Fatal编程技术网
  • networking/
  • Networking 无法使NAT在Cisco 2851路由器上工作

Networking 无法使NAT在Cisco 2851路由器上工作

networking

Networking 无法使NAT在Cisco 2851路由器上工作,networking,nat,cisco-ios,Networking,Nat,Cisco Ios,我正在尝试使用静态路由和NAT设置2851路由器。我的大学使用静态路由,否则我不会;-) 我可以从路由器控制台ping互联网上的地址,但不能从内部网络上的机器ping地址。我可以从网络客户端ping内部路由器端口,但不能ping外部端口。我想我所有的NAT都在那里,但仍然没有路由。还有谁能指出我的错误吗 CSLabRouter#sho run Building configuration... Current configuration : 3621 bytes ! version 12.4

我正在尝试使用静态路由和NAT设置2851路由器。我的大学使用静态路由,否则我不会;-) 我可以从路由器控制台ping互联网上的地址,但不能从内部网络上的机器ping地址。我可以从网络客户端ping内部路由器端口,但不能ping外部端口。我想我所有的NAT都在那里,但仍然没有路由。还有谁能指出我的错误吗

CSLabRouter#sho run
Building configuration...

Current configuration : 3621 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CSLabRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
ip cef
!
!
no ip domain lookup
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3695308060
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3695308060
 revocation-check none
 rsakeypair TP-self-signed-3695308060
!
!
crypto pki certificate chain TP-self-signed-3695308060
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33363935 33303830 3630301E 170D3136 30393033 30333032 

  BC404C81 47004B31 4B3E456C 81E50FC7 E3C9F387 BBB7B8CD 98CC230C 4068B586 FC92
  quit
username Admin privilege 15 password 0 MasterPass
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 172.30.30.1 255.255.0.0
 ip nat enable
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.13.13.1 255.255.255.0
 ip nat enable
 duplex auto
 speed auto
!
ip default-gateway 172.30.30.1
ip default-network 172.30.0.0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.30.30.2
ip route 10.13.13.0 255.255.255.0 172.30.30.2
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool AC008Clients 10.13.13.0 10.13.13.255 prefix-length 24 add-route
ip nat source list 1 pool AC008Clients overload
ip nat source static udp 10.13.13.8 53 interface GigabitEthernet0/0 53
ip nat source static tcp 10.13.13.8 53 interface GigabitEthernet0/0 53
ip nat source static udp 10.13.13.8 5900 interface GigabitEthernet0/0 5900
ip nat source static tcp 10.13.13.8 5900 interface GigabitEthernet0/0 5900
ip nat source static udp 10.13.13.8 3283 interface GigabitEthernet0/0 3283
ip nat source static tcp 10.13.13.8 3283 interface GigabitEthernet0/0 3283
ip nat source static udp 10.13.13.8 311 interface GigabitEthernet0/0 311
ip nat source static tcp 10.13.13.8 311 interface GigabitEthernet0/0 311
ip nat source static tcp 10.13.13.8 80 interface GigabitEthernet0/0 80
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 10.13.13.0 0.0.0.255
snmp-server community CottonCandy RO
!
!
!
control-plane
!
!
!
!
!
!
!
!
alias exec s show ip int br
alias exec sr show run
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input ssh
!
scheduler allocate 20000 1000
!
end
我可以看到,您在接口下使用了“ip nat启用”,在全局配置中使用了“源代码列表1接口GigabitEthernet0/0重载中的ip nat”

当我们使用“ipnatenable命令”时,我们还需要稍微修改全局配置中的nat语句(以删除全局配置中的单词“inside”)

否则使用“IPNAT内部/外部”命令