我有一个带有 HWIC-4ESW 交换机端口模块的 Cisco 1841 路由器。Fa0/0 连接到 ISP1,Fa0/1 连接到 ISP2,两者都是“ip nat outside”,交换机端口位于接口 Vlan 1,其 IP 地址为 192.168.0.1/24,并且是“ip nat inside”。这是配置。(我已经更改了在这里发帖的 IP 地址)。
Current configuration : 3495 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.22
ip dhcp excluded-address 192.168.0.6
ip dhcp excluded-address 192.168.0.5
ip dhcp excluded-address 192.168.0.7
ip dhcp excluded-address 192.168.0.3
ip dhcp excluded-address 192.168.0.101
ip dhcp excluded-address 192.168.0.19
ip dhcp excluded-address 192.168.0.18
ip dhcp excluded-address 192.168.0.23
ip dhcp excluded-address 192.168.0.24
ip dhcp excluded-address 192.168.0.35
ip dhcp excluded-address 192.168.0.17
!
ip dhcp pool HSI
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 1.1.1.1 192.168.0.1 1.1.3.7 1.1.2.233 1.1.2.129 8.8.8.8
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
track 1 rtr 1 reachability
!
!
!
interface FastEthernet0/0
description Primary Route
ip address 1.1.1.165 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Backup Route
ip address 1.1.2.132 255.255.255.128
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.3 track 1
ip route 0.0.0.0 0.0.0.0 1.1.2.130 3
!
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source list 20 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.0.22 80 1.1.1.160 80 extendable
ip nat inside source static tcp 192.168.0.6 80 1.1.1.163 80 extendable
ip nat inside source static tcp 192.168.0.5 21 1.1.1.165 21 extendable
ip nat inside source static tcp 192.168.0.5 22 1.1.1.165 22 extendable
ip nat inside source static tcp 192.168.0.5 80 1.1.1.165 80 extendable
ip nat inside source static tcp 192.168.0.7 80 1.1.1.165 83 extendable
ip nat inside source static tcp 192.168.0.3 80 1.1.1.165 86 extendable
ip nat inside source static tcp 192.168.0.101 80 1.1.1.165 87 extendable
ip nat inside source static tcp 192.168.0.19 80 1.1.1.168 80 extendable
ip nat inside source static tcp 192.168.0.18 80 1.1.1.169 80 extendable
ip nat inside source static tcp 192.168.0.23 9100 1.1.1.183 9100 extendable
ip nat inside source static tcp 192.168.0.24 9100 1.1.1.184 9100 extendable
ip nat inside source static tcp 192.168.0.35 80 1.1.1.187 80 extendable
ip nat inside source static tcp 192.168.0.7 80 1.1.1.200 80 extendable
ip nat inside source static tcp 192.168.0.17 80 1.1.1.201 80 extendable
!
ip sla 1
icmp-echo 1.1.1.3
timeout 6000
frequency 10
ip sla schedule 1 life forever start-time now
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 20 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
“ip nat inside source static”语句适用于托管在 VLAN 1 中的服务器上的网站。
问题是这个配置不起作用 - 我可以从路由器 ping Internet,但不能从 Vlan 1 中的 PC ping。从它们我可以 ping 路由器的外部接口,不能再进一步了。我从 Fa0/1(备份路由)中删除了“ip nat outside”,这解决了这个问题,但后来我没有故障转移功能。我认为 NAT 可能存在一些问题,所以我尝试使用路由映射:
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
route-map isp1 permit 10
match ip address 100
match interface FastEthernet0/0
route-map isp2 permit 10
match ip address 100
match interface FastEthernet0/1
ip nat inside source route-map isp1 interface FastEthernet0/0 overload
ip nat inside source route-map isp2 interface FastEthernet0/1 overload
但是,此后根本没有连接(无法从路由器本身 ping Fa0/0 或 Fa0/1)。帮助将不胜感激。