Пользователь с IP 192.168.0.2/24 обращается на сервер с IP 172.16.0.1/24. Необходимо, чтобы destanation-address 172.16.0.1 подменялся на 10.0.0.254, а source-address менялся на 10.0.0.1.
...
| Блок кода |
|---|
esr(config)#
esr(config)# nat source
esr(config-snat)# pool SNAT
esr(config-snat-pool)# ip address-range 10.0.0.1
esr(config-snat-pool)# exit
esr(config-snat)# ruleset SNAT
esr(config-snat-ruleset)# to interface gi1/0/1
esr(config-snat-ruleset)# rule 1
esr(config-snat-rule)# match source-address LAN
esr(config-snat-rule)# match destination-address DST_SRV
esr(config-snat-rule)# action source-nat pool SNAT
esr(config-snat-rule)# enable
esr(config-snat-rule)# exit
esr(config-snat-ruleset)# exit
esr(config-snat)# exit
esr(config)# |
...
| Блок кода |
|---|
object-group network LAN
ip prefix 192.168.0.0/24
exit
object-group network DST_SRV
ip prefix 10.0.0.254/32
exit
object-group network WAN
ip prefix 10.0.0.1/32
exit
object-group network SRV
ip prefix 172.16.0.1/32
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 10.0.0.1/24
exit
interface gigabitethernet 1/0/2
ip firewall disable
ip address 192.168.0.1/24
exit
nat destination
pool SRV_DST
ip address 10.0.0.254
exit
ruleset EPT
from interface gigabitethernet 1/0/2
rule 1
match destination-address SRV
action destination-nat pool SRV_DST
enable
exit
exit
exit
nat source
pool SNAT
ip address-range 10.0.0.1
exit
ruleset SNAT
to interface gigabitethernet 1/0/1
rule 1
match source-address LAN
match destination-address DST_SRV
action source-nat pool SNAT
enable
exit
exit
exit
ip route 0.0.0.0/0 interface gigabitethernet 1/0/1
|
...