实验要求
实验过程
1. ip分配
2. 配置ip
终端和服务器使用手工配置
3. 服务器域名和ip分配
- http服务器1 的80端口映射到AR1的1.1.1.1:80端口,使用DNS域名为www.baidu.com
- http服务器2 的80端口映射到AR1的1.1.1.1:800端口,不使用域名
4. 路由器配置
AR1
//配置内网网关ip
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[AR1-GigabitEthernet0/0/0]q
//配置出口ip
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]ip address 1.1.1.1 24
[AR1-GigabitEthernet0/0/1]q
//配置acl
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 //定义可被转换的私有ip地址范围
[AR1-acl-basic-2000]q
//使用nat
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2000 //将指定acl范围的ip地址转换为同一个公有ip地址
[AR1-GigabitEthernet0/0/1]q
//配置缺省路由到外网
[AR1]ip route-static 0.0.0.0 0 1.1.1.2
//将http服务器ip进行端口映射
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.1.4 80
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 800 inside 192.168.1.5 80
AR2(ISP)
//配置网关ip
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 1.1.1.2 24
[AR2-GigabitEthernet0/0/0]q
[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 2.2.2.1 24
[AR2-GigabitEthernet0/0/1]q
测试