实验要求:
IP地址配置:
AR1 GE0/0/0:192.168.1.1/24
AR1 GE0/0/1:12.1.1.1/24
AR2 GE0/0/0:12.1.1.2/24
AR2 GE0/0/1:1.1.1.1/24
PC1:192.168.1.2
PC2:1.1.1.2
Server1:192.168.1.3
Server2:192.168.1.4
DNS:1.1.1.3
指令:
R2为ISP设备,只能在该设备上配置IP地址,不得进行其他配置
R1仅拥有一个公有IP
[r1]ip route-static 0.0.0.0 0 12.1.1.2
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.255.255.255
[r1-acl-basic-2000]q
[r1-GigabitEthernet0/0/1]nat outbound 2000
client可以通过http访问到两台server
client可以通过域名访问一台server
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.1.10 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[r1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 9999 inside 192.168.1.20 80
PC1可以正常pingPC2