>Доброго всем времени суток.
>Задача такая:
>-необходимо реализовать схему
> http://img410.imageshack.us/my.php?image=twoisptunnelqc9.jpg
>-из филиала должны идти 2 туннеля в ЦО желательно с балансировкой траффика
>по туннелям.
>-все запросы из филиала в Инет должны идти сначала в туннель (попадать
>там на прокси-сервер) и выходить в Инет из ЦО.
>-в ЦО должна быть балансировка траффика между двумя провайдерами. что в итоге получилось:
==============================Branch-Office=======================================
hostname Branch-Office
!
boot-start-marker
boot-end-marker
!
ip cef
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 cisco address 1.1.1.1
crypto isakmp key 6 cisco address 2.2.2.2
!
!
crypto ipsec transform-set to_CO esp-des esp-md5-hmac
!
crypto map VPN 10 ipsec-isakmp
set peer 1.1.1.1
set peer 2.2.2.2
set transform-set to_CO
match address VPN
!
!
!
!
interface Tunnel10
ip address 10.10.10.10 255.255.255.0
tunnel source FastEthernet0/0.30
tunnel destination 1.1.1.1
!
interface Tunnel20
ip address 20.20.20.10 255.255.255.0
tunnel source FastEthernet0/0.30
tunnel destination 2.2.2.2
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.20
description -=LAN=-
encapsulation dot1Q 20
ip address 100.100.100.100 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.30
description -=ISP3=-
encapsulation dot1Q 30
ip address 3.3.3.3 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map VPN
!
router eigrp 1
network 10.10.10.0 0.0.0.255
network 20.20.20.0 0.0.0.255
network 100.100.100.0 0.0.0.255
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 200.200.200.200
ip route 1.1.1.0 255.255.255.0 3.3.3.10
ip route 2.2.2.0 255.255.255.0 3.3.3.10
!
!
ip http server
no ip http secure-server
ip nat inside source list nat interface FastEthernet0/0.30 overload
!
ip access-list extended VPN
permit gre host 3.3.3.3 host 1.1.1.1
permit gre host 3.3.3.3 host 2.2.2.2
ip access-list extended nat
permit ip any any
!
!
end
===========================Branch-Office#sh cry isa sa===============================
dst src state conn-id slot status
3.3.3.3 2.2.2.2 QM_IDLE 2 0 ACTIVE
1.1.1.1 3.3.3.3 QM_IDLE 3 0 ACTIVE
3.3.3.3 1.1.1.1 QM_IDLE 1 0 ACTIVE
===========================Branch-Office#sh cry ipsec sa=============================
interface: FastEthernet0/0.30
Crypto map tag: VPN, local addr 3.3.3.3
protected vrf: (none)
local ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
current_peer 2.2.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 398, #pkts encrypt: 398, #pkts digest: 398
#pkts decaps: 4000, #pkts decrypt: 4000, #pkts verify: 4000
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 3.3.3.3, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0xBF147EDE(3205791454)
inbound esp sas:
spi: 0xA5CE16D1(2781746897)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2009, flow_id: SW:9, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4397252/1881)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xBF147EDE(3205791454)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2010, flow_id: SW:10, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4397282/1879)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
local crypto endpt.: 3.3.3.3, remote crypto endpt.: 2.2.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0x847012B9(2221937337)
inbound esp sas:
spi: 0x6495A3BA(1687528378)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2005, flow_id: SW:5, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4444329/1878)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0xBC3BB95B(3158030683)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2007, flow_id: SW:7, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4381056/1878)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xC348DFAA(3276332970)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2006, flow_id: SW:6, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4444329/1877)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x847012B9(2221937337)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2008, flow_id: SW:8, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4381504/1877)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/47/0)
current_peer 1.1.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4396, #pkts encrypt: 4396, #pkts digest: 4396
#pkts decaps: 623, #pkts decrypt: 623, #pkts verify: 623
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 3.3.3.3, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0x7C4DDA22(2085476898)
inbound esp sas:
spi: 0x1C76345D(477508701)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4387839/1876)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x4C43BBFA(1279507450)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4468179/1875)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x241FAF19(606056217)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2011, flow_id: SW:11, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4524720/1875)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2ACF5F44(718233412)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4387839/1873)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x8AC80B7F(2328365951)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4468179/1873)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x7C4DDA22(2085476898)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2012, flow_id: SW:12, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4524427/1873)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
local crypto endpt.: 3.3.3.3, remote crypto endpt.: 2.2.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0xAE5E70F2(2925424882)
inbound esp sas:
spi: 0x9736794A(2536929610)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2013, flow_id: SW:13, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4564630/1874)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xAE5E70F2(2925424882)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2014, flow_id: SW:14, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4564411/1872)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
=====================================Branch-Office#sh ip route======================
Gateway of last resort is 200.200.200.200 to network 0.0.0.0
D 200.200.200.0/24 [90/297246976] via 20.20.20.20, 00:29:20, Tunnel20
[90/297246976] via 10.10.10.20, 00:29:20, Tunnel10
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 3.3.3.10
2.0.0.0/24 is subnetted, 1 subnets
S 2.2.2.0 [1/0] via 3.3.3.10
100.0.0.0/24 is subnetted, 1 subnets
C 100.100.100.0 is directly connected, FastEthernet0/0.20
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, FastEthernet0/0.30
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, Tunnel20
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Tunnel10
S* 0.0.0.0/0 [1/0] via 200.200.200.200
==============================Branch-Office#ping 4.4.4.10===========================
==============================Внешняя сеть==========================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
==============================Branch-Office#traceroute 4.4.4.10=====================
Type escape sequence to abort.
Tracing the route to 4.4.4.10
1 20.20.20.20 8 msec
10.10.10.20 8 msec
20.20.20.20 8 msec
2 1.1.1.10 8 msec 8 msec *
Branch-Office#
==============================Central-Office#=======================================
!
hostname Central-Office
!
ip cef
!
!
!
!
ip sla monitor 1
type echo protocol ipIcmpEcho 1.1.1.10 source-interface FastEthernet0/0.30
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 2.2.2.10 source-interface FastEthernet0/0.40
ip sla monitor schedule 2 life forever start-time now
!
!
track 100 rtr 1 reachability
!
track 200 rtr 2 reachability
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 cisco address 3.3.3.3
!
!
crypto ipsec transform-set to_BO esp-des esp-md5-hmac
!
crypto map VPN 10 ipsec-isakmp
set peer 3.3.3.3
set transform-set to_BO
match address VPN
!
!
!
!
interface Tunnel10
ip address 10.10.10.20 255.255.255.0
ip nat inside
ip virtual-reassembly
tunnel source FastEthernet0/0.30
tunnel destination 3.3.3.3
!
interface Tunnel20
ip address 20.20.20.20 255.255.255.0
ip nat inside
ip virtual-reassembly
tunnel source FastEthernet0/0.40
tunnel destination 3.3.3.3
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.20
description -=LAN=-
encapsulation dot1Q 20
ip address 200.200.200.200 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.30
description -=ISP1=-
encapsulation dot1Q 30
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map VPN
!
interface FastEthernet0/0.40
description -=ISP2=-
encapsulation dot1Q 40
ip address 2.2.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map VPN
!
router eigrp 1
network 10.10.10.0 0.0.0.255
network 20.20.20.0 0.0.0.255
network 200.200.200.0
no auto-summary
!
ip local policy route-map rm_local
ip route 0.0.0.0 0.0.0.0 1.1.1.10 track 100
ip route 0.0.0.0 0.0.0.0 2.2.2.10 track 200
!
!
ip http server
no ip http secure-server
ip nat inside source route-map ISP1 interface FastEthernet0/0.30 overload
ip nat inside source route-map ISP2 interface FastEthernet0/0.40 overload
!
ip access-list extended VPN
permit gre host 1.1.1.1 host 3.3.3.3
permit gre host 2.2.2.2 host 3.3.3.3
ip access-list extended local_ISP1
permit ip host 1.1.1.1 any
ip access-list extended local_ISP2
permit ip host 2.2.2.2 any
!
!
route-map rm_local permit 10
match ip address local_ISP1
match interface FastEthernet0/0.30
set ip next-hop 1.1.1.10
!
route-map rm_local permit 20
match ip address local_ISP2
match interface FastEthernet0/0.40
set ip next-hop 2.2.2.10
!
route-map ISP2 permit 10
match interface FastEthernet0/0.40
!
route-map ISP1 permit 10
match interface FastEthernet0/0.30
!
!
!
end
==================================Central-Office#sh cry isa sa========================
dst src state conn-id slot status
3.3.3.3 2.2.2.2 QM_IDLE 3 0 ACTIVE
3.3.3.3 1.1.1.1 QM_IDLE 1 0 ACTIVE
1.1.1.1 3.3.3.3 QM_IDLE 2 0 ACTIVE
==================================Central-Office#sh cry ipsec sa======================
interface: FastEthernet0/0.30
Crypto map tag: VPN, local addr 1.1.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
current_peer 3.3.3.3 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 288, #pkts encrypt: 288, #pkts digest: 288
#pkts decaps: 34, #pkts decrypt: 34, #pkts verify: 34
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 3.3.3.3
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0xA5CE16D1(2781746897)
inbound esp sas:
spi: 0xBF147EDE(3205791454)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2009, flow_id: SW:9, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4498334/1646)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xA5CE16D1(2781746897)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2010, flow_id: SW:10, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4498300/1642)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
current_peer 3.3.3.3 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 375, #pkts encrypt: 375, #pkts digest: 375
#pkts decaps: 2841, #pkts decrypt: 2841, #pkts verify: 2841
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 10, #recv errors 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 3.3.3.3
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.30
current outbound spi: 0x241FAF19(606056217)
inbound esp sas:
spi: 0x2ACF5F44(718233412)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4474900/1636)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x8AC80B7F(2328365951)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4601386/1629)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x7C4DDA22(2085476898)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2011, flow_id: SW:11, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4481052/1629)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x1C76345D(477508701)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4474900/1627)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x4C43BBFA(1279507450)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4601386/1627)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x241FAF19(606056217)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2012, flow_id: SW:12, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4481388/1627)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
interface: FastEthernet0/0.40
Crypto map tag: VPN, local addr 2.2.2.2
protected vrf: (none)
local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
current_peer 3.3.3.3 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4316, #pkts encrypt: 4316, #pkts digest: 4316
#pkts decaps: 436, #pkts decrypt: 436, #pkts verify: 436
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 7, #recv errors 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 3.3.3.3
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.40
current outbound spi: 0xBC3BB95B(3158030683)
inbound esp sas:
spi: 0xC348DFAA(3276332970)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2005, flow_id: SW:5, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4483663/1621)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x847012B9(2221937337)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2007, flow_id: SW:7, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4592485/1621)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x6495A3BA(1687528378)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2006, flow_id: SW:6, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4483663/1620)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0xBC3BB95B(3158030683)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2008, flow_id: SW:8, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4591969/1620)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0)
current_peer 3.3.3.3 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 348, #pkts encrypt: 348, #pkts digest: 348
#pkts decaps: 2228, #pkts decrypt: 2228, #pkts verify: 2228
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 2.2.2.2, remote crypto endpt.: 3.3.3.3
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0.40
current outbound spi: 0x9736794A(2536929610)
inbound esp sas:
spi: 0xAE5E70F2(2925424882)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2013, flow_id: SW:13, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4439107/1621)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x9736794A(2536929610)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2014, flow_id: SW:14, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4439360/1619)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
====================================Central-Office#sh ip route=======================
Gateway of last resort is 2.2.2.10 to network 0.0.0.0
C 200.200.200.0/24 is directly connected, FastEthernet0/0.20
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0.30
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/0.40
100.0.0.0/24 is subnetted, 1 subnets
D 100.100.100.0 [90/297246976] via 20.20.20.10, 00:34:04, Tunnel20
[90/297246976] via 10.10.10.10, 00:34:04, Tunnel10
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, Tunnel20
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Tunnel10
S* 0.0.0.0/0 [1/0] via 2.2.2.10
[1/0] via 1.1.1.10
===================================Central-Office#sh track===========================
Track 100
Response Time Reporter 1 reachability
Reachability is Up
2 changes, last change 01:52:51
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:
STATIC-IP-ROUTING 0
Track 200
Response Time Reporter 2 reachability
Reachability is Up
2 changes, last change 01:52:51
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:
STATIC-IP-ROUTING 0
Central-Office#
Может есть какие-нибудь замечания? =)
Как я понимаю балансировка должна быть per destanation... как бы в лабораторных условиях протестить балансировку по провайдерам и по туннелям?
=)
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
on 21-Окт-08, 12:46 
