HCIA_ Nat experiment

1、 The experimental requirements

1、R2 by ISP equipment , Can only be configured on this device IP Address , No other configuration is allowed
2、1.1.1.0/24 Network segment represents all network segments of the whole Internet
3、PC1 It's ok pingPC2
4、R1 Only one public IP Address , stay G0/0/1 On the interface
5、CLIENT Can pass http Visit two server
6、client Visiting another server By domain name

2、 The topology

3、 The analysis process

1、PC1 can ping through PC2, And 1.1.1.0/24 Represents all network segments of the entire Internet , So you need to be in R1 Write a default pointing to ISP Router , Then a single default is not enough , Still need to be in R1 On the configuration NAT, Write first ACL Grab traffic of interest , Then proceed NAT Transformation , Convert private address to public address 12.1.1.1, Then visit the Internet .
2、client Can pass HTTP Visit two HTTP Of server, Need to be in R1 Port to port mapping on , bring cilent Use http Service 80 When accessing the port HTTP1, In the use of http Of 8888 When the interface of , Corresponding to HTTP2, In this way, it can be realized that two different server Separate access to
3、client Visiting one of them server Use the domain name to access , For the time being HTTP1 The corresponding relationship of is written as DNS Server , bring client When using domain name to access , Corresponding to HTTP1 Server for .

4、 Configure the content

R1:

[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 255.255.255.0
[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip address 12.1.1.1 255.255.255.0
[r1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[r1]acl 2000
[r1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.1.10 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 8888 inside 192.168.1.20 80

R2:

[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip address 12.1.1.2 255.255.255.0
[r2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip address 1.1.1.1 255.255.255.0

5、 The results verify that

1、PC1 It's ok ping through PC2

2、CLIENT Can pass http Visit two server

3、client Visiting another server By domain name