Cisco 1800 NAT配置

时间:2013-11-12 17:41:20

标签: networking nat cisco cisco-ios

我有Cisco 1812路由器,我想设置为我们的办公室互联网网关。虽然我遵循思科网站上的指南,但我无法让NAT工作。

我的问题是NAT没有发生,我无法理解。

当我连接到路由器时,我从DHCP获取IP地址,并且我可以ping本地接口IP(192.168.210.254)和公共IP(212.94.196.71略有变化),但我无法通过互联网。我无法从连接到本地接口的机器ping默认网关,但我可以从路由器本身以及互联网上的任何站点ping它。

最后,show ip nat translations显示空列表。

我做错了什么?

这是我的配置

Current configuration : 2022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FXW9$XXXXXXXXXXXXXXXXXXX.
!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.210.240 192.168.210.254
ip dhcp excluded-address 192.168.210.1 192.168.210.4
!
ip dhcp pool lan1
   network 192.168.210.0 255.255.255.0
   dns-server 192.168.210.100
   default-router 192.168.210.254
   domain-name mydomain.com
!
ip name-server 210.127.96.3
ip name-server 210.127.96.4
!
interface FastEthernet0
 ip address 192.168.210.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet1
 ip address 212.94.196.71 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 no ip route-cache
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 10.28.10.254 255.255.255.0
 no ip route-cache
!
interface Vlan11
 ip address 10.1.11.254 255.255.255.0
 no ip route-cache
!
interface Vlan55
 ip address 10.28.55.254 255.255.255.0
 no ip route-cache
!
ip default-gateway 212.94.196.65
!
!
no ip http server
no ip http secure-server
ip nat pool ovrld 212.94.196.71 212.94.196.71 prefix-length 28
!
access-list 7 permit 192.168.210.0 0.0.0.31
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

2 个答案:

答案 0 :(得分:0)

您忘记启用内部源地址的翻译。

ip nat inside source { list <acl> pool <name> [overload] |
static <local-ip><global-ip> }

我发现你已经有了一个访问列表(根据你的私人地址)全局配置添加:

ip nat inside source list 7 pool ovrld

其他编辑: 启用IP路由ip routing后,它可以正常工作

答案 1 :(得分:0)

您的DHCP适用于较低的子网,而您的网关位于另一个子网中.224-254

你的nat列表是针对.0子网的

相关问题
最新问题