- 论坛徽章:
- 0
|
单位到位一台2811router,所在的环境很特殊,单位小网使用总公司拨给的25M带宽,通过公司网也可以上外网,但没有任何自由,所以自己又申请了一条百M网通线路,但是公司的网还不能不用,此时2811弄个双网接入就理所当然了
俩WAN口:1,公司网接入口2.网通接入口
一个LAN口,lan 口下接3952华为交换机
公司的网段在192.168.0.1-192.168.0.250 网关:192.168.0.253
网通网地址:211.122.254.64(模拟IP)网关:211.122.254.63
自己内网IP:192.168.1.1-192.168.1.250 网关:192.168.1.200
需要说明的是,用办公自动化的时候走公司内网,普通上网用网通线路,查资料得知需要做根据地址的策略路由,此时需要用到router-map
第一次成功的配置 此时由于网通IP还未到位,所以使用一ADSL模拟外网,ADSL网段是192.168.2.1-192.168.2.250 网关:192.168.1.1)
config t
interface fastethernet0/0
ip add 192.68.0.200 255.255.255.0
no shutdown
ip nat outside
exit
interface fastethernet0/1
ip add 192.168.2.200 255.255.255.0
no shutdown
ip nat outside
exit
interface vlan 1
ip add 192.168.1.200 255.255.255.0
no shutdown
ip nat inside
exit
interface fastethernet0/0/0
switchport access vlan 1
ip nat pool isp1_pool 192.168.0.10 192.168.0.199 netmask 255.255.255.0
ip nat pool isp2_pool 192.168.2.10 192.168.2.199 netmask 255.255.255.0
access-list 100 permit ip 192.168.1.0 0.255.255.255 any
ip nat inside source route-map isp1 pool isp1_pool
ip nat inside source route-map isp2 pool isp2_pool
route-map isp1 permit 10
match ip address 100
match interface fastethernet0/0
route-map isp2 permit 10
match ip address 100
match interface fastethernet0/1
ip route 192.168.0.0 255.255.0.0 192.168.0.253
ip route 0.0.0.0 0.0.0.0 192.168.2.1
此时是成功的,访问公司走的是 interface fastethernet0/0外网是0/1
但是网通给了IP后如此配置却无论如何都无法通过网通线出去
后来找到原因先把配置写出来对比一下
interface FastEthernet0/0
ip address 192.168.0.200255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 211.122.254.64 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 192.168.1.200 255.255.255.0
ip nat inside
!
ip classless
ip route 0.0.0.0 0.0.0.0 211.122.254.63
ip route 192.168.0.0 255.255.0.0 192.168.0.253
ip http server
ip nat pool isp2 211.122.254.64 211.122.254.64 netmask 255.255.255.252
ip nat pool isp1 192.168.0.10 192.168.0.199netmask 255.255.255.0
ip nat inside source route-map map-isp1 pool isp1
ip nat inside source route-map map-isp2 pool isp2
!
access-list 100 permit ip 192.168.1.0 0.255.255.255 any
route-map map-isp2 permit 10
match ip address 100
match interface FastEthernet0/1
!
route-map map-isp1 permit 10
match ip address 100
match interface FastEthernet0/0
!
如此写是无法达到目的的,百思不得其解,后终于在NAT那里找到了端倪缺了一个单词!
这句后面应该加个overload
ip nat inside source route-map map-isp2 pool isp2 overload
引用资料:
CISCO路由器多ISP接入配置
路由器的NAT的原理及配置
路由器NAT功能配置简介
谢谢文章的作者
[ 本帖最后由 jinscan 于 2007-8-21 22:23 编辑 ] |
|
免费注册
发表于 2007-08-21 22:21
