The external network can only access the static NAT converted users (servers). Dynamic NAT translation is not accessible to all users.

1. Configure static address mapping on port 2

Enter the NIC node on port 2

ip nat inside static 192.168.1.1 202.103.24.10

access-list 98 pemit 192.168.2.0 0.0. 0.255

Then all users at 192.168.1.1 can be accessed by the outside network, and the users can go to the outside network.

The ACL configuration can communicate with users on the 192.168.2 segment.

2. To configure dynamic NAT on port 3, set up an address pool and bind the address pool to an ACL rule.

Enter the port 3 NIC node

ip nat pool xxx

ip nat pool xxx 202.103.24.11 202.103.24.13 netmask 255.255.255.0

access-list 99 pemit 192.168.1.0 0.0.0.255

ip nat souce static list 99 pool xxx overload

Then the IPs of the ports are dynamically converted to the external addresses of the xxx address pool, and the users of NIC 2 can access them. (As for whether it is address translation or port translation, adding OVERLOAD is port translation, not adding it is address translation).