用Route Map实现多ISP Internet接入问题请高手赐教-CSDN博客

R2:为公网接入点,为了保证能一天24小时公司的网络能上INTERNET,现接入两家供应商的线路来连接INTERNET,

即然接入了两家供应商线路,当然希望两条线路能同时启用做到负载均衡的目的,当一条线路出了问题,客户端还可以走另一条线路出到INTERNET,现在要在R2路由器上做相关设置以达到我们所需求.以下是在R2上的配置如下:

R2#show run
Building configuration...

Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!

interface Serial0/0
ip address 150.17.232.2 255.255.254.0
ip nat inside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
ip address 192.168.2.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/2
ip address 172.16.20.1 255.255.0.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
ip http server
no ip http secure-server
!
ip nat inside source route-map isp1 interface Serial0/1 overload
ip nat inside source route-map isp2 interface Serial0/2 overload
!
access-list 100 permit ip 150.17.232.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 150.17.232.0 0.0.0.255 any
!
route-map isp2 permit 10
match ip address 101
match interface Serial0/2
!
route-map isp1 permit 10
match ip address 100
match interface Serial0/1
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login

问:用router-map 与直接用PAT它们之间有什么区别?

是不是用router-map能够自动做负载均衡,而用PAT则只能走一条线路呢?

第一种方法用router-map来配置

ip nat inside source route-map isp1 interface Serial0/1 overload
ip nat inside source route-map isp2 interface Serial0/2 overload
!
access-list 100 permit ip 150.17.232.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 150.17.232.0 0.0.0.255 any
!
route-map isp2 permit 10
match ip address 101
match interface Serial0/2
!
route-map isp1 permit 10
match ip address 100
match interface Serial0/1

第二种方法直接用PAT来做转换配置

ip nat inside source list 100 interface Serial0/1 overload
ip nat inside source list 101 interface Serial0/2 overload
!
access-list 100 permit ip 150.17.232.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 150.17.232.0 0.0.0.255 any
!

以上两种配置在客户端PING ISP1和ISP2都能通过
R2#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 172.16.20.1:6     150.17.232.1:6     172.16.20.2:6      172.16.20.2:6
icmp 192.168.2.1:7     150.17.232.1:7     192.168.2.2:7      192.168.2.2:7

转载于:https://blog.51cto.com/allanfan/217602