воскресенье, 27 декабря 2015 г.

Публикация сервиса через удалённую сеть / PAT + Split Route-Map via Remote Router - Inet + GRE / ISPVPN + Inet + GRE


CASE1

      Router North
interface Tunnel01
     description - - GRE - -
     ip address 10.0.0.2 255.255.255.252
     ip mtu 1400
     ip nat outside
     ip virtual-reassembly
     ip tcp adjust-mss 1360
     tunnel source 90.45.65.80
     tunnel destination 85.16.34.55
interface FastEthernet0/1
     description - - LAN - -
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     ip policy route-map RMAP
!
ip nat inside source static tcp 192.168.1.20 80 10.0.0.2 80
!
ip access-list extended ACL-MAIL-INET
    remark - - ONLY from INET to MAIL - -
    permit ip 0.0.0.0 0.255.255.255 host 192.168.1.20
    remark - - ONLY from MAIL to INET - -
    permit ip host 192.168.1.20 0.0.0.0 0.255.255.255

ip access-list extended ACL-MAIL-TUNNEL
    remark - - ONLY from TUNNEL to MAIL - -
    permit ip any host 192.168.1.20
    remark - - ONLY from MAIL to TUNNEL - -
    permit ip host 192.168.1.20 any
!
 route-map RMAP permit 10
     description - - ROUTE via INET - -
     match ip address ACL-MAIL-INET
     set ip default next-hop 85.16.34.54
!
route-map RMAP permit 20
    description - - ROUTE via TUNNEL - -
     match ip address ACL-MAIL-TUNNEL
     set ip default next-hop 10.0.0.1


    Router Center
interface Tunnel01
   description - - GRE - -
   ip address 10.0.0.1 255.255.255.252
   ip mtu 1400
   ip nat inside
   ip virtual-reassembly
   ip tcp adjust-mss 1360
   tunnel source 85.16.34.55
   tunnel destination 90.45.65.80
ip nat inside source static tcp 10.0.0.2 80 85.16.34.55 80

CASE2

     Router North
interface Tunnel01
     description - - GRE - -
     ip address 172.16.0.2 255.255.255.252
     ip mtu 1400
     ip nat outside
     ip virtual-reassembly
     ip tcp adjust-mss 1360
     tunnel source 10.250.16.145
     tunnel destination 10.250.16.177
interface FastEthernet0/0
     description -- ISPVPN L3 --
     ip address 10.250.16.145 255.255.255.252
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip accounting output-packets
     ip flow ingress
     ip virtual-reassembly
interface FastEthernet0/1
     description - - LAN - -
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     ip policy route-map RMAP
ip nat inside source static tcp 192.168.1.20 80 172.16.0.2 80
ip access-list extended ACL-MAIL-ISPVPN
    remark - - ONLY from ISPVPN to MAIL - -
    permit ip 10.0.0.0 0.255.255.255 host 192.168.1.20
    remark - - ONLY from MAIL to INET - -
    permit ip host 192.168.1.20 10.0.0.0 0.255.255.255
ip access-list extended ACL-MAIL-TUNNEL
    remark - - ONLY from TUNNEL to MAIL - -
    permit ip any host 192.168.1.20
    remark - - ONLY from MAIL to TUNNEL - -
    permit ip host 192.168.1.20 any
 route-map RMAP permit 10
     description - - ROUTE via ISPVPN - -
     match ip address ACL-MAIL-INET
     set ip default next-hop 10.250.16.146
route-map RMAP permit 20
    description - - ROUTE via TUNNEL - -
     match ip address ACL-MAIL-TUNNEL
     set ip default next-hop 172.16.0.1

    Router Center
interface Tunnel01
   description - - GRE - -
   ip address 10.0.0.1 255.255.255.252
   ip mtu 1400
   ip nat inside
   ip virtual-reassembly
   ip tcp adjust-mss 1360
   tunnel source 10.250.16.177
   tunnel destination 10.250.16.145
interface GigabitEthernet0/1
   description - - ISPVPN L3 - -
   ip address 10.250.16.177 255.255.255.240
   ip flow ingress
   ip virtual-reassembly
   ip route-cache same-interface
   ip route-cache policy
ip nat inside source static tcp 172.16.0.2 80 85.16.34.55 80
Автор: на
Ярлыки: , ,

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)