使用“外部”的静态 NAT 是否应该与“内部”一样工作
拓扑:
例如,假设我使用:
ip nat inside static source 192.168.1.1 10.1.1.50
- 我尝试从 192.168.1.1 ping 10.1.1.100
- 源地址将从 192.168.1.1 NAT 到 10.1.1.50
- ping 到 10.1.1.100,它回复 10.1.1.50
- ping 的目标地址从 10.1.1.50 更改为 192.168.1.1
- ping 完成
如果我尝试相反
ip nat outside static source 10.1.1.100 192.168.1.50
- 我尝试从 10.1.1.100 ping 192.168.1.1
- 源地址将从 10.1.1.100 192.168.1.50 进行 NAT
- ping 到 192.168.1.1,它回复 192.168.1.50
- 我预计 ping 的目标地址会从 192.168.1.50 更改为 10.1.1.100 但不会
- ping 在 192.168.1.50 下降,因为它不期待 ping
为什么“内部” NAT 规则在两种情况下都能正常工作,但“外部”规则在返回时会失败?
使用数据包跟踪器,所以根据4321路由器,它是IOS15.4
配置(在 NAT 内)
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static 192.168.1.1 10.1.1.50
ip classless
!
ip flow-export version 9
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
配置(NAT 外)
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
!
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip nat outside source static 10.1.1.100 192.168.1.50
ip classless
!
ip flow-export version 9
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end```