Привет ВСЕМ!!!
Вопрос думаю обсуждался неоднократно,но все же!!!
Пров дал сеть */248 ,есть 3 сетки 10.1 10.2 10.3 ,необходимо чтобы кажлая сетка натилась через определенный айпишник(из сетки выделенной провом) и статика заходила на определенные адреса и этих трех корп сетей.
Конфиг не привожу чтобы не засорять эфир!!!
Как красиво реализовать???Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Tue 24-May-05 14:02 by ssearch
Image text-base: 0x80008098, data-base: 0x81A13050ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Лучше конфиг приведите...
interface Ethernet0/0
description Protected interface, facing towards DMZ
ip address 192.168.10.1 255.255.255.252
ip nat inside
ip route-cache policy
ip route-cache flow
half-duplex
!
interface Ethernet0/1
description Unprotected interface, facing towards Internet
ip address 217.27.152.19 255.255.255.248 secondary
ip address 217.27.152.18 255.255.255.248
ip nat outside
ip route-cache policy
ip route-cache flow
ip policy route-map 18-map
half-duplex
!
ip default-gateway 217.27.152.17
ip nat pool net-18 217.27.152.18 217.27.152.18 prefix-length 30
ip nat pool net-19 217.27.152.19 217.27.152.19 prefix-length 30
ip nat inside source route-map 18-map pool net-18 overload
ip nat inside source route-map 19-map pool net-19 overload
ip nat inside source static 192.168.10.2 217.27.152.18 extendableip route 0.0.0.0 0.0.0.0 217.27.152.17
access-list 1 permit 10.110.0.0 0.0.0.255 log
access-list 1 permit 10.111.0.0 0.0.0.255 log
access-list 1 permit 10.111.1.0 0.0.0.255 log
access-list 2 permit 10.110.0.0 0.0.0.255 log
access-list 2 permit 10.111.0.0 0.0.0.255 log
access-list 2 permit 10.111.1.0 0.0.0.255 log
!route-map 18-map permit 10
match ip address 1
set ip next-hop 217.27.152.18
!route-map 19-map permit 10
match ip address 2
set ip next-hop 217.27.152.19
Исправления такие:
interface Ethernet0/1
no ip address 217.27.152.19 255.255.255.248 secondaryno ip default-gateway 217.27.152.17
no ip nat pool net-18 217.27.152.18 217.27.152.18 prefix-length 30
no ip nat pool net-19 217.27.152.19 217.27.152.19 prefix-length 30
no ip nat inside source route-map 18-map pool net-18 overload
no ip nat inside source route-map 19-map pool net-19 overload
no ip nat inside source static 192.168.10.2 217.27.152.18 extendableip nat pool net-18 217.27.152.18 217.27.152.18 prefix-length 29
ip nat pool net-19 217.27.152.19 217.27.152.19 prefix-length 29
ip nat inside source li 1 pool net-18 overload
ip nat inside source li 2 pool net-19 overload
ip nat inside source static 192.168.10.2 217.27.152.18 extendableroute-map 18-map permit 10
no set ip next-hop 217.27.152.18route-map 19-map permit 10
no set ip next-hop 217.27.152.19И еще acl должны быть разные, иначе смысла в них нету...
Очень рад, что есть такие люди как Вы!!!
Попробую!!!!
>no ip nat pool net-18 217.27.152.18 217.27.152.18 prefix-length 30
>no ip nat pool net-19 217.27.152.19 217.27.152.19 prefix-length 30
>ip nat pool net-18 217.27.152.18 217.27.152.18 prefix-length 29
>ip nat pool net-19 217.27.152.19 217.27.152.19 prefix-length 29Имеет значение длина префикса ?