R1
conf t
int g2/0
ip add 10.1.1 .1 255.255.255.0
no shut
username R1 password cisco
line vty 0 4
login local
exit
ip route 172.16.1.0 255.255.255.0 10.1.1 .9
R2
conf t
int g2/0
ip add 29.29.29.2 255.255.255.0
no shut
int g3/0
ip add 10.1.1 .2 255.255.255.0
no shut
ip route 192.168.1.0 255.255.255.0 29.29.29.9
R3
conf t
int g3/0
ip add 10.1.1 .3 255.255.255.0
no shut
ip route 192.168.1.0 255.255.255.0 10.1.1 .2
PIX
conf t
int e 0
nameif inside
ip add 10.1.1 .9 255.255.255.0
no shut
int e1
nameif outside
ip add 29.29.29.9 255.255.255.0
no shut
exit
nat-control
static (inside,outside) 192.168.1.0 10.1.1 .0 netmask 255.255.255.0
static (outside,inside) 172.16.1.0 10.1.1 .0 netmask 255.255.255.0
route outside 172.16.1.0 255.255.255.128 29.29.29.2
route outside 172.16.1.128 255.255.255.128 29.29.29.2
access-list NAT per ip an an
access-group NAT in interface outside
測試:
R3#telnet 192.168.1.1
Trying 192.168.1.1 ... Open
User Access Verification
Username: R1
Password:
R1>quit
[Connection to 192.168.1.1 closed by foreign host]
R3#
PIX1# sh conn
TCP out 172.16.1.3(10.1.1 .3):64238 in 10.1.1.1:23 idle 0:00:02 bytes 120 flags UIO
R1
Nov 17 15:46:01.939: IP: tableid=0, s=172.16.1.3 (GigabitEthernet2/0), d=10.1.1 .1 (GigabitEthernet2/0), routed via RIB
*Nov 17 15:46:01.939: IP: s=172.16.1.3 (GigabitEthernet2/0), d=10.1.1 .1 (GigabitEthernet2/0), len 40, rcvd 3