如果所示:PC的数据包到达SW后,SW有条静态全0路由到SG,然后在SG上对PC的源IP地址做NAT转换(仅对PC的源IP做NAT转换),转换成SG的e0/0接口的IP地址,SG上有一条全0的静态路由到达SW,但是发现数据包从PC到达SW后SW转发给了SG,SG也进行了NAT转换但是转换完以后并没有将转换后的数据包转交给SW,为什么不转发给SW呢。
PC#ping 12.1.1.2 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
.
Success rate is 0 percent (0/1)
PC#
SG#
*Mar 5 06:27:25.564: NAT: [0] Allocated Port for 192.168.2.1 -> 192.168.3.2: wanted 63 got 63
*Mar 5 06:27:25.564: NAT*: i: icmp (192.168.2.1, 63) -> (12.1.1.2, 63) [91]
*Mar 5 06:27:25.564: NAT*: s=192.168.2.1->192.168.3.2, d=12.1.1.2 [91]
SG#
*Mar 5 06:28:26.601: NAT: expiring 192.168.3.2 (192.168.2.1) icmp 63 (63)
*Mar 5 06:28:26.601: NAT-SymDB: DB is either not enabled or not initiated.
SG#
SG#sh access-lists
Standard IP access list 10
10 permit 192.168.2.0, wildcard bits 0.0.0.255 (37 matches)
SG#sh run | s ip nat
ip nat enable
ip nat source list 10 interface Ethernet0/0 overload
SG#sh run int e0/0
Building configuration...
Current configuration : 82 bytes
!
interface Ethernet0/0
ip address 192.168.3.2 255.255.255.0
ip nat enable
end
SG#
当PC ping 12.1.1.2 的时候,SG上进行了NAT转换但是我抓包看了之后 SG并没有回包到SW