实验要求:
1、公司想将自己的服务器双线发布出去。
2、员工可以访问电信和网通的WEB服务器。
配置思路:
1、事先指明公司和电信网通路由器的NAT的内部和外部端口。配置NAT路由器的默认路由。
2、实现公网网络互通。
3、公司配置:
配置访问控制列表
access-list 100 permit ip any 电信非直连网段 (允许电信网段)
access-list100 deny ip any 电信非直连网段 (拒绝电信网段)
access-list 100 permit ip any any (允许所有网段通信)
配置PAT ip nat inside source list 100 电信wan口 overload
ipnat inside source list 101 网通wan口 overload
发布网站 ip nat inside source static tcp 服务器私网地址 80 电信公网地址 80
ip nat inside source static tcp 服务器私网地址 80 网通公网地址 80
4.电信和网通配置
配置访问列表 access-list 1 permit公司内网网段
配置PAT ip nat inside sourcelist 1 interface FastEthernet0/0 overload
发布网站 ip nat inside source statictcp 192.168.5.3 80 192.168.4.100 80
实验配置如下:
router0:(公司路由器)
interfaceFastEthernet0/0
ip address 192.168.3.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interfaceFastEthernet0/1
ip address 192.168.6.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interfaceFastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interfaceFastEthernet1/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interfaceVlan1
no ip address
shutdown
!
ipnat inside source list 100 interface FastEthernet0/0 overload
ipnat inside source list 101 interface FastEthernet0/1 overload
ipnat inside source static tcp 192.168.2.3 80 192.168.3.101 80
ipnat inside source static tcp 192.168.2.2 80 192.168.3.100 80
ipnat inside source static tcp 192.168.2.3 80 192.168.6.101 80
ipnat inside source static tcp 192.168.2.2 80 192.168.6.100 80
ipclassless
iproute 192.168.4.0 255.255.255.0 FastEthernet0/0
iproute 192.168.7.0 255.255.255.0 FastEthernet0/1
!
!
access-list100 permit ip any 192.168.4.0 0.0.0.255
access-list101 deny ip any 192.168.4.0 0.0.0.255
access-list101 permit ip any any
router1:(公网路由器)
interfaceFastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
!
interfaceFastEthernet0/1
ip address 192.168.4.1 255.255.255.0
duplex auto
speed auto
router2:(公网路由器)
interface FastEthernet0/0
ip address192.168.6.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address192.168.7.1 255.255.255.0
duplex auto
speed auto
router3:(电信路由器)
interface FastEthernet0/0
ipaddress 192.168.4.2 255.255.255.0
ip natoutside
duplexauto
speedauto
!
interface FastEthernet0/1
ipaddress 192.168.5.1 255.255.255.0
ip natinside
duplexauto
speedauto
!
interface Vlan1
no ipaddress
shutdown
!
ip nat inside source list 1 interfaceFastEthernet0/0 overload
ip nat inside source static tcp 192.168.5.380 192.168.4.100 80
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 1 permit 192.168.5.0 0.0.0.255
!
!
router4:(网通路由器)
interface FastEthernet0/0
ipaddress 192.168.7.2 255.255.255.0
ip natoutside
duplexauto
speedauto
!
interface FastEthernet0/1
ipaddress 192.168.8.1 255.255.255.0
ip natinside
duplexauto
speedauto
!
interface Vlan1
no ipaddress
shutdown
!
ip nat inside source list 1 interfaceFastEthernet0/0 overload
ip nat inside source static tcp 192.168.8.380 192.168.7.100 80
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 1 permit 192.168.8.0 0.0.0.255
!
由 dawei
【声明】:站长网内容转载自互联网,其相关言论仅代表作者个人观点绝非权威,不代表本站立场。如您发现内容存在版权问题,请提交相关链接至邮箱:bqsm@foxmail.com,我们将及时予以处理。