CASE1
Router Northinterface Tunnel01
description - - GRE - -
ip address 10.0.0.2 255.255.255.252
ip mtu 1400
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source 90.45.65.80
tunnel destination 85.16.34.55
interface FastEthernet0/1
description - - LAN - -
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map RMAP
!
ip nat inside source static tcp 192.168.1.20 80 10.0.0.2 80
!
ip access-list extended ACL-MAIL-INET
remark - - ONLY from INET to MAIL - -
permit ip 0.0.0.0 0.255.255.255 host 192.168.1.20
remark - - ONLY from MAIL to INET - -
permit ip host 192.168.1.20 0.0.0.0 0.255.255.255
ip access-list extended ACL-MAIL-TUNNEL
remark - - ONLY from TUNNEL to MAIL - -
permit ip any host 192.168.1.20
remark - - ONLY from MAIL to TUNNEL - -
permit ip host 192.168.1.20 any
!
route-map RMAP permit 10
description - - ROUTE via INET - -
match ip address ACL-MAIL-INET
set ip default next-hop 85.16.34.54
!
route-map RMAP permit 20
description - - ROUTE via TUNNEL - -
match ip address ACL-MAIL-TUNNEL
set ip default next-hop 10.0.0.1
Router Center
interface Tunnel01
description - - GRE - -
ip address 10.0.0.1 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source 85.16.34.55
tunnel destination 90.45.65.80
ip nat inside source static tcp 10.0.0.2 80 85.16.34.55 80
CASE2
Router North
interface Tunnel01description - - GRE - -
ip address 172.16.0.2 255.255.255.252
ip mtu 1400
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source 10.250.16.145
tunnel destination 10.250.16.177
interface FastEthernet0/0
description -- ISPVPN L3 --
ip address 10.250.16.145 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip flow ingress
ip virtual-reassembly
interface FastEthernet0/1
description - - LAN - -
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map RMAP
ip nat inside source static tcp 192.168.1.20 80 172.16.0.2 80
ip access-list extended ACL-MAIL-ISPVPN
remark - - ONLY from ISPVPN to MAIL - -
permit ip 10.0.0.0 0.255.255.255 host 192.168.1.20
remark - - ONLY from MAIL to INET - -
permit ip host 192.168.1.20 10.0.0.0 0.255.255.255
ip access-list extended ACL-MAIL-TUNNEL
remark - - ONLY from TUNNEL to MAIL - -
permit ip any host 192.168.1.20
remark - - ONLY from MAIL to TUNNEL - -
permit ip host 192.168.1.20 any
route-map RMAP permit 10
description - - ROUTE via ISPVPN - -
match ip address ACL-MAIL-INET
set ip default next-hop 10.250.16.146
route-map RMAP permit 20
description - - ROUTE via TUNNEL - -
match ip address ACL-MAIL-TUNNEL
set ip default next-hop 172.16.0.1
interface Tunnel01
description - - GRE - -
ip address 10.0.0.1 255.255.255.252
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1360
tunnel source 10.250.16.177
tunnel destination 10.250.16.145
interface GigabitEthernet0/1
description - - ISPVPN L3 - -
ip address 10.250.16.177 255.255.255.240
ip flow ingress
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip nat inside source static tcp 172.16.0.2 80 85.16.34.55 80
Комментариев нет:
Отправить комментарий