Cisco 881 pci k9 Подскажите, не получается реализовать резервный канал. Одна локалка и два провайдера. При подении основново канала, нет выхода в инет через второй... В данный момент show ip route track-table ip route 0.0.0.0 0.0.0.0 84.47.156.233 track 1 state is [up] ip route 0.0.0.0 0.0.0.0 192.168.1.1 2 track 2 state is [up] ------- show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop overrideGateway of last resort is 84.47.156.233 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 84.47.156.233 84.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 84.47.156.232/29 is directly connected, FastEthernet4 L 84.47.*.*/32 is directly connected, FastEthernet4 87.0.0.0/32 is subnetted, 1 subnets S 87.248.122.122 [1/0] via 192.168.1.1 93.0.0.0/32 is subnetted, 1 subnets S 93.158.134.203 [1/0] via 84.47.156.233 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, Vlan2 L 192.168.1.2/32 is directly connected, Vlan2 192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.3.0/24 is directly connected, Vlan1 L 192.168.3.3/32 is directly connected, Vlan1 ---------------------------- Конфиг: track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! policy-map global_policy ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key * address * ! ! crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac mode tunnel ! ! ! crypto map SDM_CMAP_2 1 ipsec-isakmp description Tunnel to* set peer * set transform-set ESP-3DES-SHA1 match address 103 ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 description second_int switchport access vlan 2 no ip address ! interface FastEthernet4 description WAN$ETH-WAN$ ip address 84.47.** 255.255.255.248 ip nat outside ip nat enable ip virtual-reassembly in duplex auto speed auto crypto map SDM_CMAP_2 ! interface Vlan1 description local ip address 192.168.3.3 255.255.255.0 ip access-group 105 in ip flow ingress ip flow egress ip nat inside ip nat enable ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan2 description second_int ip address 192.168.1.2 255.255.255.0 ip nat outside ip nat enable ip virtual-reassembly in ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ip nat inside source route-map second_int interface Vlan2 overload ip route 0.0.0.0 0.0.0.0 84.47.156.233 track 1 ip route 0.0.0.0 0.0.0.0 192.168.1.1 2 track 2 ip route 87.248.122.122 255.255.255.255 192.168.1.1 name yahoo ip route 93.158.134.203 255.255.255.255 84.47.156.233 name yandex ! ip sla auto discovery ip sla 1 icmp-echo 93.158.134.203 source-interface FastEthernet4 frequency 10 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 87.248.122.122 source-interface Vlan2 frequency 10 ip sla schedule 2 life forever start-time now access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 23 permit 84.47.169.67 access-list 23 remark CCP_ACL Category=17 access-list 23 permit 192.168.3.0 0.0.0.255 access-list 23 permit 169.254.0.0 0.0.255.255 access-list 23 permit 81.88.0.0 0.0.255.255 access-list 23 permit 79.165.0.0 0.0.255.255 access-list 100 remark CCP_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255 access-list 103 remark IPSec Rule access-list 103 permit ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255 access-list 104 remark IPSec Rule access-list 104 deny ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255 access-list 104 permit ip 192.168.3.0 0.0.0.255 any access-list 105 remark CCP_ACL Category=1 access-list 105 permit udp host 192.168.3.5 eq domain any access-list 105 permit ip 192.168.3.0 0.0.0.255 any access-list 105 permit ip 84.47.0.0 0.0.255.255 any access-list 105 permit ip 79.165.0.0 0.0.255.255 any access-list 105 permit ip 81.88.0.0 0.0.255.255 any no cdp run ! route-map second_int permit 1 match ip address 104 match interface Vlan1 ! route-map SDM_RMAP_1 permit 1 match ip address 104 ! event manager applet clear_nat event track 1 state any action 0.9 cli command "enable" action 1.0 cli command "clear ip nat translation *" action 2.0 cli command "clear ip nat translation forced" !
|