Shulou(Shulou.com)06/02 Report--

Experimental report on static PAT and dynamic PAT of Network Operation and maintenance

Name: Li Jun Class: NTD1710 date: January 5, 2017

Experimental task

Configuration requirements:

PC192.168.1.1 accesses PC120.1.1.1 through firewall dynamic PAT translation

Server accesses PC120.1.1.1 through firewall static PAT translation

Train of thought and experimental steps

Configuration ideas:

The first step is to configure the IP address of the terminal PC and the Server server.

The second step is to configure the VLAN and IP of SW3, ISP, R1 devices so that they can ping the terminal PC IP.

SW3:

Port link-type access

Port default vlan 10

The third step, configure the firewall three ports GO:inside G1:outside G2:DMZ

Interface GigabitEthernet0

Nameif inside

Security-level 100

Ip address 10.1.1.2 255.255.255.252

Interface GigabitEthernet1

Nameif outside

Security-level 0

Ip address 10.2.2.2 255.255.255.252

Interface GigabitEthernet2

Nameif DMZ

Security-level 50

Ip address 172.16.1.254 255.255.255.0

The fourth step is to configure dynamic PAT in the firewall to convert 192.168.1.1 to 119.1.1.6

Object network inside

Nat (inside,outside) dynamic 119.1.1.6

Object network dmz

Nat (DMZ,outside) static outside

Fifth, configure static PAT in the firewall to convert 172.16.1.1 to 119.1.1.1

Ftp mode passive

Object network inside

Subnet 192.168.1.0 255.255.255.0

Object network outside

Host 119.1.1.1

Object network dmz

Host 172.16.1.1

The sixth step is to configure ACL so that PC192.168.1.1 can ping PC120.1.1.1 and PC120.1.1.1 can access server

Access-list 100 extended permit ip host 192.168.1.1 host 120.1.1.1

Access-list 100 extended permit ip host 120.1.1.1 any

Access-list 100 extended permit ip host 172.16.1.1 host 120.1.1.1

Access-group 100 global

Step 7, configure routing entries in SW3, R1, and ISP.

SW:

Ip route-static 0.0.0.0 0.0.0.0 10.1.1.2

R1:

Ip route-static 0.0.0.0 0.0.0.0 10.2.2.2

Ip route-static 120.1.1.0 255.255.255.0 10.3.3.2

ISP:

Ip route-static 10.2.2.0 255.255.255.252 10.3.3.1

Ip route-static 119.1.1.0 255.255.255.248 10.3.3.1

Result verification

PC192.168.1.1:

Ping 120.1.1.1

PC120.1.1.1:

Ping 172.16.1.1

Problems and analysis

Description:

1. The experimental steps should include commands for key configurations and necessary screenshots

two。 Test commands that can reflect the experimental results and necessary screenshots should be included in the verification of the results.

Li Jun tel:15135361516 Qq:344728662

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.