目的是R1和R3不写路由,靠NAT实现互通。

 拓扑为:

        ip nat inside source和ip nat source区别_inside outside

 

              网段为29.29.X.X/24

 

先按正常带 inside的做,R2上:

ip nat inside source和ip nat source区别_inside outside_02

然后R2e0/1ip nat insidee0/0ip nat outside。

R3ping 29.29.23.1

ip nat inside source和ip nat source区别_inside outside_03

切到R2的显示的debug

ip nat inside source和ip nat source区别_休闲_04

 

分析:

r2(config-if)#

*Mar 1 00:37:08.843: NAT*: o: icmp (29.29.23.3, 1) -> (29.29.23.1, 1) [5]

*Mar 1 00:37:08.843: NAT*: o: icmp (29.29.23.3, 1) -> (29.29.23.1, 1) [5]

*Mar 1 00:37:08.843: NAT*: s=29.29.23.3->29.29.12.3, d=29.29.23.1 [5]

说明从outside往inside的时候,到了接口马上NAT先做地址转换,这是源转换

*Mar 1 00:37:08.847: NAT*: s=29.29.12.3, d=29.29.23.1->29.29.12.1 [5]

目的转换,这时候源目的都转完了

*Mar 1 00:37:08.847: IP: tableid=0, s=29.29.12.3 (Ethernet0/0), d=29.29.12.1 (Ethernet0/1), routed via FIB

*Mar 1 00:37:08.851: IP: s=29.29.12.3 (Ethernet0/0), d=29.29.12.1 (Ethernet0/1), g=29.29.12.1, len 100, forward

*Mar 1 00:37:08.851: ICMP type=8, code=0

转换完了再路由,给R1

*Mar 1 00:37:08.975: IP: tableid=0, s=29.29.12.1 (Ethernet0/1), d=29.29.12.3 (Ethernet0/1), routed via RIB

r2(config-if)#

*Mar 1 00:37:08.975: IP: s=29.29.12.1 (Ethernet0/1), d=29.29.12.3 (Ethernet0/1), len 100, rcvd 3

*Mar 1 00:37:08.979: ICMP type=0, code=0

这是R1的回包,debug到这里为止了,不通,说明inside到outside的时候是先查路由表才做NAT转换

既然如此,就给它加一条静态:

ip nat inside source和ip nat source区别_nat 深入研究_05

 

ip nat inside source和ip nat source区别_ip nat_06

 

ping一个包,切到R2上看DEBUG:

ip nat inside source和ip nat source区别_ip nat enable_07

 

结果就是,加上那条静态路由以后,R1的回包就可以进行NAT转换了

整个过程结束,说明NAT这种敲法从外到内是先NAT再路由,从内到外先路由再NAT

上面是ip nat [inside|outside] source,下面是ip nat source的用法:

先把上面的命令全NO掉,包括接口 下的ip nat inside和ip nat outside

ip nat inside source和ip nat source区别_inside outside_08
 

ip nat inside source和ip nat source区别_inside outside_09

这时候接口上就不用写inside或者outside了,改为打开 nat功能 : ip nat enable

ip nat inside source和ip nat source区别_nat 深入研究_10

然后到R3ping一下,一样通了

ip nat inside source和ip nat source区别_休闲_11

 

Ping 一个包,切到R2上看DEBUG

ip nat inside source和ip nat source区别_ip nat_12

 

*Mar 1 01:41:03.219: IP: tableid=0, s=29.29.23.3 (Ethernet0/0), d=29.29.23.1 (Ethernet0/0), routed via RIB

这种先走一次路由,但不是真正的路由行为,匹配一下NAT的转换表,转到所谓的虚接口

*Mar 1 01:41:03.219: NAT: i: icmp (29.29.23.3, 6) -> (29.29.23.1, 6) [14]

*Mar 1 01:41:03.223: NAT: s=29.29.23.3->29.29.12.3, d=29.29.23.1 [14]

*Mar 1 01:41:03.223: NAT: s=29.29.12.3, d=29.29.23.1->29.29.12.1 [14]

匹配了以后开始NAT转换

*Mar 1 01:41:03.223: IP: tableid=0, s=29.29.12.3 (Ethernet0/0), d=29.29.12.1 (Ethernet0/1), routed via RIB

*Mar 1 01:41:03.227: IP: s=29.29.12.3 (Ethernet0/0), d=29.29.12.1 (Ethernet0/1), g=29.29.12.1, len 100, forward

*Mar 1 01:41:03.227: ICMP type=8, code=0

转换完了走路由。下面的回包过程是对称的

r2(config-if)#

*Mar 1 01:41:03.271: IP: tableid=0, s=29.29.12.1 (Ethernet0/1), d=29.29.12.3 (Ethernet0/1), routed via RIB

*Mar 1 01:41:03.271: NAT: i: icmp (29.29.12.1, 6) -> (29.29.12.3, 6) [14]

*Mar 1 01:41:03.271: NAT: s=29.29.12.1->29.29.23.1, d=29.29.12.3 [14]

*Mar 1 01:41:03.271: NAT: s=29.29.23.1, d=29.29.12.3->29.29.23.3 [14]

*Mar 1 01:41:03.275: IP: tableid=0, s=29.29.23.1 (Ethernet0/1), d=29.29.23.3 (Ethernet0/0), routed via RIB

*Mar 1 01:41:03.275: IP: s=29.29.23.1 (Ethernet0/1), d=29.29.23.3 (Ethernet0/0), g=29.29.23.3, len 100, forward

*Mar 1 01:41:03.279: ICMP type=0, code=0

r2(config-if)#

 

 

结论就是,ip nat source 不用在接口上指inside或者outside,要打开ip nat enable,然后转发过程不一样,路由进虚接口---NAT转换---真正路由转发,然后两边是对称的。