CISCO NAT: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(13 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
  
 +
=Variante A=
 
===NAT Inside und Outside Interfaces festlegen===
 
===NAT Inside und Outside Interfaces festlegen===
unkerich#
+
*configure terminal  
unkerich#configure terminal  
+
*(config)#interface ethernet 0/0
unkerich(config)#interface ethernet 0/0
+
*(config-if)#ip nat outside
unkerich(config-if)#ip nat outside
+
*(config-if)#exit
unkerich(config-if)#exit
+
*(config)#interface ethernet 1/0
unkerich(config)#interface ethernet 1/0
+
*(config-if)#ip nat inside
unkerich(config-if)#ip nat inside
+
===NAT Pool festlegen NAT ACL dem NAT Pool zuordnen===
unkerich(config-if)#exit
+
*configure terminal
  unkerich#
+
*(config)# ip nat inside source list 7 interface Ethernet0/0 overload
 +
 
 +
===NAT ACL festlegen===
 +
*configure terminal
 +
*(config)access-list 7 permit 172.22.2.0 0.0.0.255
 +
*(config-if)#exit
 +
==Copy and Paste Example==
 +
<pre>
 +
configure terminal
 +
interface fastEthernet 0/0
 +
ip nat outside
 +
interface fastEthernet 0/1
 +
ip nat inside
 +
exit
 +
ip nat pool unkerich-pool 192.168.252.96 192.168.252.96 prefix-length 24
 +
ip nat inside source list local-net-nat interface fastEthernet0/0 overload
 +
ip access-list extended local-net-nat
 +
  deny  ip 10.20.30.0 0.0.0.255 10.20.0.0 0.0.255.255
 +
permit ip 10.20.30.0 0.0.0.255 any
 +
exit
 +
</pre>
  
 +
=Variante B=
 +
===NAT Inside und Outside Interfaces festlegen===
 +
*configure terminal
 +
*(config)#interface ethernet 0/0
 +
*(config-if)#ip nat outside
 +
*(config-if)#exit
 +
*(config)#interface ethernet 1/0
 +
*(config-if)#ip nat inside
 
===NAT Pool festlegen hier wird mit der aussenip überladen===
 
===NAT Pool festlegen hier wird mit der aussenip überladen===
unkerich#
+
*configure terminal  
unkerich#configure terminal  
+
*(config)ip nat pool unkerich-pool 192.168.249.62 192.168.249.62 prefix-length 24
unkerich(config)ip nat pool unkerich-pool 192.168.249.62 192.168.249.62 prefix-length 24
 
unkerich(config-if)#exit
 
unkerich#
 
 
 
 
===NAT ACL dem NAT Pool zuordnen===  
 
===NAT ACL dem NAT Pool zuordnen===  
unkerich#
+
*configure terminal  
unkerich#configure terminal  
+
*(config)ip nat inside source list 7 pool unkerich-pool overload
unkerich(config)ip nat inside source list 7 pool unkerich-pool overload
+
===NAT ACL festlegen===  
unkerich(config-if)#exit
+
*configure terminal  
unkerich#
+
*(config)access-list 7 permit 172.22.2.0 0.0.0.255
 
+
*(config-if)#exit
===NAT Pool festlegen NAT ACL dem NAT Pool zuordnen (Alternative)===
 
unkerich#
 
unkerich#configure terminal  
 
unkerich(config)# ip nat inside source list 7 interface Ethernet0/0 overload
 
unkerich(config-if)#exit
 
unkerich#
 
  
===NAT ACL festlegen===
 
unkerich#
 
unkerich#configure terminal
 
unkerich(config)access-list 7 permit 172.22.2.0 0.0.0.255
 
unkerich(config-if)#exit
 
unkerich#
 
  
===Aktive NAT anzeigen===  
+
=Aktive NAT anzeigen=
unkerich#show ip nat translations  
+
*show ip nat translations  
 
  Pro Inside global        Inside local          Outside local        Outside global
 
  Pro Inside global        Inside local          Outside local        Outside global
 
  tcp 192.168.250.97:35798  172.22.2.2:35798      192.168.250.1:22      192.168.250.1:22
 
  tcp 192.168.250.97:35798  172.22.2.2:35798      192.168.250.1:22      192.168.250.1:22
Zeile 50: Zeile 63:
  
 
===Aktive NAT löschen===  
 
===Aktive NAT löschen===  
  unkerich#clear ip nat translations *
+
  unkerich#clear ip nat translation *
  
 
===Inside NAT===
 
===Inside NAT===
Zeile 57: Zeile 70:
 
  unkerich(config)#exit
 
  unkerich(config)#exit
 
  unkerich#
 
  unkerich#
 +
*Erklärung
 +
;ip nat inside source static tcp Innen-IP Innen-Port Aussen-IP Aussen-Port extendable
 +
 +
===VPN NAT===
 +
*[[Cisco VPN NAT]]
 +
 
=Links=
 
=Links=
 
*http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html
 
*http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

Aktuelle Version vom 18. Mai 2016, 07:52 Uhr

Variante A

NAT Inside und Outside Interfaces festlegen

  • configure terminal
  • (config)#interface ethernet 0/0
  • (config-if)#ip nat outside
  • (config-if)#exit
  • (config)#interface ethernet 1/0
  • (config-if)#ip nat inside

NAT Pool festlegen NAT ACL dem NAT Pool zuordnen

  • configure terminal
  • (config)# ip nat inside source list 7 interface Ethernet0/0 overload

NAT ACL festlegen

  • configure terminal
  • (config)access-list 7 permit 172.22.2.0 0.0.0.255
  • (config-if)#exit

Copy and Paste Example

configure terminal
interface fastEthernet 0/0
ip nat outside
interface fastEthernet 0/1
ip nat inside
exit
ip nat pool unkerich-pool 192.168.252.96 192.168.252.96 prefix-length 24
ip nat inside source list local-net-nat interface fastEthernet0/0 overload
ip access-list extended local-net-nat
 deny   ip 10.20.30.0 0.0.0.255 10.20.0.0 0.0.255.255
 permit ip 10.20.30.0 0.0.0.255 any
exit

Variante B

NAT Inside und Outside Interfaces festlegen

  • configure terminal
  • (config)#interface ethernet 0/0
  • (config-if)#ip nat outside
  • (config-if)#exit
  • (config)#interface ethernet 1/0
  • (config-if)#ip nat inside

NAT Pool festlegen hier wird mit der aussenip überladen

  • configure terminal
  • (config)ip nat pool unkerich-pool 192.168.249.62 192.168.249.62 prefix-length 24

NAT ACL dem NAT Pool zuordnen

  • configure terminal
  • (config)ip nat inside source list 7 pool unkerich-pool overload

NAT ACL festlegen

  • configure terminal
  • (config)access-list 7 permit 172.22.2.0 0.0.0.255
  • (config-if)#exit


Aktive NAT anzeigen

  • show ip nat translations
Pro Inside global         Inside local          Outside local         Outside global
tcp 192.168.250.97:35798  172.22.2.2:35798      192.168.250.1:22      192.168.250.1:22
tcp 192.168.250.97:48960  172.22.2.2:48960      192.168.250.1:22      192.168.250.1:22
tcp 192.168.250.97:48961  172.22.2.2:48961      192.168.250.1:22      192.168.250.1:22
tcp 192.168.250.97:48962  172.22.2.2:48962      192.168.250.1:22      192.168.250.1:22
tcp 192.168.250.97:48963  172.22.2.2:48963      192.168.250.1:22      192.168.250.1:22
tcp 192.168.250.97:48964  172.22.2.2:48964      192.168.250.1:22      192.168.250.1:22

Aktive NAT löschen

unkerich#clear ip nat translation *

Inside NAT

unkerich#configure terminal 
unkerich(config)#ip nat inside source static tcp 172.22.2.2 22 192.168.250.97 22 extendable                
unkerich(config)#exit
unkerich#
  • Erklärung
ip nat inside source static tcp Innen-IP Innen-Port Aussen-IP Aussen-Port extendable

VPN NAT

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=CISCO_NAT&oldid=9128