實(shí)驗(yàn)要求:
1、公司想將自己的服務(wù)器雙線發(fā)布出去。
2、員工可以訪問電信和網(wǎng)通的WEB服務(wù)器。
配置思路:
1、事先指明公司和電信網(wǎng)通路由器的NAT的內(nèi)部和外部端口。配置NAT路由器的默認(rèn)路由。
2、實(shí)現(xiàn)公網(wǎng)網(wǎng)絡(luò)互通。
3、公司配置:
配置訪問控制列表
access-list 100 permit ip any 電信非直連網(wǎng)段 (允許電信網(wǎng)段)
access-list100 deny ip any 電信非直連網(wǎng)段 (拒絕電信網(wǎng)段)
access-list 100 permit ip any any (允許所有網(wǎng)段通信)
配置PAT ip nat inside source list 100 電信wan口 overload
ipnat inside source list 101 網(wǎng)通wan口 overload
發(fā)布網(wǎng)站 ip nat inside source static tcp 服務(wù)器私網(wǎng)地址 80 電信公網(wǎng)地址 80
ip nat inside source static tcp 服務(wù)器私網(wǎng)地址 80 網(wǎng)通公網(wǎng)地址 80
4.電信和網(wǎng)通配置
配置訪問列表 access-list 1 permit公司內(nèi)網(wǎng)網(wǎng)段
配置PAT ip nat inside sourcelist 1 interface FastEthernet0/0 overload
發(fā)布網(wǎng)站 ip nat inside source statictcp 192.168.5.3 80 192.168.4.100 80
實(shí)驗(yàn)配置如下:
router0:(公司路由器)
interfaceFastEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interfaceFastEthernet0/1
ip address 192.168.6.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interfaceFastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interfaceFastEthernet1/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interfaceVlan1
no ip address
shutdown
!
ipnat inside source list 100 interface FastEthernet0/0 overload
ipnat inside source list 101 interface FastEthernet0/1 overload
ipnat inside source static tcp 192.168.2.3 80 192.168.3.101 80
ipnat inside source static tcp 192.168.2.2 80 192.168.3.100 80
ipnat inside source static tcp 192.168.2.3 80 192.168.6.101 80
ipnat inside source static tcp 192.168.2.2 80 192.168.6.100 80
ipclassless
iproute 192.168.4.0 255.255.255.0 FastEthernet0/0
iproute 192.168.7.0 255.255.255.0 FastEthernet0/1
!
!
access-list100 permit ip any 192.168.4.0 0.0.0.255
access-list101 deny ip any 192.168.4.0 0.0.0.255
access-list101 permit ip any any
router1:(公網(wǎng)路由器)
interfaceFastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
!
interfaceFastEthernet0/1
ip address 192.168.4.1 255.255.255.0
duplex auto
speed auto
router2:(公網(wǎng)路由器)
interface FastEthernet0/0
ip address192.168.6.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address192.168.7.1 255.255.255.0
duplex auto
speed auto
router3:(電信路由器)
interface FastEthernet0/0
ipaddress 192.168.4.2 255.255.255.0
ip natoutside
duplexauto
speedauto
!
interface FastEthernet0/1
ipaddress 192.168.5.1 255.255.255.0
ip natinside
duplexauto
speedauto
!
interface Vlan1
no ipaddress
shutdown
!
ip nat inside source list 1 interfaceFastEthernet0/0 overload
ip nat inside source static tcp 192.168.5.380 192.168.4.100 80
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 1 permit 192.168.5.0 0.0.0.255
!
!
router4:(網(wǎng)通路由器)
interface FastEthernet0/0
ipaddress 192.168.7.2 255.255.255.0
ip natoutside
duplexauto
speedauto
!
interface FastEthernet0/1
ipaddress 192.168.8.1 255.255.255.0
ip natinside
duplexauto
speedauto
!
interface Vlan1
no ipaddress
shutdown
!
ip nat inside source list 1 interfaceFastEthernet0/0 overload
ip nat inside source static tcp 192.168.8.380 192.168.7.100 80
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 1 permit 192.168.8.0 0.0.0.255
!
!
新聞熱點(diǎn)
疑難解答
圖片精選
