169.1.255.254 255 255.255.255
ip nat inside
route-map Hairpin
set interface loopback10
ip access-list extended PAT
deny ip 10.0.0 0 0.15.255.255 10.0.0.0 0.15.255.255
permit ip 10.10.9.0 0.0.0.255 any
permit ip 10.20.0.0 0.0.255.255 any
ip access-list extended hairping
permit ip 10.10.9.0 0.0.0.255 host 10.10.9.109
permit ip 10.20.0.0 0.0.255.255 host 10.10.9.109
ip nat inside source list PAT GigabitEthernet0
ip nat inside source list hairping GigabitEthernet0
ip nat inside source static 10.10.9.109 139.255.48.152
interface GigabitEthernet0/0
description WAN
ip nat outside
interface GigabitEthernet0/1
description LAN
ip nat outside
ip policy route-map Hairpin
no ip redirects
谢谢你的回复,里奥先生,
因为我是通过远程访问路由器,如果配置显示在图片中,则很抱歉。
目录
show version
?
?
?
路由器的正常运行时间为1周,因此它没有崩溃。
是,但命令
ip nat source static 10.10.12.189 139.255.48.198 extendable
被自动删除了,我不知道为什么。
它会在丢失后导致网络错误。
更新路由器的固件。
...
你好,保罗,谢谢回复。
如何检查?我的路由器版本是15.4(3)。M3
ip nat inside source static
ip nat source static
what is the different??
1-first one is apply to physical interface,
you config
ip nat inside source static
then
ip nat inside
ip nat outside
2-seocnd is apply to virtual interface,
so in global mode
config the
ip nat source static
that it no need more.
I think you config
ip nat source static
then you config
ip nat inside
ip nat outside
NAT消失。
请检查一下这一点
我的配置在使用之前
ip nat inside source..
但是,我需要我的服务器能够在内部访问服务器公共ip(我将其映射到虚拟IP)。
以下提示:
https://community.cisco.com/t5/routing/how-to-do-nat-reflection-nat-hairpin-on-a-cisco-1800-router/td-p/2754725
一切尽在我需要,但命令
ip nat source ...
在我写命令3到4小时后,它的类似信息被自动删除。
已设置
no ip nat inside for int g0/0 and no ip nat outside for int g0/1
interface GigabitEthernet0/0
no ip nat outside
no ip redirects
ip nat enable
!
interface GigabitEthernet0/1
no ip nat inside
no ip redirects
ip nat enable
!
ip access-list extended NAT
permit ip 10.10.9.0 0.0.0.255 any
permit ip 10.20.0.0 0.0.255.255 any
!
ip nat source static 10.10.9.109 139.255.48.152 extendable
ip nat source list NAT interface GigabitEthernet0 overload
!
end
hello
即使命令可用,您的路由器也可能不支持NVI nat。
如果你想发夹 您仍可以使用传统nat(内部/外部域)进行此操作,其设置要复杂一些,但它确实有效。
示例
int loopback 10
ip address 169.1.255.254 255 255.255.255
ip nat inside
route-map Hairpin
set interface loopback10
ip access-list extended PAT
deny ip 10.0.0 0 0.15.255.255 10.0.0.0 0.15.255.255
permit ip 10.10.9.0 0.0.0.255 any
permit ip 10.20.0.0 0.0.255.255 any
ip access-list extended hairping
permit ip 10.10.9.0 0.0.0.255 host 10.10.9.109
permit ip 10.20.0.0 0.0.255.255 host 10.10.9.109
ip nat inside source list PAT GigabitEthernet0
ip nat inside source list hairping GigabitEthernet0
ip nat inside source static 10.10.9.109 139.255.48.152
interface GigabitEthernet0/0
description WAN
ip nat outside
interface GigabitEthernet0/1
description LAN
ip nat outside
ip policy route-map Hairpin
no ip redirects
嗨,保罗,非常感谢你的帮助。
我试着用你的例子。和NVI一样,让我检查一下。希望工作更稳定
谢谢你,保罗。