华为路由器的NAT配置？

华为路由器 NAT及DHCP配置实例
sysname HUAWEI-AR28-11
#
nat address-group 1 125951903 125951903
nat static 192168100254 125951906
nat static 192168100252 125951905
nat aging-time tcp 360
#
radius scheme system
#
domain system
#
local-user admin
password cipher ]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
dhcp server ip-pool 1
network 19216810 mask 2552552550
gateway-list 19216811
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 2
network 19216820 mask 2552552550
gateway-list 19216821
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 3
network 19216830 mask 2552552550
gateway-list 19216831
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 4
network 19216840 mask 2552552550
gateway-list 19216841
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 5
network 19216850 mask 2552552550
gateway-list 19216851
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 6
network 19216860 mask 2552552550
gateway-list 19216861
dns-list 2029612886 20296128166 20296128143
#
dhcp server ip-pool 7
network 19216870 mask 2552552550
gateway-list 19216871
dns-list 2029612886 20296128166 20296128143
#
acl number 2500
rule 0 permit source 19216800 00255255
#
acl number 3900
rule 0 deny tcp destination-port eq 8
rule 1 deny tcp destination-port eq 135
rule 2 deny tcp destination-port eq 139
rule 3 deny tcp destination-port eq 445
rule 4 deny tcp destination-port eq exec
rule 5 deny tcp destination-port eq 64444
rule 6 deny tcp destination-port eq 8080
rule 7 deny udp destination-port eq 135
rule 8 deny udp destination-port eq 445
rule 9 deny udp destination-port eq 3500
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 125951902 255255255248
nat outbound static
nat outbound 2500 address-group 1
#
interface Ethernet0/1
description line to HUAWEI-S3928
ip address 19216882 2552552550
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address dhcp-alloc
#
interface NULL0
#
dhcp server forbidden-ip 192168100252
dhcp server forbidden-ip 192168100254
#
ip route-static 0000 0000 125951901 preference 60
ip route-static 19216810 2552552550 19216881 preference 60
ip route-static 19216820 2552552550 19216881 preference 60
ip route-static 19216830 2552552550 19216881 preference 60
ip route-static 19216840 2552552550 19216881 preference 60
ip route-static 19216850 2552552550 19216881 preference 60
ip route-static 19216860 2552552550 19216881 preference 60
ip route-static 19216870 2552552550 19216881 preference 60
ip route-static 1921681000 2552552550 19216881 preference 60
#
user-interface con 0
user-interface aux 0
set authentication password cipher V_$D$4N:#F/$ATR`+,;!!!
idle-timeout 2 0
user-interface vty 0 4
user privilege level 3
set authentication password cipher V_$D$4N:#F/$ATR`+,;!!!
idle-timeout 2 0
#
return
具体最好咨询厂家

1、 配置静态地址转换：
一对一静态地址转换：[system] nat static ip-addr1 ip-addr2
静态网段地址转换： [system] nat static net-to-net inside-start-address inside-end-address global global-address mask
应用到接口： [interface]nat outbound static
2、多对多地址转换：[interface]nat outbound acl-number address-group group-number no-pat
3、配置NAPT：[interface]nat outbound acl-number [ address-group group-number ]
两个特殊的NAPT：
Easy IP： [interface]nat outbound acl-number (转化为接口地址)
Lookback：[interface]nat outbound acl-number interface loopback interface-number (转化为loopback地址)
4、双向地址转换：[system]nat overlapaddress number overlappool-startaddress temppool-startaddress { pool-length pool-length | address-mask mask } (需要结合outbound命令)
5、配置内部服务器：[interface]nat server
6、地址转换应用层网关：[system]nat alg (专门针对ftp之类对NAT敏感的协议)

你给的条件不详细,我就写主要的假设多对多的地址池分别是:19216801 - 1921680254 和 1721601 - 172160254吧
Router(config)#ip nat pool NET 1721601 172160254 prefix-length 24
Router(config)#access-list 1 permit 19216800 000255
Router(config)#ip nat inside source list 1 pool NET
就是把内部网段19216801 - 1921680254转换成1721601 - 172160254
不知道是否满足了你的要求!

---