Policy NAT Konfigurasyonu
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

2007 yılından bu yana aktif olan ciscotr.com, artık " www.bilisim.pro " olarak devam edecektir.  
Mevcut mesajlarınız ve kullanıcı bilgilerinizle sitemizde katılıma devam edebilirsiniz.

+ Konuyu Cevapla
Toplam 4 sonuçtan 1 ile 4 arasındakiler gösteriliyor.
Policy NAT Konfigurasyonu

Slm; Burada yapilmak istenen nat ile trafigi yonlendirmek... Bu demo da LAN dan gelen telnet traffiginin frame-relay tarafindan gitmesini istiyoruz..bunun yaninda http ve icmp traffiginin ise serial line den gitmesini

  1. #1
    burner Guest

    Arrow Policy NAT Konfigurasyonu

    Slm;

    Burada yapilmak istenen nat ile trafigi yonlendirmek... Bu demo da LAN dan gelen telnet traffiginin frame-relay tarafindan gitmesini istiyoruz..bunun yaninda http ve icmp traffiginin ise serial line den gitmesini istiyoruz...
    config ve diagram asagidaki gibidir....



    Kod:
    ===============>R4
    
    !
    bridge irb
    !
    !
    !
    interface Loopback0
     ip address 172.1.4.4 255.255.255.0
     ip ospf network point-to-point
    !
    interface Ethernet0/0
     no ip address
     half-duplex
     bridge-group 1
    !
    interface Ethernet0/1
     no ip address
     half-duplex
     bridge-group 1
    !
    interface Ethernet0/2
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/3
     no ip address
     shutdown
     half-duplex
    !
    interface Serial1/0
     ip address 172.16.54.4 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     encapsulation frame-relay
     ip ospf network point-to-point
     serial restart-delay 0
     frame-relay map ip 172.16.54.5 405 broadcast
     no frame-relay inverse-arp
    !
    interface Serial1/1
     no ip address
     shutdown
     serial restart-delay 0
    !
    interface Serial1/2
     ip address 172.16.45.4 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     serial restart-delay 0
    !
    interface Serial1/3
     no ip address
     shutdown
     serial restart-delay 0
    !
    interface BVI1
     ip address 10.1.1.4 255.255.255.0
     ip nat inside
     ip virtual-reassembly
    !
    router ospf 1
     log-adjacency-changes
     network 172.1.0.0 0.0.255.255 area 0
     network 172.16.0.0 0.0.255.255 area 0
    !
    router bgp 1
     no synchronization
     bgp log-neighbor-changes
     neighbor 172.1.5.5 remote-as 2
     neighbor 172.1.5.5 ebgp-multihop 255
     neighbor 172.1.5.5 update-source Loopback0
     no auto-summary
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    ip nat inside source route-map SEND_S1/0 interface Serial1/0 overload
    ip nat inside source route-map SEND_S1/2 interface Serial1/2 overload
    !
    access-list 100 permit tcp 10.1.1.0 0.0.0.255 any eq telnet
    access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq www
    access-list 101 permit icmp 10.1.1.0 0.0.0.255 any
    !
    route-map SEND_S1/2 permit 10
     match ip address 101
     set interface Serial1/2
    !
    route-map SEND_S1/0 permit 10
     match ip address 100
     set interface Serial1/0
    !
    !         
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    !
    
    R5=================================>
    
    !
    interface Loopback0
     ip address 172.1.5.5 255.255.255.0
     ip ospf network point-to-point
    !
    interface Ethernet0/0
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/1
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/2
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/3
     no ip address
     shutdown
     half-duplex
    !
    interface Serial1/0
     no ip address
     ip ospf network point-to-point
     shutdown
     serial restart-delay 0
    !
    interface Serial1/1
     ip address 172.16.54.5 255.255.255.0
     encapsulation frame-relay
     ip ospf network point-to-point
     serial restart-delay 0
     frame-relay map ip 172.16.54.4 504 broadcast
     no frame-relay inverse-arp
    !
    interface Serial1/2
     ip address 172.16.45.5 255.255.255.0
     serial restart-delay 0
    !
    interface Serial1/3
     no ip address
     shutdown
     serial restart-delay 0
    !
    router ospf 1
     log-adjacency-changes
     network 172.1.0.0 0.0.255.255 area 0
     network 172.16.0.0 0.0.255.255 area 0
    !
    router bgp 2
     no synchronization
     bgp log-neighbor-changes
     neighbor 172.1.4.4 remote-as 1
     neighbor 172.1.4.4 ebgp-multihop 255
     neighbor 172.1.4.4 update-source Loopback0
     no auto-summary
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    
    R6===================================>
    
    !         
    !
    !
    interface Ethernet0/0
     ip address 10.1.1.6 255.255.255.0
     half-duplex
    !
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.1.1.4
    !
    !
    !
    
    R3=====================================>
    
    !
    interface Ethernet0/0
     ip address 10.1.1.3 255.255.255.0
     half-duplex
    !
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.1.1.4
    !
    !
    
    ===========>TEST<========================
    R6#ping 172.1.5.5
    
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.1.5.5, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 96/116/164 ms
    -------
    R4#
    *Mar  1 02:08:10.307: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [709]
    *Mar  1 02:08:10.403: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [709]
    *Mar  1 02:08:10.451: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [710]
    *Mar  1 02:08:10.511: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [710]
    *Mar  1 02:08:10.575: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [711]
    *Mar  1 02:08:10.607: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [711]
    *Mar  1 02:08:10.667: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [712]
    *Mar  1 02:08:10.715: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [712]
    *Mar  1 02:08:10.779: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [713]
    
    R4#
    *Mar  1 02:08:10.823: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [713]
    R4#sh ip nat trans
    Pro Inside global      Inside local       Outside local      Outside global
    icmp 172.16.45.4:19    10.1.1.6:19        172.1.5.5:19       172.1.5.5:19
    R4#
    
    ========
    
    R6#telnet 172.1.5.5 80
    Trying 172.1.5.5, 80 ... Open
    / get
    HTTP/1.1 400 Bad Request
    Date: Fri, 01 Mar 2002 02:03:36 GMT
    Server: cisco-IOS
    Accept-Ranges: none
    
    400 Bad Request
    
    [Connection to 172.1.5.5 closed by foreign host]
    ---------
    R4#
    *Mar  1 02:08:30.207: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [0]
    *Mar  1 02:08:30.299: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [0]
    *Mar  1 02:08:30.367: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [1]
    *Mar  1 02:08:30.371: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [2]
    R4#
    *Mar  1 02:08:31.403: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [3]
    *Mar  1 02:08:31.631: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [1]
    *Mar  1 02:08:32.211: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [4]
    R4#
    *Mar  1 02:08:32.459: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [2]
    *Mar  1 02:08:32.711: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [5]
    *Mar  1 02:08:32.867: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [6]
    *Mar  1 02:08:32.959: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [3]
    *Mar  1 02:08:33.087: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [7]
    *Mar  1 02:08:33.303: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [4]
    *Mar  1 02:08:33.303: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [8]
    *Mar  1 02:08:33.355: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [5]
    *Mar  1 02:08:33.383: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [6]
    R4#
    *Mar  1 02:08:33.431: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [9]
    *Mar  1 02:08:33.431: NAT*: s=10.1.1.6->172.16.45.4, d=172.1.5.5 [10]
    *Mar  1 02:08:33.491: NAT*: s=172.1.5.5, d=172.16.45.4->10.1.1.6 [7]
    R4#
    R4#
    
    R4#sh ip nat trans
    Pro Inside global      Inside local       Outside local      Outside global
    icmp 172.16.45.4:19    10.1.1.6:19        172.1.5.5:19       172.1.5.5:19
    tcp 172.16.45.4:34544  10.1.1.6:34544     172.1.5.5:80       172.1.5.5:80
    R4#
    
    ===========
    
    R6#telnet 172.1.5.5   
    Trying 172.1.5.5 ... Open
    
    
    Password required, but none set
    
    [Connection to 172.1.5.5 closed by foreign host]
    R6#
    -----------
    R4#
    *Mar  1 02:08:47.619: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [0]
    *Mar  1 02:08:47.727: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [0]
    *Mar  1 02:08:47.815: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [1]
    *Mar  1 02:08:47.835: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [2]
    *Mar  1 02:08:47.851: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [3]
    *Mar  1 02:08:47.915: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [1]
    *Mar  1 02:08:47.959: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [2]
    *Mar  1 02:08:47.959: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [4]
    *Mar  1 02:08:47.959: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [5]
    R4#
    *Mar  1 02:08:47.963: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [6]
    *Mar  1 02:08:48.211: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [7]
    *Mar  1 02:08:48.211: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [3]
    R4#
    *Mar  1 02:08:49.991: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [4]
    *Mar  1 02:08:50.055: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [8]
    *Mar  1 02:08:50.087: NAT*: s=10.1.1.6->172.16.54.4, d=172.1.5.5 [9]
    *Mar  1 02:08:50.131: NAT*: s=172.1.5.5, d=172.16.54.4->10.1.1.6 [5]
    
    R4#sh ip nat trans
    Pro Inside global      Inside local       Outside local      Outside global
    icmp 172.16.45.4:19    10.1.1.6:19        172.1.5.5:19       172.1.5.5:19
    tcp 172.16.54.4:18152  10.1.1.6:18152     172.1.5.5:23       172.1.5.5:23
    tcp 172.16.45.4:34544  10.1.1.6:34544     172.1.5.5:80       172.1.5.5:80
    R4#

    Iyi gunler

  2. #2
    irony isimli Üye şimdilik offline konumundadır Senior Member
    Üyelik tarihi
    Nov 2008
    Mesajlar
    914

    Standart

    Bu guzel paylasim icin tesekkurler...

  3. #3
    ercanusa isimli Üye şimdilik offline konumundadır Senior Member
    Üyelik tarihi
    Dec 2007
    Bulunduğu yer
    İstanbul
    Mesajlar
    513

    Standart

    Çok güzel ve basit bir uygulama yapılmış, teşekkürler

  4. #4
    burner Guest

    Standart

    Slm;

    Buda daha degisik bir version, ayni topology kullanilmistir...Bu senelik bu kadar pratik yeter herhalde...yoruldum...Soyle kendimi bir disariya atayim gulluk guneslik bir hava var ANK....

    Kod:
    R3--------------------------->
    !
    interface Ethernet0/0
     ip address 10.1.1.3 255.255.255.0
     half-duplex
    !
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.1.1.4
    !
    !
    
    R4-------------------------------->
    
    ! 
    !
    bridge irb
    !
    !
    !
    interface Loopback0
     ip address 172.1.4.4 255.255.255.0
     ip ospf network point-to-point
    !
    interface Ethernet0/0
     no ip address
     half-duplex
     bridge-group 1
    !
    interface Ethernet0/1
     no ip address
     half-duplex
     bridge-group 1
    !
    interface Ethernet0/2
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/3
     no ip address
     shutdown
     half-duplex
    !
    interface Serial1/0
     ip address 172.16.54.4 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     encapsulation frame-relay
     no ip route-cache cef
     no ip route-cache
     ip ospf network point-to-point
     serial restart-delay 0
     frame-relay map ip 172.16.54.5 405 broadcast
     no frame-relay inverse-arp
    !
    interface Serial1/1
     no ip address
     shutdown
     serial restart-delay 0
    !
    interface Serial1/2
     ip address 172.16.45.4 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     no ip route-cache cef
     no ip route-cache
     serial restart-delay 0
    !
    interface Serial1/3
     no ip address
     shutdown
     serial restart-delay 0
    !
    interface BVI1
     ip address 10.1.1.4 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     no ip route-cache cef
     no ip route-cache
    !
    router ospf 1
     log-adjacency-changes
     network 172.1.0.0 0.0.255.255 area 0
     network 172.16.0.0 0.0.255.255 area 0
    !         
    router bgp 1
     no synchronization
     bgp log-neighbor-changes
     neighbor 172.1.5.5 remote-as 2
     neighbor 172.1.5.5 ebgp-multihop 255
     neighbor 172.1.5.5 update-source Loopback0
     no auto-summary
    !
    ip http server
    no ip http secure-server
    ip classless
    !
    !
    ip nat inside source static 10.1.1.3 172.1.4.1 route-map SEPERATE
    !
    access-list 105 permit ip 10.1.1.0 0.0.0.255 172.1.55.0 0.0.0.255
    access-list 106 permit ip 10.1.1.0 0.0.0.255 172.1.5.0 0.0.0.255
    !
    route-map SEPERATE permit 10
     match ip address 105
     set ip next-hop 172.16.54.5
    !
    route-map SEPERATE permit 20
     match ip address 106
     set ip next-hop 172.16.45.5
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    !
    
    
    R5---------------------------------------->
    
    !
    interface Loopback0
     ip address 172.1.5.5 255.255.255.0
     ip ospf network point-to-point
    !
    interface Loopback1
     ip address 172.1.55.55 255.255.255.0
    !
    interface Ethernet0/0
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/1
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/2
     no ip address
     shutdown
     half-duplex
    !
    interface Ethernet0/3
     no ip address
     shutdown
     half-duplex
    !
    interface Serial1/0
     no ip address
     ip ospf network point-to-point
     shutdown
     serial restart-delay 0
    !
    interface Serial1/1
     ip address 172.16.54.5 255.255.255.0
     encapsulation frame-relay
     ip ospf network point-to-point
     serial restart-delay 0
     frame-relay map ip 172.16.54.4 504 broadcast
     no frame-relay inverse-arp
    !
    interface Serial1/2
     ip address 172.16.45.5 255.255.255.0
     serial restart-delay 0
    !
    interface Serial1/3
     no ip address
     shutdown
     serial restart-delay 0
    !
    router ospf 1
     log-adjacency-changes
     network 172.1.0.0 0.0.255.255 area 0
     network 172.16.0.0 0.0.255.255 area 0
    !
    router bgp 2
     no synchronization
     bgp log-neighbor-changes
     neighbor 172.1.4.4 remote-as 1
     neighbor 172.1.4.4 ebgp-multihop 255
     neighbor 172.1.4.4 update-source Loopback0
     no auto-summary
    !
    ip http server
    no ip http secure-server
    ip classless
    !         
    !
    !
    
    R3#$==========================>TEST<====================================
    R3#$+++++++++++++bunuda trace ile test yapalim++++++++++++++++++++++    
    R3#traceroute 172.1.5.5                                                 
    
    Type escape sequence to abort.
    Tracing the route to 172.1.5.5
    
      1 10.1.1.4 64 msec 80 msec 44 msec
      2 172.16.54.5 156 msec 172 msec * 
    R3#
    R3#trace 172.1.55.55                                                    
    
    Type escape sequence to abort.
    Tracing the route to 172.1.55.55
    
      1 10.1.1.4 68 msec 96 msec 76 msec
      2 172.16.54.5 188 msec 212 msec * 
    R3#
    R3#
    R3#$ Goruldugu uzere trafigin next hop unu gittigi destination dogrultusunda 
    R3#$ Degistirdik....
    R3#$ IYI GUNLER
    R3#$ IYI GUNLER.....
    R3#

+ Konuyu Cevapla

Bu Konuyu Paylaşın !

Bu Konuyu Paylaşın !

Yetkileriniz

  • Konu Acma Yetkiniz Yok
  • Cevap Yazma Yetkiniz Yok
  • Eklenti Yükleme Yetkiniz Yok
  • Mesajınızı Değiştirme Yetkiniz Yok