FEATURE ENHANCEMENTS(增加的功能)
• More flexible pool configuration:
The pool configuration syntax has been extended to allow discontiguous ranges of addresses. The following syntax is now allowed:
ip nat pool <name> { netmask <mask> | prefix-length <length> } [ type { rotary } ]
This command will put the user into IP NAT Pool configuration mode, where a sequence of address ranges can be configured. There is only one command in this mode:
address <start> <end>
Example:
Router(config)#ip nat pool fred prefix-length 24
Router(config-ipnat-pool)#address 171.69.233.225 171.69.233.226
Router(config-ipnat-pool)#address 171.69.233.228 171.69.233.238
This configuration creates a pool containing addresses 171.69.233.225-226 and 171.69.233.228-238 (171.69.233.227 has been omitted).
• Translating to interface's address:
As a convenience for users wishing to translate all inside addresses to the address assigned to an interface on the router, the NAT code allows one to simply name the interface when configuring the dynamic translation rule:
ip nat inside source list <number> interface <interface> overload
If there is no address on the interface, or it the interface is not up, no translation will occur.
Example:
ip nat inside source list 1 interface Serial0 overload
• Static translations with ports:
When translating addresses to an interface's address, outside-initiated connections to services on the inside network (like mail) will require additional configuration to send the connection to the correct inside host. This command allows the user to map certain services to certain inside hosts.
ip nat inside source static { tcp | udp } <localaddr> <localport> <globaladdr> <globalport>
Example:
ip nat inside source static tcp 192.168.10.1 25 171.69.232.209 25
In this example, outside-initiated connections to the SMTP port (25) will be sent to the inside host 192.168.10.1.
• Support for route maps:
The dynamic translation command can now specify a route-map to be processed instead of an access-list. A route-map allows the user to match any combination of access-list, next-hop IP address, and output interface to determine which pool to use:
ip nat inside source route-map <name> pool <name>
Example:
ip nat pool provider1-space 171.69.232.1 171.69.232.254 prefix-length 24
ip nat pool provider2-space 131.108.43.1 131.108.43.254 prefix-length 24
ip nat inside source route-map provider1-map pool provider1-space
ip nat inside source route-map provider2-map pool provider2-space
!
interface Serial0/0
ip nat outside
!
interface Serial0/1
ip nat outside
!
interface Fddi1/0
ip nat inside
!
route-map provider1-map permit 10
match ip address 1
match interface Serial0/0
!
route-map provider2-map permit 10
match ip address 1
match interface Serial0/1
• "Extendable" static translations:
The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address.
ip nat inside source static <localaddr> <globaladdr> extendable
Some customers want to use more than one service provider and translate into each provider's address space. You can use route-maps to base the selection of global address pool on output interface as well as an access-list match. Following is an example:
ip nat pool provider1-space ...
ip nat pool provider2-space ...
ip nat inside source route-map provider1-map pool provider1-space
ip nat inside source route-map provider2-map pool provider2-space
!
route-map provider1-map permit 10
match ip address 1
match interface Serial0/0
!
route-map provider2-map permit 10
match ip address 1
match interface Serial0/1
2001-2007 Comsenz Inc.
