Cisco 881 pci k9
Подскажите, не получается реализовать резервный канал. Одна локалка и два провайдера. При подении основново канала, нет выхода в инет через второй...
В данный момент
show ip route track-table
ip route 0.0.0.0 0.0.0.0 84.47.156.233 track 1 state is [up]
ip route 0.0.0.0 0.0.0.0 192.168.1.1 2 track 2 state is [up]
-------
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop overrideGateway of last resort is 84.47.156.233 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 84.47.156.233
84.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 84.47.156.232/29 is directly connected, FastEthernet4
L 84.47.*.*/32 is directly connected, FastEthernet4
87.0.0.0/32 is subnetted, 1 subnets
S 87.248.122.122 [1/0] via 192.168.1.1
93.0.0.0/32 is subnetted, 1 subnets
S 93.158.134.203 [1/0] via 84.47.156.233
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan2
L 192.168.1.2/32 is directly connected, Vlan2
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Vlan1
L 192.168.3.3/32 is directly connected, Vlan1
----------------------------
Конфиг:
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
policy-map global_policy
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key * address *
!
!
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map SDM_CMAP_2 1 ipsec-isakmp
description Tunnel to*
set peer *
set transform-set ESP-3DES-SHA1
match address 103
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
description second_int
switchport access vlan 2
no ip address
!
interface FastEthernet4
description WAN$ETH-WAN$
ip address 84.47.** 255.255.255.248
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_2
!
interface Vlan1
description local
ip address 192.168.3.3 255.255.255.0
ip access-group 105 in
ip flow ingress
ip flow egress
ip nat inside
ip nat enable
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description second_int
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip nat enable
ip virtual-reassembly in
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source route-map second_int interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 84.47.156.233 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.1 2 track 2
ip route 87.248.122.122 255.255.255.255 192.168.1.1 name yahoo
ip route 93.158.134.203 255.255.255.255 84.47.156.233 name yandex
!
ip sla auto discovery
ip sla 1
icmp-echo 93.158.134.203 source-interface FastEthernet4
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 87.248.122.122 source-interface Vlan2
frequency 10
ip sla schedule 2 life forever start-time now
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 permit 84.47.169.67
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 192.168.3.0 0.0.0.255
access-list 23 permit 169.254.0.0 0.0.255.255
access-list 23 permit 81.88.0.0 0.0.255.255
access-list 23 permit 79.165.0.0 0.0.255.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255
access-list 104 remark IPSec Rule
access-list 104 deny ip 192.168.3.0 0.0.0.255 169.254.0.0 0.0.255.255
access-list 104 permit ip 192.168.3.0 0.0.0.255 any
access-list 105 remark CCP_ACL Category=1
access-list 105 permit udp host 192.168.3.5 eq domain any
access-list 105 permit ip 192.168.3.0 0.0.0.255 any
access-list 105 permit ip 84.47.0.0 0.0.255.255 any
access-list 105 permit ip 79.165.0.0 0.0.255.255 any
access-list 105 permit ip 81.88.0.0 0.0.255.255 any
no cdp run
!
route-map second_int permit 1
match ip address 104
match interface Vlan1
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
event manager applet clear_nat
event track 1 state any
action 0.9 cli command "enable"
action 1.0 cli command "clear ip nat translation *"
action 2.0 cli command "clear ip nat translation forced"
!
|
Вариант для распечатки
(ok) on 24-Июл-13, 11:23 
