[Router] acl number 3000 //用于内部主机直接使用106.3.45.3访问服务器,只有内网发起的服务才会在GE0/0/2上进行NAT[Router-acl-basic-3000] rule 5 permit ip source 192.168.88.0 0.0.0.255 destination 106.3.45.3 0 interface GigabitEthernet 0/0/2 [Router-GigabitEthernet 0/0/2 ip address 192.168.1.1 255.255.255.0 [Router-GigabitEthernet 0/0/2 nat static global 106.3.45.3 inside 192.168.88.2 netmask 255.255.255.255 //配置内网服务器地址的一对一NAT[Router-GigabitEthernet 0/0/2 nat outbound 3000 //内网用户直接访问106.3.45.3 时做Easy IP,域名注册,将源地址改为GE0/0/2的地址,保证内网服务器和主机间的交互都经过Router转发interface GigabitEthernet 0/0/1 [Router-GigabitEthernet 0/0/1] ip address 106.3.45.2 255.255.255.192 [Router-GigabitEthernet 0/0/1] nat static global 106.3.45.3 inside 192.168.88.2 netmask 255.255.255.255 //保证外网用户使用106.3.45.3可以访问内网服务器[Router] ip route-static 0.0.0.0 0.0.0.0 106.3.45.1 //配置缺省路由,保证内网用户与外网互通,免备案空间香港服务器
