30选5玩法|福彩30选5开奖结果321|
 

标签:双出口

CISCO路由器实现双线接入

第一步:
配置cnc接口:
interface GigabitEthernet5/1
ip address 60.10.135.11 255.255.255.224
ip nat outside

配置tel接口:
interface GigabitEthernet5/9
ip address 219.148.157.22 255.255.255.252
ip nat outside

配置内网接口:
interface GigabitEthernet5/2
ip address 192.168.0.1 255.255.255.0
ip nat inside

第二步:配置accelist-list

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

------中间广告---------

第三步:分别配置cnc和tel的地址池
ip nat pool pool2 60.10.135.11 60.10.135.11 netmask 255.255.255.224
ip nat pool pool1 219.148.157.22 219.148.157.22 netmask 255.255.255.252

第四步:配置两个route-map

route-map isp2 permit 10
match ip address 100
match interface GigabitEthernet5/1
!
route-map isp1 permit 10
match ip address 100
match interface GigabitEthernet5/9

第五步:配置两个nat

ip nat inside source route-map isp1 pool pool1 overload
ip nat inside source route-map isp2 pool pool2 overload

第六步:配置路由
缺省从电信走:ip route 0.0.0.0 0.0.0.0 219.148.157.21
目的地址是网通的走网通,例如:ip route 202.99.168.0 255.255.248.0 60.10.135.1
将全国的网通地址段全部添?#30001;?#21363;可完成。唉,魂牵梦绕的她终于走到了我跟前。

Cisco PIX防火墙实现双出口

No Comments CISCO , ,

Cisco PIX防火墙实现双出口

一、用户需求 用户有一台Cisco PIX 515E防火墙,一个网通的出口,一个电信的出口。现在要实现默认都往电信线路出去,而访问网通的网站时使用网通的线路出去。
二、实现要点
1、首先要收集网通的IP网段(这个可以在网络上搜索,或者电信的朋友要一份);
2、在路由方面,由于Cisco PIX是偏向于防火墙的功能,因此PIX在路由方面是比?#20808;?#30340;无法通过策略路由来实现,在此我使用?#22235;?#35748;路由往设成电信的网关,同时添加网通IP网段的静态路由。这样实现了两个出口路由的走向。
3、在NAT方面,要配置两条NAT,其中一条是通往网通的转换成网通的出口IP,另一条是通往电信的转换成电信的出口IP,这个NAT应该是网通的NAT要配置在电信NAT前面,否则将无法实现。
三、Cisco PIX双出口配置
3.1 环境描述
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet5 teloutside security0
ip address outside 224.254.14.164 255.255.255.0
ip address inside 192.168.0.1 255.255.255.0
ip address teloutside 202.99.114.91 255.255.255.128
#备注:outside为网通线路出口;teloutside为电信线路出口;inside为内网接口;
3.2双出口实现
A、网通IP网段定义
object-group network wtnetwork
network-object 58.16.0.0 255.248.0.0
network-object 58.100.0.0 255.254.0.0
network-object 58.240.0.0 255.240.0.0
network-object 60.0.0.0 255.248.0.0
network-object 60.8.0.0 255.252.0.0
network-object 60.12.0.0 255.255.0.0
network-object 60.13.0.0 255.255.192.0
network-object 60.13.128.0 255.255.128.0
network-object 60.16.0.0 255.240.0.0
network-object 60.24.0.0 255.248.0.0
network-object 60.31.0.0 255.255.0.0
network-object 60.208.0.0 255.248.0.0
network-object 60.216.0.0 255.254.0.0
network-object 60.220.0.0 255.252.0.0
network-object 61.48.0.0 255.252.0.0
network-object 61.52.0.0 255.254.0.0
network-object 61.54.0.0 255.255.0.0
network-object 61.55.0.0 255.255.0.0
network-object 61.133.0.0 255.255.128.0
network-object 61.134.64.0 255.255.192.0
network-object 61.134.128.0 255.255.128.0
network-object 61.135.0.0 255.255.0.0
network-object 61.136.0.0 255.255.0.0
network-object 61.138.0.0 255.255.128.0
network-object 61.139.128.0 255.255.192.0
network-object 61.148.0.0 255.255.0.0
network-object 61.149.0.0 255.255.0.0
network-object 61.156.0.0 255.255.0.0
network-object 61.158.0.0 255.255.0.0
network-object 61.159.0.0 255.255.192.0
network-object 61.161.0.0 255.255.192.0
network-object 61.161.128.0 255.255.128.0
network-object 61.162.0.0 255.255.0.0
network-object 61.163.0.0 255.255.0.0
network-object 61.167.0.0 255.255.0.0
network-object 61.168.0.0 255.255.0.0
network-object 61.176.0.0 255.255.0.0
network-object 61.179.0.0 255.255.0.0
network-object 61.180.128.0 255.255.128.0
network-object 61.181.0.0 255.255.0.0
network-object 61.182.0.0 255.255.0.0
network-object 61.189.0.0 255.255.128.0
network-object 124.90.0.0 255.254.0.0
network-object 124.162.0.0 255.255.0.0
network-object 202.32.0.0 255.224.0.0
network-object 202.96.64.0 255.255.224.0
network-object 202.97.128.0 255.255.128.0
network-object 202.98.0.0 255.255.224.0
network-object 202.99.0.0 255.255.0.0
network-object 202.102.128.0 255.255.192.0
network-object 202.102.224.0 255.255.254.0
network-object 202.106.0.0 255.255.0.0
network-object 202.107.0.0 255.255.128.0
network-object 202.108.0.0 255.255.0.0
network-object 202.110.0.0 255.255.128.0
network-object 202.110.192.0 255.255.192.0
network-object 202.111.128.0 255.255.192.0
network-object 203.79.0.0 255.255.0.0
network-object 203.80.0.0 255.255.0.0
network-object 203.81.0.0 255.255.224.0
network-object 203.86.32.0 255.255.224.0
network-object 203.86.64.0 255.255.224.0
network-object 203.90.0.0 255.255.128.0
network-object 203.90.128.0 255.255.192.0
network-object 203.90.192.0 255.255.224.0
network-object 203.92.0.0 255.254.0.0
network-object 210.12.0.0 255.255.128.0
network-object 210.12.192.0 255.255.192.0
network-object 210.13.0.0 255.255.255.0
network-object 210.14.160.0 255.255.224.0
network-object 210.14.192.0 255.255.192.0
network-object 210.15.0.0 255.255.128.0
network-object 210.15.128.0 255.255.192.0
network-object 210.16.128.0 255.255.192.0
network-object 210.21.0.0 255.255.0.0
network-object 210.22.0.0 255.255.0.0
network-object 210.51.0.0 255.255.0.0
network-object 210.52.0.0 255.254.0.0
network-object 210.52.128.0 255.255.128.0
network-object 210.53.0.0 255.255.0.0
network-object 210.74.64.0 255.255.192.0
network-object 210.74.128.0 255.255.192.0
network-object 210.78.0.0 255.255.224.0
network-object 210.82.0.0 255.254.0.0
network-object 211.100.0.0 255.255.0.0
network-object 211.101.0.0 255.255.192.0
network-object 211.147.0.0 255.255.0.0
network-object 211.167.96.0 255.255.224.0
network-object 218.4.0.0 255.252.0.0
network-object 218.10.0.0 255.254.0.0
network-object 218.21.128.0 255.255.128.0
network-object 218.24.0.0 255.254.0.0
network-object 218.26.0.0 255.255.0.0
network-object 218.27.0.0 255.255.0.0
network-object 218.28.0.0 255.254.0.0
network-object 218.56.0.0 255.252.0.0
network-object 218.60.0.0 255.254.0.0
network-object 218.62.0.0 255.255.128.0
network-object 218.67.128.0 255.255.128.0
network-object 218.68.0.0 255.254.0.0
network-object 218.109.159.0 255.255.255.0
network-object 219.141.128.0 255.255.128.0
network-object 219.142.0.0 255.254.0.0
network-object 219.154.0.0 255.254.0.0
network-object 219.156.0.0 255.254.0.0
network-object 219.158.0.0 255.255.0.0
network-object 219.159.0.0 255.255.192.0
network-object 220.248.0.0 255.252.0.0
network-object 220.252.0.0 255.255.0.0
network-object 221.0.0.0 255.252.0.0
network-object 221.4.0.0 255.254.0.0
network-object 221.6.0.0 255.255.0.0
network-object 221.7.128.0 255.255.128.0
network-object 221.8.0.0 255.254.0.0
network-object 221.10.0.0 255.255.0.0
network-object 221.11.0.0 255.255.128.0
network-object 221.12.0.0 255.252.0.0
network-object 221.12.0.0 255.255.128.0
network-object 221.12.128.0 255.255.192.0
network-object 221.192.0.0 255.252.0.0
network-object 221.195.0.0 255.255.0.0
network-object 221.196.0.0 255.254.0.0
network-object 221.199.0.0 255.255.224.0
network-object 221.199.32.0 255.255.240.0
network-object 221.199.128.0 255.255.192.0
network-object 221.199.192.0 255.255.240.0
network-object 221.200.0.0 255.252.0.0
network-object 221.204.0.0 255.254.0.0
network-object 221.207.0.0 255.255.192.0
network-object 221.208.0.0 255.240.0.0
network-object 221.208.0.0 255.252.0.0
network-object 221.213.0.0 255.255.0.0
network-object 221.214.0.0 255.254.0.0
network-object 222.128.0.0 255.252.0.0
network-object 222.132.0.0 255.252.0.0
network-object 222.136.0.0 255.248.0.0
network-object 222.160.0.0 255.252.0.0
network-object 222.163.0.0 255.255.224.0
B、定义Access-list 为作NAT准备
access-list 101 permit ip 192.168.0.0 object-group wtnetwork
#内部网络到网通IP网段的Access-list
access-list 104 permit ip 192.168.0.0 255.255.255.0 any
#内部网络到任何IP的Access-list
C、NAT配置
global (outside) 1 interface
#定义NAT ID 1为网通的出口ip
global (teloutside) 4 interface
#定义NAT ID 4为电信的出口ip
nat (inside) 1 access-list 101
#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)
nat (inside) 5 access-list 105
#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)
注意:nat (inside) 1 access-list 101一定要在nat (inside) 5 access-list 105前面。
D、Route路由配置
#####添加默认路由往电信的网关出去################
route teloutside 0.0.0.0 0.0.0.0 202.99.114.126 1
##################################################
#######添加静态路由往网通IP网段往网通的网关出去######
route outside 58.16.0.0 255.248.0.0 224.254.14.161
route outside 58.100.0.0 255.254.0.0 224.254.14.161
route outside 58.240.0.0 255.240.0.0 224.254.14.161
route outside 60.0.0.0 255.248.0.0 224.254.14.161
route outside 60.8.0.0 255.252.0.0 224.254.14.161
route outside 60.12.0.0 255.255.0.0 224.254.14.161
route outside 60.13.0.0 255.255.192.0 224.254.14.161
route outside 60.13.128.0 255.255.128.0 224.254.14.161
route outside 60.16.0.0 255.240.0.0 224.254.14.161
route outside 60.24.0.0 255.248.0.0 224.254.14.161
route outside 60.31.0.0 255.255.0.0 224.254.14.161
route outside 60.208.0.0 255.248.0.0 224.254.14.161
route outside 60.216.0.0 255.254.0.0 224.254.14.161
route outside 60.220.0.0 255.252.0.0 224.254.14.161
route outside 61.48.0.0 255.252.0.0 224.254.14.161
route outside 61.52.0.0 255.254.0.0 224.254.14.161
route outside 61.54.0.0 255.255.0.0 224.254.14.161
route outside 61.55.0.0 255.255.0.0 224.254.14.161
route outside 61.133.0.0 255.255.128.0 224.254.14.161
route outside 61.134.64.0 255.255.192.0 224.254.14.161
route outside 61.134.128.0 255.255.128.0 224.254.14.161
route outside 61.135.0.0 255.255.0.0 224.254.14.161
route outside 61.136.0.0 255.255.0.0 224.254.14.161
route outside 61.138.0.0 255.255.128.0 224.254.14.161
route outside 61.139.128.0 255.255.192.0 224.254.14.161
route outside 61.148.0.0 255.255.0.0 224.254.14.161
route outside 61.149.0.0 255.255.0.0 224.254.14.161
route outside 61.156.0.0 255.255.0.0 224.254.14.161
route outside 61.158.0.0 255.255.0.0 224.254.14.161
route outside 61.159.0.0 255.255.192.0 224.254.14.161
route outside 61.161.0.0 255.255.192.0 224.254.14.161
route outside 61.161.128.0 255.255.128.0 224.254.14.161
route outside 61.162.0.0 255.255.0.0 224.254.14.161
route outside 61.163.0.0 255.255.0.0 224.254.14.161
route outside 61.167.0.0 255.255.0.0 224.254.14.161
route outside 61.168.0.0 255.255.0.0 224.254.14.161
route outside 61.176.0.0 255.255.0.0 224.254.14.161
route outside 61.179.0.0 255.255.0.0 224.254.14.161
route outside 61.180.128.0 255.255.128.0 224.254.14.161
route outside 61.181.0.0 255.255.0.0 224.254.14.161
route outside 61.182.0.0 255.255.0.0 224.254.14.161
route outside 61.189.0.0 255.255.128.0 224.254.14.161
route outside 124.90.0.0 255.254.0.0 224.254.14.161
route outside 124.162.0.0 255.255.0.0 224.254.14.161
route outside 202.32.0.0 255.224.0.0 224.254.14.161
route outside 202.96.64.0 255.255.224.0 224.254.14.161
route outside 202.97.128.0 255.255.128.0 224.254.14.161
route outside 202.98.0.0 255.255.224.0 224.254.14.161
route outside 202.99.0.0 255.255.0.0 224.254.14.161
route outside 202.102.128.0 255.255.192.0 224.254.14.161
route outside 202.102.224.0 255.255.254.0 224.254.14.161
route outside 202.106.0.0 255.255.0.0 224.254.14.161
route outside 202.107.0.0 255.255.128.0 224.254.14.161
route outside 202.108.0.0 255.255.0.0 224.254.14.161
route outside 202.110.0.0 255.255.128.0 224.254.14.161
route outside 202.110.192.0 255.255.192.0 224.254.14.161
route outside 202.111.128.0 255.255.192.0 224.254.14.161
route outside 203.79.0.0 255.255.0.0 224.254.14.161
route outside 203.80.0.0 255.255.0.0 224.254.14.161
route outside 203.81.0.0 255.255.224.0 224.254.14.161
route outside 203.86.32.0 255.255.224.0 224.254.14.161
route outside 203.86.64.0 255.255.224.0 224.254.14.161
route outside 203.90.0.0 255.255.128.0 224.254.14.161
route outside 203.90.128.0 255.255.192.0 224.254.14.161
route outside 203.90.192.0 255.255.224.0 224.254.14.161
route outside 203.92.0.0 255.254.0.0 224.254.14.161
route outside 210.12.0.0 255.255.128.0 224.254.14.161
route outside 210.12.192.0 255.255.192.0 224.254.14.161
route outside 210.13.0.0 255.255.255.0 224.254.14.161
route outside 210.14.160.0 255.255.224.0 224.254.14.161
route outside 210.14.192.0 255.255.192.0 224.254.14.161
route outside 210.15.0.0 255.255.128.0 224.254.14.161
route outside 210.15.128.0 255.255.192.0 224.254.14.161
route outside 210.16.128.0 255.255.192.0 224.254.14.161
route outside 210.21.0.0 255.255.0.0 224.254.14.161
route outside 210.22.0.0 255.255.0.0 224.254.14.161
route outside 210.51.0.0 255.255.0.0 224.254.14.161
route outside 210.52.0.0 255.254.0.0 224.254.14.161
route outside 210.52.128.0 255.255.128.0 224.254.14.161
route outside 210.53.0.0 255.255.0.0 224.254.14.161
route outside 210.74.64.0 255.255.192.0 224.254.14.161
route outside 210.74.128.0 255.255.192.0 224.254.14.161
route outside 210.78.0.0 255.255.224.0 224.254.14.161
route outside 210.82.0.0 255.254.0.0 224.254.14.161
route outside 211.100.0.0 255.255.0.0 224.254.14.161
route outside 211.101.0.0 255.255.192.0 224.254.14.161
route outside 211.147.0.0 255.255.0.0 224.254.14.161
route outside 211.167.96.0 255.255.224.0 224.254.14.161
route outside 218.4.0.0 255.252.0.0 224.254.14.161
route outside 218.10.0.0 255.254.0.0 224.254.14.161
route outside 218.21.128.0 255.255.128.0 224.254.14.161
route outside 218.24.0.0 255.254.0.0 224.254.14.161
route outside 218.26.0.0 255.255.0.0 224.254.14.161
route outside 218.27.0.0 255.255.0.0 224.254.14.161
route outside 218.28.0.0 255.254.0.0 224.254.14.161
route outside 218.56.0.0 255.252.0.0 224.254.14.161
route outside 218.60.0.0 255.254.0.0 224.254.14.161
route outside 218.62.0.0 255.255.128.0 224.254.14.161
route outside 218.67.128.0 255.255.128.0 224.254.14.161
route outside 218.68.0.0 255.254.0.0 224.254.14.161
route outside 218.109.159.0 255.255.255.0 224.254.14.161
route outside 219.141.128.0 255.255.128.0 224.254.14.161
route outside 219.142.0.0 255.254.0.0 224.254.14.161
route outside 219.154.0.0 255.254.0.0 224.254.14.161
route outside 219.156.0.0 255.254.0.0 224.254.14.161
route outside 219.158.0.0 255.255.0.0 224.254.14.161
route outside 219.159.0.0 255.255.192.0 224.254.14.161
route outside 220.248.0.0 255.252.0.0 224.254.14.161
route outside 220.252.0.0 255.255.0.0 224.254.14.161
route outside 221.0.0.0 255.252.0.0 224.254.14.161
route outside 221.4.0.0 255.254.0.0 224.254.14.161
route outside 221.6.0.0 255.255.0.0 224.254.14.161
route outside 221.7.128.0 255.255.128.0 224.254.14.161
route outside 221.8.0.0 255.254.0.0 224.254.14.161
route outside 221.10.0.0 255.255.0.0 224.254.14.161
route outside 221.11.0.0 255.255.128.0 224.254.14.161
route outside 221.12.0.0 255.252.0.0 224.254.14.161
route outside 221.12.0.0 255.255.128.0 224.254.14.161
route outside 221.12.128.0 255.255.192.0 224.254.14.161
route outside 221.192.0.0 255.252.0.0 224.254.14.161
route outside 221.195.0.0 255.255.0.0 224.254.14.161
route outside 221.196.0.0 255.254.0.0 224.254.14.161
route outside 221.199.0.0 255.255.224.0 224.254.14.161
route outside 221.199.32.0 255.255.240.0 224.254.14.161
route outside 221.199.128.0 255.255.192.0 224.254.14.161
route outside 221.199.192.0 255.255.240.0 224.254.14.161
route outside 221.200.0.0 255.252.0.0 224.254.14.161
route outside 221.204.0.0 255.254.0.0 224.254.14.161
route outside 221.207.0.0 255.255.192.0 224.254.14.161
route outside 221.208.0.0 255.240.0.0 224.254.14.161
route outside 221.208.0.0 255.252.0.0 224.254.14.161
route outside 221.213.0.0 255.255.0.0 224.254.14.161
route outside 221.214.0.0 255.254.0.0 224.254.14.161
route outside 222.128.0.0 255.252.0.0 224.254.14.161
route outside 222.132.0.0 255.252.0.0 224.254.14.161
route outside 222.136.0.0 255.248.0.0 224.254.14.161
route outside 222.160.0.0 255.252.0.0 224.254.14.161
route outside 222.163.0.0 255.255.224.0 224.254.14.161
#备注:224.254.14.161为通往的网通的网关,##################
四、实现效果
目前国内的骨干网分为南、北两张网。南电信北网通,不通运营商之间的通讯都需要到骨干进行数据?#25442;唬?#22240;此网通的用户访问电信网站很慢而电信用户访问方位网通网站也很慢,因此对大型网络设置双出口可以使不同运营商之间网络访问速度得到改善,本文档是在这一背景下产生的需求。

linux 双线接入方案

ISP1:192.168.160.2
ISP2:172.16.250.2
Eth0:192.168.160.128
Eth1:172.16.250.128
企业双线接入方案
1 建立路由策略表
[[email protected] ~]# vi /etc/iproute2/rt_tables
100     tele1
102     tele2
添加如上两行
建立各个ISP网络对对应接口的路由
Ip route  add  192.168.160.0/24 dev eth0 src 192.168.160.128 table  tele1
Ip route  add  172.16.250.0/24 dev eth1 src 172.16.250.128 table  tele2
添加各个ISP的网关
Ip route add default via 192.168.160.2  table  tele1
Ip route add default via 172.16.250.2  table  tele2
添加路由策略从各个接口发送的数据可以发送到到各个ISP的路由表上面
Ip rule add from 192.168.160.128 table tele1
Ip rule add from 172.16.250.128 table  tele2
添加一个默认网关
Ip route add default via 172.16.250.2 dev eth1
Ip route show
[[email protected] ~]# ip route list
192.168.228.0/24 dev eth1  proto kernel  scope link  src  192.168.228.128
192.168.0.0/24 dev eth0   proto kernel  scope link  src 192.168.0.180
169.254.0.0/16 dev eth1   scope link
default via 192.168.228.128 dev eth1
以上实现了从哪里来从哪里出去(从出口路由器的角度来考虑)
做负载均衡,带宽加起来!
?#22659;?#19978;面的网关
Shell> Ip route del default via 172.16.250.2
Shell> Ip route add default scope global nexthop via 192.168.160.2 dev eth0 weight 1 nexthop via 172.16.250.2 dev eth1 weight 1
[[email protected] ~]# ip route list
192.168.228.0/24 dev eth1  proto kernel  scope link  src 192.168.228.128
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.180
169.254.0.0/16 dev eth1  scope link
default
        nexthop via 192.168.0.180  dev eth0 weight 1
        nexthop via 192.168.228.128  dev eth1 weight 1

 

 

by huzi1986

策略路由之双出口配置实例

No Comments CISCO

策略路由是一种比基于目标网络进行路由更加灵活的数据包路由转发机制。应用了策略路由,路由器将通过路由图决定如何对需要路由的数据包进行处理,路由图决定了一个数据包的下一跳转发路由器。 下面让我们通过一个实验来看一下双出口配置是怎样的过程。

策略路由实验拓朴:

策略路由实验要求:

1、R1连接本地子网,R2为边缘策略路由器,R3模拟双ISP接入的Internet环境。

2、要求R1所连接的局域网部分流量走R2-R3间上条链路(ISP1链路),部分流量走R2-R3间下条链路(ISP2链路)从而实现基于源的供应商链路选择和网络负载均衡。

各路由器配置如下:

  1. R1#sh run??????????? //路由器R1的配置
  2. interface Loopback0?????????????????????????????????????????????? //模拟子网一:192.168.1.0/24
  3. ip address 192.168.1.1 255.255.255.0???????????????????? //模拟子网中第一台主机
  4. ip address 192.168.1.2 255.255.255.0 secondary??? //模拟子网中第二台主机
  5. !
  6. interface Loopback2????????????????????????????????????????????? //模拟子网二:192.168.2.0/24
  7. ip address 192.168.2.1 255.255.255.0
  8. ip address 192.168.2.2 255.255.255.0 secondary
  9. !
  10. interface FastEthernet0/0
  11. ip address 12.0.0.1 255.255.255.0
  12. bitscn.com
  13. !
  14. !
  15. router rip??????????????????????????? //通过RIP协议配置网络的连通性
  16. version 2 bitscn.com
  17. network 192.168.1.0
  18. network 192.168.1.0
  19. network 12.0.0.0
  20. R3#sh run?????????????????????????? //路由器R3的配置
  21. Building configuration
  22. interface Loopback0???????????????? //模拟一个连接目标
  23. description to internet
  24. ip address 100.100.100.100 255.255.255.0
  25. !
  26. interface Serial1/1??????????????????? //模拟ISP1的接入端口
  27. ip address 123.0.0.3 255.255.255.0
  28. serial restart-delay 0
  29. !
  30. interface Serial1/3????????????????? //模拟ISP2的接入端口
  31. bitscn.com
  32. ip address 223.0.0.3 255.255.255.0
  33. serial restart-delay 0
  34. !
  35. router rip
  36. version 2
  37. network 100.0.0.0
  38. network 123.0.0.0
  39. network 223.0.0.0
  40. no auto-summary
  41. !
  42. end
  43. R2#sh run????????????????????? //策略路由器R2的配置
  44. Building configuration…
  45. interface FastEthernet0/0
  46. ip address 12.0.0.2 255.255.255.0
  47. ip policy route-map isp-test????? //在接口上启用策略路由isp-test进行流量控制
  48. duplex half
  49. !
  50. interface Serial1/1
  51. ip address 123.0.0.1 255.255.255.0
  52. serial restart-delay 0
  53. ! bitscn_com
  54. interface Serial1/3
  55. ip address 223.0.0.1 255.255.255.0 bitscn.com
  56. serial restart-delay 0
  57. router rip
  58. version 2
  59. network 12.0.0.0
  60. network 123.0.0.0
  61. network 223.0.0.0
  62. no auto-summary
  63. logging alarm informational
  64. access-list 101 permit ip 192.168.1.0 0.0.0.255 host 100.100.100.100?? //访问控制列表101,用于过滤原地址,允许子网192.168.1.0流量通过 */
  65. access-list 102 permit ip 192.168.2.0 0.0.0.255 host 100.100.100.100?? //访问控制列表102,用于过滤原地址,允许子网192.168.2.0流量通过 */
  66. !
  67. route-map isp-test permit 10??????????? //定义route-map,取名为isp-test,序列为10
  68. match ip address 101??????????????????????? //检查源地址,匹配acl 101
  69. set ip default next-hop 123.0.0.3???? //指定下一跳地址
  70. !
  71. feedom.net
  72. route-map isp-test permit 20??????????? //定义isp-test的第二条语句,序列号为20
  73. match ip address 102??????????????????????? //检查源地下,匹配acl102
  74. set ip default next-hop 223.0.0.3
  75. !
  76. route-map isp-test permit 30??????????? //定义isp-test的第三条语句,序列号为30
  77. set default interface Null0??????????????? //丢弃不匹配规定标准的包
  78. end
  79. ———————————————————————————

策略路由的内容不仅仅局限于以上介绍的内容,我们还会在以后的文章中继续向大家介绍。

 

李萧明吐槽 公司在南北两区域的兄弟们有福了,双出口加VPN解决一切问题。

Cisco PIX防火墙实现双出口

No Comments CISCO

Cisco PIX防火墙实现双出口

一、用户需求   用户有一台Cisco PIX 515E防火墙,一个网通的出口,一个电信的出口。现在要实现默认都往电信线路出去,而访问网通的网站时使用网通的线路出去。
二、实现要点
1、首先要收集网通的IP网段(这个可以在网络上搜索,或者电信的朋友要一份);
2、在路由方面,由于Cisco PIX是偏向于防火墙的功能,因此PIX在路由方面是比?#20808;?#30340;无法通过策略路由来实现,在此我使用?#22235;?#35748;路由往设成电信的网关,同时添加网通IP网段的静态路由。这样实现了两个出口路由的走向。
3、在NAT方面,要配置两条NAT,其中一条是通往网通的转换成网通的出口IP,另一条是通往电信的转换成电信的出口IP,这个NAT应该是网通的NAT要配置在电信NAT前面,否则将无法实现。
三、Cisco PIX双出口配置
3.1 环境描述
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet5 teloutside security0
ip address outside 224.254.14.164 255.255.255.0
ip address inside 192.168.0.1 255.255.255.0
ip address teloutside 202.99.114.91 255.255.255.128
#备注:outside为网通线路出口;teloutside为电信线路出口;inside为内网接口;
3.2双出口实现
A、网通IP网段定义
object-group network wtnetwork
network-object 58.16.0.0 255.248.0.0
network-object 58.100.0.0 255.254.0.0
network-object 58.240.0.0 255.240.0.0
network-object 60.0.0.0 255.248.0.0
network-object 60.8.0.0 255.252.0.0
network-object 60.12.0.0 255.255.0.0
network-object 60.13.0.0 255.255.192.0
network-object 60.13.128.0 255.255.128.0
network-object 60.16.0.0 255.240.0.0
network-object 60.24.0.0 255.248.0.0
network-object 60.31.0.0 255.255.0.0
network-object 60.208.0.0 255.248.0.0
network-object 60.216.0.0 255.254.0.0
network-object 60.220.0.0 255.252.0.0
network-object 61.48.0.0 255.252.0.0
network-object 61.52.0.0 255.254.0.0
network-object 61.54.0.0 255.255.0.0
network-object 61.55.0.0 255.255.0.0
network-object 61.133.0.0 255.255.128.0
network-object 61.134.64.0 255.255.192.0
network-object 61.134.128.0 255.255.128.0
network-object 61.135.0.0 255.255.0.0
network-object 61.136.0.0 255.255.0.0
network-object 61.138.0.0 255.255.128.0
network-object 61.139.128.0 255.255.192.0
network-object 61.148.0.0 255.255.0.0
network-object 61.149.0.0 255.255.0.0
network-object 61.156.0.0 255.255.0.0
network-object 61.158.0.0 255.255.0.0
network-object 61.159.0.0 255.255.192.0
network-object 61.161.0.0 255.255.192.0
network-object 61.161.128.0 255.255.128.0
network-object 61.162.0.0 255.255.0.0
network-object 61.163.0.0 255.255.0.0
network-object 61.167.0.0 255.255.0.0
network-object 61.168.0.0 255.255.0.0
network-object 61.176.0.0 255.255.0.0
network-object 61.179.0.0 255.255.0.0
network-object 61.180.128.0 255.255.128.0
network-object 61.181.0.0 255.255.0.0
network-object 61.182.0.0 255.255.0.0
network-object 61.189.0.0 255.255.128.0
network-object 124.90.0.0 255.254.0.0
network-object 124.162.0.0 255.255.0.0
network-object 202.32.0.0 255.224.0.0
network-object 202.96.64.0 255.255.224.0
network-object 202.97.128.0 255.255.128.0
network-object 202.98.0.0 255.255.224.0
network-object 202.99.0.0 255.255.0.0
network-object 202.102.128.0 255.255.192.0
network-object 202.102.224.0 255.255.254.0
network-object 202.106.0.0 255.255.0.0
network-object 202.107.0.0 255.255.128.0
network-object 202.108.0.0 255.255.0.0
network-object 202.110.0.0 255.255.128.0
network-object 202.110.192.0 255.255.192.0
network-object 202.111.128.0 255.255.192.0
network-object 203.79.0.0 255.255.0.0
network-object 203.80.0.0 255.255.0.0
network-object 203.81.0.0 255.255.224.0
network-object 203.86.32.0 255.255.224.0
network-object 203.86.64.0 255.255.224.0
network-object 203.90.0.0 255.255.128.0
network-object 203.90.128.0 255.255.192.0
network-object 203.90.192.0 255.255.224.0
network-object 203.92.0.0 255.254.0.0
network-object 210.12.0.0 255.255.128.0
network-object 210.12.192.0 255.255.192.0
network-object 210.13.0.0 255.255.255.0
network-object 210.14.160.0 255.255.224.0
network-object 210.14.192.0 255.255.192.0
network-object 210.15.0.0 255.255.128.0
network-object 210.15.128.0 255.255.192.0
network-object 210.16.128.0 255.255.192.0
network-object 210.21.0.0 255.255.0.0
network-object 210.22.0.0 255.255.0.0
network-object 210.51.0.0 255.255.0.0
network-object 210.52.0.0 255.254.0.0
network-object 210.52.128.0 255.255.128.0
network-object 210.53.0.0 255.255.0.0
network-object 210.74.64.0 255.255.192.0
network-object 210.74.128.0 255.255.192.0
network-object 210.78.0.0 255.255.224.0
network-object 210.82.0.0 255.254.0.0
network-object 211.100.0.0 255.255.0.0
network-object 211.101.0.0 255.255.192.0
network-object 211.147.0.0 255.255.0.0
network-object 211.167.96.0 255.255.224.0
network-object 218.4.0.0 255.252.0.0
network-object 218.10.0.0 255.254.0.0
network-object 218.21.128.0 255.255.128.0
network-object 218.24.0.0 255.254.0.0
network-object 218.26.0.0 255.255.0.0
network-object 218.27.0.0 255.255.0.0
network-object 218.28.0.0 255.254.0.0
network-object 218.56.0.0 255.252.0.0
network-object 218.60.0.0 255.254.0.0
network-object 218.62.0.0 255.255.128.0
network-object 218.67.128.0 255.255.128.0
network-object 218.68.0.0 255.254.0.0
network-object 218.109.159.0 255.255.255.0
network-object 219.141.128.0 255.255.128.0
network-object 219.142.0.0 255.254.0.0
network-object 219.154.0.0 255.254.0.0
network-object 219.156.0.0 255.254.0.0
network-object 219.158.0.0 255.255.0.0
network-object 219.159.0.0 255.255.192.0
network-object 220.248.0.0 255.252.0.0
network-object 220.252.0.0 255.255.0.0
network-object 221.0.0.0 255.252.0.0
network-object 221.4.0.0 255.254.0.0
network-object 221.6.0.0 255.255.0.0
network-object 221.7.128.0 255.255.128.0
network-object 221.8.0.0 255.254.0.0
network-object 221.10.0.0 255.255.0.0
network-object 221.11.0.0 255.255.128.0
network-object 221.12.0.0 255.252.0.0
network-object 221.12.0.0 255.255.128.0
network-object 221.12.128.0 255.255.192.0
network-object 221.192.0.0 255.252.0.0
network-object 221.195.0.0 255.255.0.0
network-object 221.196.0.0 255.254.0.0
network-object 221.199.0.0 255.255.224.0
network-object 221.199.32.0 255.255.240.0
network-object 221.199.128.0 255.255.192.0
network-object 221.199.192.0 255.255.240.0
network-object 221.200.0.0 255.252.0.0
network-object 221.204.0.0 255.254.0.0
network-object 221.207.0.0 255.255.192.0
network-object 221.208.0.0 255.240.0.0
network-object 221.208.0.0 255.252.0.0
network-object 221.213.0.0 255.255.0.0
network-object 221.214.0.0 255.254.0.0
network-object 222.128.0.0 255.252.0.0
network-object 222.132.0.0 255.252.0.0
network-object 222.136.0.0 255.248.0.0
network-object 222.160.0.0 255.252.0.0
network-object 222.163.0.0 255.255.224.0
B、定义Access-list 为作NAT准备
access-list 101 permit ip 192.168.0.0 object-group wtnetwork
#内部网络到网通IP网段的Access-list
access-list 104 permit ip 192.168.0.0 255.255.255.0 any
#内部网络到任何IP的Access-list
C、NAT配置
global (outside) 1 interface
#定义NAT ID 1为网通的出口ip
global (teloutside) 4 interface
#定义NAT ID 4为电信的出口ip
nat (inside) 1 access-list 101
#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)
nat (inside) 5 access-list 105
#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)
注意:nat (inside) 1 access-list 101一定要在nat (inside) 5 access-list 105前面。
D、Route路由配置
#####添加默认路由往电信的网关出去################
route teloutside 0.0.0.0 0.0.0.0 202.99.114.126 1
##################################################
#######添加静态路由往网通IP网段往网通的网关出去######
route outside 58.16.0.0 255.248.0.0 224.254.14.161
route outside 58.100.0.0 255.254.0.0 224.254.14.161
route outside 58.240.0.0 255.240.0.0 224.254.14.161
route outside 60.0.0.0 255.248.0.0 224.254.14.161
route outside 60.8.0.0 255.252.0.0 224.254.14.161
route outside 60.12.0.0 255.255.0.0 224.254.14.161
route outside 60.13.0.0 255.255.192.0 224.254.14.161
route outside 60.13.128.0 255.255.128.0 224.254.14.161
route outside 60.16.0.0 255.240.0.0 224.254.14.161
route outside 60.24.0.0 255.248.0.0 224.254.14.161
route outside 60.31.0.0 255.255.0.0 224.254.14.161
route outside 60.208.0.0 255.248.0.0 224.254.14.161
route outside 60.216.0.0 255.254.0.0 224.254.14.161
route outside 60.220.0.0 255.252.0.0 224.254.14.161
route outside 61.48.0.0 255.252.0.0 224.254.14.161
route outside 61.52.0.0 255.254.0.0 224.254.14.161
route outside 61.54.0.0 255.255.0.0 224.254.14.161
route outside 61.55.0.0 255.255.0.0 224.254.14.161
route outside 61.133.0.0 255.255.128.0 224.254.14.161
route outside 61.134.64.0 255.255.192.0 224.254.14.161
route outside 61.134.128.0 255.255.128.0 224.254.14.161
route outside 61.135.0.0 255.255.0.0 224.254.14.161
route outside 61.136.0.0 255.255.0.0 224.254.14.161
route outside 61.138.0.0 255.255.128.0 224.254.14.161
route outside 61.139.128.0 255.255.192.0 224.254.14.161
route outside 61.148.0.0 255.255.0.0 224.254.14.161
route outside 61.149.0.0 255.255.0.0 224.254.14.161
route outside 61.156.0.0 255.255.0.0 224.254.14.161
route outside 61.158.0.0 255.255.0.0 224.254.14.161
route outside 61.159.0.0 255.255.192.0 224.254.14.161
route outside 61.161.0.0 255.255.192.0 224.254.14.161
route outside 61.161.128.0 255.255.128.0 224.254.14.161
route outside 61.162.0.0 255.255.0.0 224.254.14.161
route outside 61.163.0.0 255.255.0.0 224.254.14.161
route outside 61.167.0.0 255.255.0.0 224.254.14.161
route outside 61.168.0.0 255.255.0.0 224.254.14.161
route outside 61.176.0.0 255.255.0.0 224.254.14.161
route outside 61.179.0.0 255.255.0.0 224.254.14.161
route outside 61.180.128.0 255.255.128.0 224.254.14.161
route outside 61.181.0.0 255.255.0.0 224.254.14.161
route outside 61.182.0.0 255.255.0.0 224.254.14.161
route outside 61.189.0.0 255.255.128.0 224.254.14.161
route outside 124.90.0.0 255.254.0.0 224.254.14.161
route outside 124.162.0.0 255.255.0.0 224.254.14.161
route outside 202.32.0.0 255.224.0.0 224.254.14.161
route outside 202.96.64.0 255.255.224.0 224.254.14.161
route outside 202.97.128.0 255.255.128.0 224.254.14.161
route outside 202.98.0.0 255.255.224.0 224.254.14.161
route outside 202.99.0.0 255.255.0.0 224.254.14.161
route outside 202.102.128.0 255.255.192.0 224.254.14.161
route outside 202.102.224.0 255.255.254.0 224.254.14.161
route outside 202.106.0.0 255.255.0.0 224.254.14.161
route outside 202.107.0.0 255.255.128.0 224.254.14.161
route outside 202.108.0.0 255.255.0.0 224.254.14.161
route outside 202.110.0.0 255.255.128.0 224.254.14.161
route outside 202.110.192.0 255.255.192.0 224.254.14.161
route outside 202.111.128.0 255.255.192.0 224.254.14.161
route outside 203.79.0.0 255.255.0.0 224.254.14.161
route outside 203.80.0.0 255.255.0.0 224.254.14.161
route outside 203.81.0.0 255.255.224.0 224.254.14.161
route outside 203.86.32.0 255.255.224.0 224.254.14.161
route outside 203.86.64.0 255.255.224.0 224.254.14.161
route outside 203.90.0.0 255.255.128.0 224.254.14.161
route outside 203.90.128.0 255.255.192.0 224.254.14.161
route outside 203.90.192.0 255.255.224.0 224.254.14.161
route outside 203.92.0.0 255.254.0.0 224.254.14.161
route outside 210.12.0.0 255.255.128.0 224.254.14.161
route outside 210.12.192.0 255.255.192.0 224.254.14.161
route outside 210.13.0.0 255.255.255.0 224.254.14.161
route outside 210.14.160.0 255.255.224.0 224.254.14.161
route outside 210.14.192.0 255.255.192.0 224.254.14.161
route outside 210.15.0.0 255.255.128.0 224.254.14.161
route outside 210.15.128.0 255.255.192.0 224.254.14.161
route outside 210.16.128.0 255.255.192.0 224.254.14.161
route outside 210.21.0.0 255.255.0.0 224.254.14.161
route outside 210.22.0.0 255.255.0.0 224.254.14.161
route outside 210.51.0.0 255.255.0.0 224.254.14.161
route outside 210.52.0.0 255.254.0.0 224.254.14.161
route outside 210.52.128.0 255.255.128.0 224.254.14.161
route outside 210.53.0.0 255.255.0.0 224.254.14.161
route outside 210.74.64.0 255.255.192.0 224.254.14.161
route outside 210.74.128.0 255.255.192.0 224.254.14.161
route outside 210.78.0.0 255.255.224.0 224.254.14.161
route outside 210.82.0.0 255.254.0.0 224.254.14.161
route outside 211.100.0.0 255.255.0.0 224.254.14.161
route outside 211.101.0.0 255.255.192.0 224.254.14.161
route outside 211.147.0.0 255.255.0.0 224.254.14.161
route outside 211.167.96.0 255.255.224.0 224.254.14.161
route outside 218.4.0.0 255.252.0.0 224.254.14.161
route outside 218.10.0.0 255.254.0.0 224.254.14.161
route outside 218.21.128.0 255.255.128.0 224.254.14.161
route outside 218.24.0.0 255.254.0.0 224.254.14.161
route outside 218.26.0.0 255.255.0.0 224.254.14.161
route outside 218.27.0.0 255.255.0.0 224.254.14.161
route outside 218.28.0.0 255.254.0.0 224.254.14.161
route outside 218.56.0.0 255.252.0.0 224.254.14.161
route outside 218.60.0.0 255.254.0.0 224.254.14.161
route outside 218.62.0.0 255.255.128.0 224.254.14.161
route outside 218.67.128.0 255.255.128.0 224.254.14.161
route outside 218.68.0.0 255.254.0.0 224.254.14.161
route outside 218.109.159.0 255.255.255.0 224.254.14.161
route outside 219.141.128.0 255.255.128.0 224.254.14.161
route outside 219.142.0.0 255.254.0.0 224.254.14.161
route outside 219.154.0.0 255.254.0.0 224.254.14.161
route outside 219.156.0.0 255.254.0.0 224.254.14.161
route outside 219.158.0.0 255.255.0.0 224.254.14.161
route outside 219.159.0.0 255.255.192.0 224.254.14.161
route outside 220.248.0.0 255.252.0.0 224.254.14.161
route outside 220.252.0.0 255.255.0.0 224.254.14.161
route outside 221.0.0.0 255.252.0.0 224.254.14.161
route outside 221.4.0.0 255.254.0.0 224.254.14.161
route outside 221.6.0.0 255.255.0.0 224.254.14.161
route outside 221.7.128.0 255.255.128.0 224.254.14.161
route outside 221.8.0.0 255.254.0.0 224.254.14.161
route outside 221.10.0.0 255.255.0.0 224.254.14.161
route outside 221.11.0.0 255.255.128.0 224.254.14.161
route outside 221.12.0.0 255.252.0.0 224.254.14.161
route outside 221.12.0.0 255.255.128.0 224.254.14.161
route outside 221.12.128.0 255.255.192.0 224.254.14.161
route outside 221.192.0.0 255.252.0.0 224.254.14.161
route outside 221.195.0.0 255.255.0.0 224.254.14.161
route outside 221.196.0.0 255.254.0.0 224.254.14.161
route outside 221.199.0.0 255.255.224.0 224.254.14.161
route outside 221.199.32.0 255.255.240.0 224.254.14.161
route outside 221.199.128.0 255.255.192.0 224.254.14.161
route outside 221.199.192.0 255.255.240.0 224.254.14.161
route outside 221.200.0.0 255.252.0.0 224.254.14.161
route outside 221.204.0.0 255.254.0.0 224.254.14.161
route outside 221.207.0.0 255.255.192.0 224.254.14.161
route outside 221.208.0.0 255.240.0.0 224.254.14.161
route outside 221.208.0.0 255.252.0.0 224.254.14.161
route outside 221.213.0.0 255.255.0.0 224.254.14.161
route outside 221.214.0.0 255.254.0.0 224.254.14.161
route outside 222.128.0.0 255.252.0.0 224.254.14.161
route outside 222.132.0.0 255.252.0.0 224.254.14.161
route outside 222.136.0.0 255.248.0.0 224.254.14.161
route outside 222.160.0.0 255.252.0.0 224.254.14.161
route outside 222.163.0.0 255.255.224.0 224.254.14.161
#备注:224.254.14.161为通往的网通的网关,##################
四、实现效果
目前国内的骨干网分为南、北两张网。南电信北网通,不通运营商之间的通讯都需要到骨干进行数据?#25442;唬?#22240;此网通的用户访问电信网站很慢而电信用户访问方位网通网站也很慢,因此对大型网络设置双出口可以使不同运营商之间网络访问速度得到改善,本文档是在这一背景下产生的需求。

30选5玩法