Приветствую всех (гуру и новичков) -сам пока новичок- так что сильно не бейте...устал-запутался-и не пойму где копать-надеюсь на любую помощь.первоначально стояла задача поднять на Роутере 1841 - DMZ, далее на другом внутреннем роутере поднять GRE over IPSeC ..да что там! хотя-бы GRE заработал...
НО в связи с тем что данная модель не поддерживает работу 2-ой карты HWIC-4ESW решил поставить 2-ую карту на роутер 2811 и использовать 2811 под DMZ, пока ещё не проверял работу второй карты но грят что 2811 это дело поддерживает...но проблема в другом.
Не работает обратная трансляция на 2811 с внешнего (белого адреса) на внутрению сеть!
Вроде всё перепробовал, даже менял раз 5-ть прошивку (сейчас стоит c2800nm-advipservicesk9-mz.124-11.T1.bin) мало того меня и сам роутер 2811!!! (думал может с железом проблемы)
настройки стандартные проделывал эту операцию очень много раз и всё замечательно работает, и что примечательно на 1841 всё работает, мало того конфиг заливал с неё (с незначительными изменениями)...
Конфиг
Current configuration : 12051 bytes
!
! No configuration change since last restart
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname .............
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret .........................
!
no aaa new-model
clock timezone Moscow 3
clock summer-time zone recurring
no ip source-route
ip cef
!
!
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name ........................
ip name-server ........................
ip name-server ........................
login on-failure log
login on-success log
!
!
crypto pki trustpoint TP-self-signed-2459217883
!
!
crypto pki certificate chain TP-self-signed-2459217883
username ....... privilege 15 secret ..........
!
!
!
!
!
interface FastEthernet0/0
description Wan
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee secondary
ip address eee.eee.eee.eee eee.eee.eee.eee
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
traffic-shape group 1 50000000 1250000 1250000 1000
no cdp enable
!
interface FastEthernet0/1
description Syslog_NetFlow
ip address iii.iii.iii.iii iii.iii.iii.iii
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0/0
descripti
switchport access vlan 700
!
interface FastEthernet0/0/1
description Test_Valentin
switchport access vlan 701
!
interface FastEthernet0/0/2
switchport access vlan 702
shutdown
!
interface FastEthernet0/0/3
switchport access vlan 703
!
interface FastEthernet0/1/0
switchport access vlan 704
shutdown
!
interface FastEthernet0/1/1
switchport access vlan 705
shutdown
!
interface FastEthernet0/1/2
switchport access vlan 706
shutdown
!
interface FastEthernet0/1/3
switchport access vlan 707
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan700
description .................
ip address iii.iii.iii.iii iii.iii.iii.iii
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nat enable
ip virtual-reassembly
ip route-cache flow
!
interface Vlan701
description Test
ip address ..............................
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
shutdown
!
interface Vlan702
no ip address
ip verify unicast reverse-path
ip route-cache flow
shutdown
!
interface Vlan703
no ip address
ip verify unicast reverse-path
ip route-cache flow
shutdown
!
interface Vlan704
no ip address
ip verify unicast reverse-path
ip route-cache flow
shutdown
!
interface Vlan705
no ip address
ip verify unicast reverse-path
ip route-cache flow
shutdown
!
interface Vlan706
no ip address
ip verify unicast reverse-path
ip route-cache flow
shutdown
!
interface Vlan707
no ip address
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
ip default-gateway ...............GATE................
ip route 0.0.0.0 0.0.0.0 ...........GATE.................
ip flow-export source ...........
ip flow-export version 5
ip flow-export destination ................
!
no ip http server
no ip http secure-server
ip nat pool 129 eee.eee.eee.eee eee.eee.eee.eee prefix-length 30
ip nat pool 158 eee.eee.eee.eee eee.eee.eee.eee prefix-length 30
ip nat inside source list allow_external_Vlan701 pool 109 overload
ip nat inside source static iii.iii.iii.iii eee.eee.eee.eee extendable
ip dns server
!
ip access-list ...................
ip access-list extended allow_external_Vlan700
remark allow_out_ext_Vlan700
permit ip host iii.iii.iii.iii any
deny ip any any
!
logging trap notifications
logging origin-id hostname
logging source-interface ....................
logging ..........................
access-list .......................................
snmp-server ......................................
control-plane
banner exec ^CC
banner login ^CC
line con 0
exec-timeout 1 0
privilege level 0
password ................................
login local
line aux 0
exec-timeout 1 0
privilege level 0
password ................................
login local
line vty 0 4
access-class 170 in
exec-timeout 3 0
privilege level 0
login local
transport input ssh
line vty 5 15
access-class 170 in
exec-timeout 3 0
privilege level 0
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178562
ntp update-calendar
ntp server 62.117.76.140 source FastEthernet0/0 prefer
ntp server 62.117.76.141 source FastEthernet0/0 prefer
ntp server 62.117.76.142 source FastEthernet0/0 prefer
end
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on 21-Фев-08, 16:29 
