mark.zlatoust.ru Послать письмо Webmaster-у Web-Master © Бернадинер Марк 

Златоуст.Ru

 

Cisco. Два провайдера. NAT.


!
!  1. создать по vrf(т.е. виртуальный роутер ;-) ) на каждого провайдера 
!  2. соединить каждый из этих vrf туннелем с
!     "главным"(умолчательным, реальным ) роутером  
!  3. настроить nat _внутри_ виртуальных роутеров 
!
ip vrf PROV1
 description PROV1
 rd 555:555
!
ip vrf PROV2
 description PROV2
 rd 333:333
!
ip sla monitor 21
 type echo protocol ipIcmpEcho _IP_ source-interface Loopback21
 timeout 2000
ip sla monitor schedule 21 life forever start-time now
!
ip sla monitor 31
 type echo protocol ipIcmpEcho _IP_ source-interface Loopback31
 timeout 2000
ip sla monitor schedule 31 life forever start-time now
!
track 211 rtr 21 reachability
 delay down 150 up 5
!
track 311 rtr 31 reachability
!
interface Tunnel21
 ip address 10.2.2.1 255.255.255.252
 ip mtu 2000
 tunnel source Loopback22
 tunnel destination 10.0.2.1
!
interface Tunnel31
 ip address 10.3.3.1 255.255.255.252
 ip mtu 2000
 tunnel source Loopback33
 tunnel destination 10.0.3.1
!
interface Tunnel201
 ip vrf forwarding PROV1
 ip address 10.2.2.2 255.255.255.252
 ip mtu 2000
 ip nat inside
 ip virtual-reassembly
 tunnel source Loopback2
 tunnel destination 10.0.2.2
!
interface Tunnel301
 ip vrf forwarding PROV2
 ip address 10.3.3.2 255.255.255.252
 ip mtu 2000
 ip nat inside
 ip virtual-reassembly
 tunnel source Loopback3
 tunnel destination 10.0.3.3
!
interface Loopback0
 ip address 10.10.0.1 255.255.255.0
 no ip route-cache cef
 no ip route-cache
!
interface Loopback1
 ip address 10.10.1.1 255.255.255.0
 no ip route-cache cef
 no ip route-cache
!
interface Loopback2
 ip address 10.0.2.1 255.255.255.255
!
interface Loopback3
 ip address 10.0.3.1 255.255.255.255
!
interface Loopback4
 ip address 10.0.4.1 255.255.255.255
!
interface Loopback5
 ip address 10.0.5.1 255.255.255.255
!
interface Loopback21
 ip address _IP_ 255.255.255.255
!
interface Loopback22
 ip address 10.0.2.2 255.255.255.255
!
interface Loopback31
 ip address _IP_ 255.255.255.255
!
interface Loopback33
 ip address 10.0.3.3 255.255.255.255
!
interface Loopback201
 ip vrf forwarding PROV1
 ip address 10.2.1.1 255.255.255.255
!
interface Loopback301
 ip vrf forwarding PROV2
 ip address 10.3.1.1 255.255.255.255
!
interface GigabitEthernet0/_N_
 description MY_LOCALNET
 ip address _IP_
 ip policy route-map ISP
!
interface Vlan333
 description PROV1
 ip vrf forwarding PROV1
 ip address _IP_
 ip nat outside
!
interface Vlan444
 description PROV2
 ip vrf forwarding PROV2
 ip address _IP_
 ip nat outside
!
ip route 10.2.0.0 255.255.0.0 Tunnel21
ip route 10.3.0.0 255.255.0.0 Tunnel31
!
ip route _IP_ 255.255.255.255 Tunnel31
ip route _IP_ 255.255.255.255 Tunnel31
ip route _IP_ 255.255.255.255 Tunnel21
ip route _IP_ 255.255.255.255 Tunnel21
!
ip route vrf PROV1 0.0.0.0 0.0.0.0 _IP_
ip route vrf PROV1 _IP_ Tunnel201
!
ip route vrf PROV2 0.0.0.0 0.0.0.0 _IP_
ip route vrf PROV2 _IP_ Tunnel301
!
ip nat pool PROV1-pool-1-128 _IP_ _IP_ netmask 255.255.255.0
ip nat pool PROV2-pool-1-128 _IP_ _IP_ netmask 255.255.255.0
ip nat pool PROV1-pool-1-127 _IP_ _IP_ netmask 255.255.255.0
ip nat pool PROV2-pool-1-127 _IP_ _IP_ netmask 255.255.255.0
ip nat pool PROV1-pool-1-102 _IP_ _IP_ netmask 255.255.255.0
ip nat inside source list NAT-to-PROV1 pool PROV1-pool-1-128 vrf PROV1 overload
ip nat inside source list NAT-to-PROV1-102 pool PROV1-pool-1-102 vrf PROV1 overload
ip nat inside source list NAT-to-PROV2 pool PROV2-pool-1-128 vrf PROV2 overload
ip nat inside source static _IP_ _IP_ vrf PROV2
ip nat inside source static _IP_ _IP_ vrf PROV1
!
ip access-list extended NAT-to-PROV1
 deny   ip host _IP_ any
 permit ip _IP_  any
ip access-list extended NAT-to-PROV1-40
 permit ip host _IP_ any
ip access-list extended NAT-to-PROV2
 deny   ip host _IP_ any
 permit ip _IP_ any
ip access-list extended NAT-to-PROV2-40
 permit ip host _IP_ any

ip access-list extended toPROV1
 deny   ip any host 255.255.255.255
 permit ip _IP_ any
ip access-list extended toPROV2
 deny   ip any host 255.255.255.255
 permit ip _IP_ any
!
route-map PROV2-map permit 100
 match ip address NAT-to-PROV2
!
route-map PROV2-map-40 permit 100
 match ip address NAT-to-PROV2-40
!
route-map ISP permit 50
 match ip address toPROV2
 set ip next-hop verify-availability 10.3.3.2 100 track 311
 set ip next-hop verify-availability 10.2.2.2 200 track 211
 set ip next-hop _IP_
!
route-map ISP permit 150
 match ip address toPROV1
 set ip next-hop verify-availability 10.2.2.2 100 track 211
 set ip next-hop verify-availability 10.3.3.2 200 track 311
 set ip next-hop _IP_
!
end


 

Бернадинер Марк Абрамович

Мое резюме

Компьютерная страничка

Ресурсы сети

Фотоальбом

 

 

 

mark.zlatoust.ru Послать письмо Webmaster-у Web-Master © Бернадинер Марк