Networking
無法讓 NAT 在 Cisco 2851 路由器上工作
我正在嘗試使用靜態路由和 NAT 設置 2851 路由器。我的大學使用靜態路由,這是針對校園電腦實驗室的,否則我不會靜態路由 ;-) 我可以從路由器控制台 ping 網際網路上的地址,但不能從內部網路上的機器。我可以從網路客戶端 ping 內部路由器埠,但不能 ping 外部埠。我想我在那裡正確地擁有了所有 NAT 的東西,但仍然沒有路由。其他人可以指出我的錯誤嗎?
CSLabRouter#sho run Building configuration... Current configuration : 3621 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CSLabRouter ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! ! ip cef ! ! no ip domain lookup ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-3695308060 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3695308060 revocation-check none rsakeypair TP-self-signed-3695308060 ! ! crypto pki certificate chain TP-self-signed-3695308060 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33363935 33303830 3630301E 170D3136 30393033 30333032 BC404C81 47004B31 4B3E456C 81E50FC7 E3C9F387 BBB7B8CD 98CC230C 4068B586 FC92 quit username Admin privilege 15 password 0 MasterPass ! ! ! ! ! interface GigabitEthernet0/0 ip address 172.30.30.1 255.255.0.0 ip nat enable duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.13.13.1 255.255.255.0 ip nat enable duplex auto speed auto ! ip default-gateway 172.30.30.1 ip default-network 172.30.0.0 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.30.30.2 ip route 10.13.13.0 255.255.255.0 172.30.30.2 ! ! ip http server ip http authentication local ip http secure-server ip nat pool AC008Clients 10.13.13.0 10.13.13.255 prefix-length 24 add-route ip nat source list 1 pool AC008Clients overload ip nat source static udp 10.13.13.8 53 interface GigabitEthernet0/0 53 ip nat source static tcp 10.13.13.8 53 interface GigabitEthernet0/0 53 ip nat source static udp 10.13.13.8 5900 interface GigabitEthernet0/0 5900 ip nat source static tcp 10.13.13.8 5900 interface GigabitEthernet0/0 5900 ip nat source static udp 10.13.13.8 3283 interface GigabitEthernet0/0 3283 ip nat source static tcp 10.13.13.8 3283 interface GigabitEthernet0/0 3283 ip nat source static udp 10.13.13.8 311 interface GigabitEthernet0/0 311 ip nat source static tcp 10.13.13.8 311 interface GigabitEthernet0/0 311 ip nat source static tcp 10.13.13.8 80 interface GigabitEthernet0/0 80 ip nat inside source list 1 interface GigabitEthernet0/0 overload ! access-list 1 permit 10.13.13.0 0.0.0.255 snmp-server community CottonCandy RO ! ! ! control-plane ! ! ! ! ! ! ! ! alias exec s show ip int br alias exec sr show run ! line con 0 line aux 0 line vty 0 4 privilege level 15 login local transport input ssh ! scheduler allocate 20000 1000 ! end
首先,您不要在正在路由的路由器上使用
ip default-gateway 172.30.30.1and命令,您應該刪除這些命令。ip default-network 172.30.0.0該ip route 0.0.0.0 0.0.0.0 172.30.30.2命令是您用於路由的命令。您還應該刪除該ip route 10.13.13.0 255.255.255.0 172.30.30.2命令。您的介面配置不正確。您應該
ip nat inside在內部介面和ip nat outside外部介面上使用:interface GigabitEthernet0/0 ip address 172.30.30.1 255.255.0.0 ip nat outside duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.13.13.1 255.255.255.0 ip nat inside duplex auto speed auto !您應該刪除這兩個命令:
ip nat pool AC008Clients 10.13.13.0 10.13.13.255 prefix-length 24 add-route ip nat source list 1 pool AC008Clients overload最佳做法是在路由器上禁用 HTTP:
no ip http server no ip http secure-server