- 论坛徽章:
- 0
|
Router#show r
00:07:45: %SYS-5-CONFIG_I: Configured from console by consoleun
Building configuration...
Current configuration : 1046 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname Router
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
!
!
!
//创建一个loopback接口,并作为NAT inside接口
//并在此接口上,应用rm-nat这个route-map
interface Loopback0
ip address 172.16.1.1 255.255.255.255
ip nat inside
ip policy route-map rm-nat
!
//在E0接口上配置XXX.XXX.160.69做为IP,同时将内网地址做为Secondary地址。e0做为outside接口。
////并在此接口上,应用no-route这个route-map ------为什么要加这个,在下面有注解
interface FastEthernet0
ip address 192.168.200.1 255.255.255.0 secondary
ip address XXX.XXX.160.69 255.255.255.240
ip nat outside
ip policy route-map no-route
speed auto
!
//
//常规NAT配置
ip nat inside source list 10 interface FastEthernet0 overload
///配置路由及NAT所需要的access-list
ip classless
ip route 0.0.0.0 0.0.0.0 Loopback0
no ip http server
!
access-list 10 permit 192.168.200.0 0.0.0.255
////配置策略路由所需要的access-list
access-list 110 permit ip any any
access-list 199 permit ip 192.168.200.0 0.0.0.255 XXX.XXX.160.64 0.0.0.15
!
//配置所需要的route-map,凡是满足access-list 110条件的包均被转发到ISP 提供的IP的gateway!
route-map rm-nat permit 10
match ip address 110
set ip next-hop XXX.XXX.160.65
!
//因192.168.200.0/24访问XXX.XXX.160.64/28这些ip时是不会转发到默认路由的。路由器是会把这两段网段是直接相連的。故不转发到LOOPBACK0
//上,故不加个策略路由,这会导至192.168.200.0/24能访问除XXX.XXX.160.64/28外的网络,故需加个策略路由到FastEthernet0 口上,强制他到转发到LOOPBACK0上去!
route-map no-route permit 10
match ip address 199
set interface Loopback0
!
!
line con 0
line aux 0
end
Router#
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/31783/showart_246216.html |
|
免费注册
发表于 2007-02-11 20:44