ANetwork Address TranslationiNAT; lbg[N AhXjB[ebh T[oC^[tFCXBftp.cisco.com AhXi10.1.3.14jAOlbg[N}bsO AhXi209.165.201.10jX^eBbNAZLeB AvCAXi }14-11 QjBAX^eBbN DNS CCl[uKvBAAhXgp ftp.cisco.com ANZX[UA}bsO AhXAhX DNS T[oMB

zXg ftp.cisco.com AhX DNS vMADNS T[o}bsO AhXi209.165.201.10jBZLeB AvCAXAT[oX^eBbNQADNS AhX 10.1.3.14 BDNS CCl[uAzXg ftp.cisco.com ANZXA209.165.201.10 gtBbNMB

}14-11 DNS C

AR}hQB

hostname(config)# static (inside,outside) 209.165.201.10 10.1.3.14 netmask 255.255.255.255 dns

}14-12 AO Web T[o DNS T[oBZLeB AvCAXAOT[opX^eBbNBAftp.cisco.com AhX DNS T[ovADNS T[oAhX 209.165.20.10 Bftp.cisco.com }bsO AhXi10.1.2.56j[UgpAX^eBbN DNS CKvB

}14-12 O NAT gp DNS C

AR}hQB

hostname(config)# static (outside,inside) 10.1.2.56 209.165.201.10 netmask 255.255.255.255 dns

NAT

NAT AC^[tFCXOC^[tFCXpPbg NAT KvvBA NAT QB

NAT Cl[uAR}hB

hostname(config)# nat-control

NAT fBZ[uAR}h no `B

_Ci~bN NAT PAT gp

A_Ci~bN NAT PAT @BB

･ _Ci~bN NAT PAT

･ _Ci~bN NAT PAT

_Ci~bN NAT PAT

_Ci~bN NAT PAT AC^[tFCXAhXw nat R}hBA global R}hAC^[tFCXo}bsO AhXwiPAT A 1 AhXjBe nat R}hAeR}h N AT ID rA global R}hi }14-13 QjB

}14-13 nat global ID

AR}hQB

hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10

NAT ID gpeC^[tFCXA nat R}hBC^[tFCXAC^[tFCXo global R}hgpBA NAT ID 1 C^[tFCX DMZ C^[tFCX nat R}hBA ID 1 OC^[tFCX global R}hBC^[tFCX DMZ C^[tFCXgtBbNAOC^[tFCXoA}bsOv[ PAT AhXLi }14-14 QjB

}14-14 C^[tFCX nat R}h

AR}hQB

hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0

hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10

A NAT ID gpeC^[tFCX global R}hBID 1 OC^[tFCX DMZ C^[tFCX global R}hA nat R}hAgtBbNOC^[tFCX DMZ C^[tFCXAgtBbNwBlAID 1 DMZ C^[tFCX nat R}hAOC^[tFCX global R}h DMZ gtBbNgpi }14-15 QjB

}14-15 C^[tFCX global R}h nat R}h

AR}hQB

hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0

hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10

hostname(config)# global (dmz) 1 10.1.1.23

NAT ID gpAAhXWwA}bsO AhXBAC^[tFCXA 2 NAT ID 2 nat R}hBOC^[tFCXA 2 ID 2 global R}hBAlbg[N A gtBbNOC^[tFCXoAIP AhXv[ A AhXBlbg[N B gtBbNAv[ B AhXi }14-16 QjB|V[ NAT gpAAhX|[geANZXXgA nat R}hAhXwB

}14-16 NAT ID

AR}hQB

hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0

hostname(config)# nat (inside) 2 192.168.1.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.10

hostname(config)# global (outside) 2 209.165.201.11

NAT ID gpA1 C^[tFCX global R}hBZLeB AvCAX_Ci~bN NAT global R}hRtBM[VgpA PAT global R}hgpBAvP[V_Ci~bN NAT gpKvA_Ci~bN NAT AhXsobNAbv PAT pKvA_Ci~bN NAT global R}h PAT global R}hBlA1 PAT }bsOT|[g 64,000 PAT ZbVZbVKvA2 PAT i }14-17 QjB

}14-17 NAT PAT p

AR}hQB

hostname(config)# nat (inside) 1 10.1.2.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.4

hostname(config)# global (outside) 1 209.165.201.5

O NAT AO NAT p nat R}hi outside L[[hjwKvBC^[tFCXANZXgtBbNiADMZ gtBbNAC^[tFCXOC^[tFCXANZXjA outside IvV nat R}hKvBAAhXwA NAT ID gpi }14-18 QjBO NATiDMZ C^[tFCXC^[tFCXjAzXg static R}hgpOANZXBAMAhXAhXB

}14-18 O NAT NAT p

AR}hQB

hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0 outside

hostname(config)# nat (dmz) 1 10.1.1.0 255.255.255.0

hostname(config)# static (inside,dmz) 10.1.2.27 10.1.1.5 netmask 255.255.255.255

hostname(config)# global (outside) 1 209.165.201.3-209.165.201.4

hostname(config)# global (inside) 1 10.1.2.30-1-10.1.2.40

nat R}h IP AhXO[vwAAhX O[vZLeB xC^[tFCXANZXANAT sKvBeC^[tFCX NAT ID gp global R}hKpA static R}hgpKvBO[vZLeB xC^[tFCXANZXANAT KvBO NAT sA outside L[[hgp nat R}hKvBO NAT KpAAhX O[vZLeB xC^[tFCXANZXAL NAT vAhX O[vLB static R}hwgtBbNeB

_Ci~bN NAT PAT

A_Ci~bN NAT _Ci~bN PAT @B_Ci~bN NAT _Ci~bN PAT RtBM[VBNAT }bsO AhXwAPAT 1 AhXw_B

}14-19 AI_Ci~bN NAT ViIBzXg NAT ZbVAgtBbNB}bsO AhXA global R}h`v[_Ci~bNB

}14-19 _Ci~bN NAT

}14-20 AI_Ci~bN PAT ViIBzXg NAT ZbVAgtBbNB global R}h`}bsO AhXA|[g_Ci~bNB

}14-20 _Ci~bN PAT

_Ci~bN NAT A _Ci~bN NAT QBPAT A PAT QB

_Ci~bN NAT _Ci~bN PAT AsB

･ |V[ NATF

hostname(config)# nat ( real_interface ) nat_id access-list acl_name [ dns ] [ outside ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

nat R}hdAhXwBA1 R}h 10.1.1.0 wAR}h 10.1.1.1 wBgtBbNAv|V[ NAT R}hBAW NAT AKgpB

R}hIvVAQB

| access-list acl_name FgANZXXggpAAhXAhXwB access-list R}hgpAANZXXgi gANZXXg QjBANZXXgA ACE B eq ZqgpAANZXXg|[g|[gIvVwB|V[ NAT A inactive time-range L[[hlB ACE A|V[ NAT RtBM[VANeBuB

| nat_id F1 ` 65535 BNAT ID A global R}h NAT ID vKvBNAT ID gp@A _Ci~bN NAT PAT QB 0 ANAT p\iNAT A NAT QjB

| dns F nat R}hADNS T[oGgzXgAhXA DNS T[oNCAgC^[tFCXANCAg DNS T[ozXgAhXKvB}bsO AhXAAhXKvBIvVANCAg DNS AhXBzXgANCAg DNS T[oC^[tFCXKvBAC^[tFCXANZXKvzXgX^eBbNgpAIvVA static R}hgpiA DNS NAT QjB

| outside FC^[tFCXZLeB xAv global wC^[tFCXZLeB xA outside NAT CX^XO NAT wKvB

| norandomseq A tcp tcp_max_conns A udp udp_max_conns A emb_limit FL[[hAlBAlApI@gpB l^CAEg QB

･ W NATF

hostname(config)# nat ( real_interface ) nat_id real_ip [ mask [ dns ] [ outside ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]]

nat_id A1 ` 2147483647 BNAT ID A global R}h NAT ID vKvBNAT ID gp@A _Ci~bN NAT PAT QB 0 ACfeBeB NAT p\BACfeBeB NAT A ACfeBeB NAT QB

IvVAL|V[ NAT R}hQB

Xebv 2 R}hAC^[tFCXoAhX}bsO AhX wB

hostname(config)# global ( mapped_interface ) nat_id { mapped_ip [ - mapped_ip ] | interface }

NAT ID nat R}h NAT ID vKvBv nat R}hAC^[tFCXoAhXwB

1 AhXiPAT jAhXiNAT jwBKvATulbgEfwBAuX[p[lbgvwB

192.168.1.1-192.168.2.254

AC^[tFCX 10.1.1.0/24 lbg[NAR}hB

hostname(config)# nat (inside) 1 10.1.1.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.1-209.165.201.30

_Ci~bN NAT pAhX v[ANAT v[g PAT AhXwAR}hB

hostname(config)# nat (inside) 1 10.1.1.0 255.255.255.0

hostname(config)# global (outside) 1 209.165.201.5

hostname(config)# global (outside) 1 209.165.201.10-209.165.201.20

[eBOAZLeB DMZinjlbg[N AhXlbg[Ni10.1.1.0jlbg[N\AR}hB

hostname(config)# nat (dmz) 1 10.1.2.0 255.255.255.0 outside dns

hostname(config)# global (inside) 1 10.1.1.45

|V[ NAT gpA1 AhX 2 AhXwAR}hi}A }14-8AhXgp|V[ NAT QjB

hostname(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.201.0 255.255.255.224

hostname(config)# access-list NET2 permit ip 10.1.2.0 255.255.255.0 209.165.200.224 255.255.255.224

hostname(config)# nat (inside) 1 access-list NET1 tcp 0 2000 udp 10000

hostname(config)# global (outside) 1 209.165.202.129

hostname(config)# nat (inside) 2 access-list NET2 tcp 1000 500 udp 2000

hostname(config)# global (outside) 2 209.165.202.130

|V[ NAT gpA|[ggpA1 AhXAhXyAwAR}hi}A }14-9|[ggp|V[ NAT QjB

hostname(config)# access-list WEB permit tcp 10.1.2.0 255.255.255.0 209.165.201.11 255.255.255.255 eq 80

hostname(config)# access-list TELNET permit tcp 10.1.2.0 255.255.255.0 209.165.201.11 255.255.255.255 eq 23

hostname(config)# nat (inside) 1 access-list WEB

hostname(config)# global (outside) 1 209.165.202.129

hostname(config)# nat (inside) 2 access-list TELNET

hostname(config)# global (outside) 2 209.165.202.130

X^eBbN NAT gp

AX^eBbN@B

}14-21 AIX^eBbN NAT ViIBANeBuAzXg[g zXgJnA}bsO AhX static R}hX^eBbNB

}14-21 X^eBbN NAT

AhX}bsO AhXA 2 C^[tFCX static R}hgpB static R}hA}bsO C^[tFCX global R}h`}bsO AhXgpB

X^eBbN NAT A X^eBbN NAT QB

clear xlate R}he[uX^eBbNB static R}hKvB clear xlate R}hA nat R}h global R}h_Ci~bNB

X^eBbN NAT AR}hB

･ |V[ X^eBbN NAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) { mapped_ip | interface } access-list acl_name [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

access-list R}hgpAANZXXgi gANZXXg QjBANZXXgA ACE BANZXXggpMTulbg }XNA}bsO AhXgpB eq ZqgpAANZXXg|[g|[gwB|V[ NAT A inactive time-range L[[hlB ACE A|V[ NAT RtBM[VANeBuBA |V[ NAT QB

lbg[Nwi10.1.1.0 255.255.255.0 jAZLeB AvCAXA.0 .255 AhXBAhXANZX~AANZXANZXXgB

IvVA _Ci~bN NAT PAT QB

･ WX^eBbN NAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) { mapped_ip | interface } real_ip [ netmask mask ] [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

IvVA _Ci~bN NAT PAT QB

A|V[ X^eBbN NAT AAhX 2 }bsO AhX 1 AhXi}A }14-8AhXgp|V[ NAT QjB

hostname(config)# access-list NET1 permit ip host 10.1.2.27 209.165.201.0 255.255.255.224

hostname(config)# access-list NET2 permit ip host 10.1.2.27 209.165.200.224 255.255.255.224

hostname(config)# static (inside,outside) 209.165.202.129 access-list NET1

hostname(config)# static (inside,outside) 209.165.202.130 access-list NET2

R}hA IP AhXi10.1.1.3jO IP AhXi209.165.201.12j}bsOB

hostname(config)# static (inside,outside) 209.165.201.12 10.1.1.3 netmask 255.255.255.255

R}hAOAhXi209.165.201.15jAhXi10.1.1.6j}bsOB

hostname(config)# static (outside,inside) 10.1.1.6 209.165.201.15 netmask 255.255.255.255

R}hATulbgSX^eBbN}bsOB

hostname(config)# static (inside,dmz) 10.1.1.0 10.1.2.0 netmask 255.255.255.0

X^eBbN PA T gp

AX^eBbN |[g@BX^eBbN PAT gpA IP AhX}bsO IP AhXA|[g}bsO |[gB|[g|[gIBA^CvgtBbNBA|[gB

}14-22 AIX^eBbN PAT ViIBANeBuAzXg[g zXgJnA}bsO AhX|[g static R}hX^eBbNB

}14-22 X^eBbN PAT

ZJ_ `lAvP[VKvAvP[ViFTPAVoIP jgpAZLeB AvCAXIZJ_ |[gB

AhX}bsO AhXA 2 C^[tFCX static gpB static R}hA}bsO C^[tFCX global R}h`}bsO AhXgpB

X^eBbN PAT A X^eBbN PAT QB

clear xlate R}he[uX^eBbNB static R}hKvB clear xlate R}hA nat R}h global R}h_Ci~bNB

X^eBbN PAT AR}hB

･ |V[ X^eBbN PAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) { tcp | udp } { mapped_ip | interface } mapped_port access-list acl_name [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

access-list R}hgpAANZXXgi gANZXXg QjBANZXXgvgRAR}hvgRvKvBA static R}h tcp wAANZXXg tcp wKvB eq Zqgp|[gwBANZXXgA ACE BANZXXggpMTulbg }XNA}bsO AhXgpB|V[ NAT A inactive time-range L[[hlB ACE A|V[ NAT RtBM[VANeBuB

lbg[Nwi10.1.1.0 255.255.255.0 jAZLeB AvCAXA.0 .255 AhXBAhXANZX~AANZXANZXXgB

IvVA _Ci~bN NAT PAT QB

･ X^eBbN PAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) { tcp | udp } { mapped_ip | interface } mapped_port real_ip real_port [ netmask mask ] [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

IvVA _Ci~bN NAT PAT QB

A10.1.3.0 lbg[NzXgJnAZLeB AvCAXOC^[tFCXi10.1.2.14j Telnet gtBbNAzXg 10.1.1.15 _CNgBAR}hB

hostname(config)# access-list TELNET permit tcp host 10.1.1.15 eq telnet 10.1.3.0 255.255.255.0 eq telnet

hostname(config)# static (inside,outside) tcp 10.1.2.14 telnet access-list TELNET

10.1.3.0 lbg[NzXgJnAZLeB AvCAXOC^[tFCXi10.1.2.14j HTTP gtBbNAzXg 10.1.1.15 _CNgBAR}hB

hostname(config)# access-list HTTP permit tcp host 10.1.1.15 eq http 10.1.3.0 255.255.255.0 eq http

hostname(config)# static (inside,outside) tcp 10.1.2.14 http access-list HTTP

Telnet gtBbNZLeB AvCAXOC^[tFCXi10.1.2.14jzXg 10.1.1.15 _CNgAR}hB

hostname(config)# static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

AL Telnet T[oJnAwKvBA^CvgtBbNAR}hB static R}hAT[o Telnet pwA nat R}h global R}hAT[oMp PAT wB

hostname(config)# static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

hostname(config)# nat (inside) 1 10.1.1.15 255.255.255.255

hostname(config)# global (outside) 1 10.1.2.14

gtBbNpAzXg Telnet T[o}bsO AhXgpAT[o Telnet gtBbN static }bsO AhXgpATelnet T[oJngtBbNBTelnet T[opAI nat KvB nat AKAI nat IvBATelnet T[oJngtBbNpI nat Telnet static BAzXgpBA}bsO AhXgpB

hostname(config)# static (inside,outside) tcp 10.1.2.14 telnet 10.1.1.15 telnet netmask 255.255.255.255

hostname(config)# nat (inside) 1 10.1.1.15 255.255.255.255

hostname(config)# global (outside) 1 10.1.2.14

hostname(config)# nat (inside) 2 10.1.1.0 255.255.255.0

hostname(config)# global (outside) 2 10.1.2.78

\|[gi80j|[gi8080jAR}hB

hostname(config)# static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask 255.255.255.255

NAT oCpX

ANAT oCpX@BNAT Cl[u NAT oCpXBNAT AACfeBeB NATAX^eBbN ACfeBeB NATA NAT gpoCpXB@A NAT Cl[u NAT oCpX QBAB

･ ACfeBeB NAT

･ X^eBbN ACfeBeB NAT

･ NAT

ACfeBeB NAT

ACfeBeB NAT A IP AhX IP AhXBuvzXg NAT AgtBbNB

}14-23 AIACfeBeB NAT ViIB

}14-23 NAT

ACfeBeB NAT AR}hB

hostname(config)# nat ( real_interface ) 0 real_ip [ mask [ dns ] [ outside ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

IvVA _Ci~bN NAT PAT QB

A 10.1.1.0/24 lbg[NACfeBeB NAT gpAR}hgpB

hostname(config)# nat (inside) 0 10.1.1.0 255.255.255.0

X^eBbN ACfeBeB NAT

X^eBbN ACfeBeB NAT A IP AhX IP AhXBANeBuAuvzXg[g zXgJnBX^eBbN ACfeBeB NAT AW NAT |V[ NAT gpB|V[ NAT AAhXAAhXAhXwi|V[ NAT A |V[ NAT QjBAAhXOC^[tFCXANZXAT[o A AhX|V[ X^eBbN ACfeBeB NAT gpAOT[o B ANZXgpB

}14-24 AIX^eBbN ACfeBeB NAT ViIB

}14-24 X^eBbN ACfeBeB NAT

clear xlate R}he[uX^eBbNB static R}hKvB clear xlate R}hA nat R}h global R}h_Ci~bNB

X^eBbN ACfeBeB NAT AR}hB

･ |V[ X^eBbN ACfeBeB NAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) real_ip access-list acl_id [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

access-list R}hgpAANZXXgi gANZXXg QjBANZXXgA ACE BANZXXgMAhXAR}h real_ip vmFB|V[ NAT A inactive time-range L[[hlB ACE A|V[ NAT RtBM[VANeBuBA |V[ NAT QB

IvVA _Ci~bN NAT PAT QB

･ WX^eBbN ACfeBeB NAT AR}hB

hostname(config)# static ( real_interface , mapped_interface ) real_ip real_ip [ netmask mask ] [ dns ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

real_ip A IP AhXwB

IvVA _Ci~bN NAT PAT QB

AR}hAOANZXA IP AhXi10.1.1.3jX^eBbN ACfeBeB NAT gpB

hostname(config)# static (inside,outside) 10.1.1.3 10.1.1.3 netmask 255.255.255.255

R}hAANZXAOAhXi209.165.201.15jX^eBbN ACfeBeB NAT gpB

hostname(config)# static (outside,inside) 209.165.201.15 209.165.201.15 netmask 255.255.255.255

R}hATulbgSX^eBbN}bsOB

hostname(config)# static (inside,dmz) 10.1.2.0 10.1.2.0 netmask 255.255.255.0

X^eBbN ACfeBeB |V[ NAT AAhXANZXACfeBeB NAT gpAAhXANZXgp 1 AhXB

hostname(config)# access-list NET1 permit ip host 10.1.2.27 209.165.201.0 255.255.255.224

hostname(config)# access-list NET2 permit ip host 10.1.2.27 209.165.200.224 255.255.255.224

hostname(config)# static (inside,outside) 10.1.2.27 access-list NET1

hostname(config)# static (inside,outside) 209.165.202.130 access-list NET2

NAT

NAT gpAAhXAzXg[g zXgJnBNAT AgtBbNAAhXAhXwi|V[ NAT jBANAT AACfeBeB NAT gpBA|V[ NAT ANAT AANZXXg|[glBANZXXg|[glAX^eBbN ACfeBeB NAT gpB

}14-25 AI NAT ViIB

}14-25 NAT

NAT AR}hB

hostname(config)# nat ( real_interface ) 0 access-list acl_name [ outside ] [ norandomseq ] [[ tcp ] tcp_max_conns [ emb_limit ]] [ udp udp_max_conns ]

access-list R}hgpAANZXXgi gANZXXg QjBANZXXgA ACE ACE BANZXXgA|[g|[gwBNAT |[glBNAT A inactive time-range L[[hlB ACE ANAT RtBM[VANeBuB

IvVA _Ci~bN NAT PAT QB

ftHgAR}hOgtBbNBOgtBbN NAT oCpXA nat R}hA outside NAT CX^XO NAT wBOC^[tFCX_Ci~bN NAT AgtBbNAO NAT gpB

ACAhXANZXAlbg[NAR}hB

hostname(config)# access-list EXEMPT permit ip 10.1.2.0 255.255.255.0 any

hostname(config)# nat (inside) 0 access-list EXEMPT

DMZ lbg[N_Ci~bNO NAT gpA DMZ lbg[NAR}hgpB

hostname(config)# nat (dmz) 1 10.1.2.0 255.255.255.0 outside dns

hostname(config)# global (inside) 1 10.1.1.45

hostname(config)# access-list EXEMPT permit ip 10.1.3.0 255.255.255.0 any

hostname(config)# nat (dmz) 0 access-list EXEMPT

2 AhXANZXAAhXAR}hB

hostname(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.201.0 255.255.255.224

hostname(config)# access-list NET1 permit ip 10.1.2.0 255.255.255.0 209.165.200.224 255.255.255.224

hostname(config)# nat (inside) 0 access-list NET1

NAT

ANAT gpIViIBB

･ AhXdlbg[N

･ |[g_CNg

AhXdlbg[N

}14-26 ZLeB AvCAXAAhXd 2 vCx[g lbg[NB

}14-26 AhXdlbg[NO NAT gp

2 lbg[NAdAhXi192.168.100.0/24jgpAelbg[NzXgiANZXXg]jMKvBNAT AAhXd DMZ lbg[NzXglbg[NzXgANZXApPbgZLeB AvCAXBZLeB AvCAXpPbgAlbg[NAhXBAlbg[NzXgAhXgpAzXgpPbgMB

ANAT gpAdAhXwBANZXAlbg[NX^eBbN NAT gpBC^[tFCX DMZ zXgANZXAAhX_Ci~bN NAT gpAANZX DMZ AhXX^eBbN NAT gpBAX^eBbN NAT B

2 C^[tFCXX^eBbN NAT AsBDMZ 10.1.1.0/24 lbg[NB

hostname(config)# static (inside,dmz) 10.1.2.0 192.168.100.0 netmask 255.255.255.0

Xebv 2 R}hAANZX DMZ 192.168.100.0/24 lbg[N 10.1.3.0/24 B

hostname(config)# static (dmz,inside) 10.1.3.0 192.168.100.0 netmask 255.255.255.0

Xebv 3 DMZ lbg[NgtBbNZLeB AvCAX[eBOAX^eBbN [gB

hostname(config)# route dmz 192.168.100.128 255.255.255.128 10.1.1.2 1

hostname(config)# route dmz 192.168.100.0 255.255.255.128 10.1.1.2 1

ZLeB AvCAXAlbg[Np[gBX^eBbN [ggpAZLeB AvCAX 192.168.100.0/24 lbg[NgtBbN DMZ C^[tFCXQ[gEFC [^ 10.1.1.2 Mi[glbg[NX^eBbN [gAlbg[N 2 KvjBAftHg [gAL[g DMZ gtBbNpgpB

DMZ lbg[NzXg 192.168.100.2 lbg[NzXg 192.168.100.2 JnACxgB

1. DMZ zXg 192.168.100.2 IP AhX 10.1.2.2 pPbgMB

2. ZLeB AvCAXpPbgMAZLeB AvCAXMAhX 192.168.100.2 10.1.3.2 B

3. AZLeB AvCAXAhX 10.1.2.2 192.168.100.2 ApPbg]B

|[g_CNg

}14-27 A|[g _CNV@\Ilbg[N\B

}14-27 X^eBbN PAT gp|[g _CNV

\A|[g _CNVAOlbg[NzXgsB

･ IP AhX 209.165.201.5 Telnet vA10.1.1.6 _CNgB

･ IP AhX 209.165.201.5 FTP vA10.1.1.3 _CNgB

･ ZLeB AvCAXO IP AhX 209.165.201.25 HTTP vA10.1.1.5 _CNgB

･ PAT AhX 209.165.201.15 HTTP |[g 8080 vA10.1.1.7 |[g 80 _CNgB

AsB

hostname(config)# nat (inside) 1 0.0.0.0 0.0.0.0 0 0

hostname(config)# global (outside) 1 209.165.201.15

Xebv 2 R}hA209.165.201.5 Telnet v 10.1.1.6 _CNgB

hostname(config)# static (inside,outside) tcp 209.165.201.5 telnet 10.1.1.6 telnet netmask 255.255.255.255

Xebv 3 R}hAIP AhX 209.165.201.5 FTP v 10.1.1.3 _CNgB

hostname(config)# static (inside,outside) tcp 209.165.201.5 ftp 10.1.1.3 ftp netmask 255.255.255.255

Xebv 4 R}hAZLeB AvCAXOC^[tFCX AhX HTTP v 10.1.1.5 _CNgB

hostname(config)# static (inside,outside) tcp interface www 10.1.1.5 www netmask 255.255.255.255

Xebv 5 R}hAPAT AhX 209.165.201.15 |[g 8080 HTTP v 10.1.1.7 |[g 80 _CNgB

hostname(config)# static (inside,outside) tcp 209.165.201.15 8080 10.1.1.7 www netmask 255.255.255.255