网络工程 - 具有 IP SLA 的多个 Wan Nat - 吾爱随笔录

具有 IP SLA 的多个 Wan Nat

网络工程纳特万故障转移

2021-07-07 12:18:50

我正在尝试为我的 WAN 接口设置 IP SLA，并希望将 NAT 设置为当链接断开时 NAT 将切换。

这是配置：

version 15.5
track 1 ip sla 10 reachability
interface GigabitEthernet0/0
 ip address 10.1.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 74.92.x.x 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 66.219.x.x 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
ip nat inside source list 7 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 66.219.x.x track 1
ip route 0.0.0.0 0.0.0.0 74.92.x.x 10
ip sla 10
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 10
ip sla schedule 10 life forever start-time now
access-list 7 permit any

我已经尝试了多种不同的 NAT 配置，但是一旦链接发生故障，似乎无法同时进入并工作。

1个回答

你是对的，我忽略了你正在使用 nat 语句的访问列表。您需要将其更改为路线图。例子：

ip nat inside source route-map wan1 interface GigabitEthernet0/1 overload
ip nat inside source route-map wan2 interface GigabitEthernet0/2 overload
route-map wan1 permit 10
 match interface GigabitEthernet0/1
!        
route-map wan2 permit 10
 match interface GigabitEthernet0/2

我对您的配置进行了实验室测试以进行完整测试，您还需要添加一些额外的内容。

您想向正在 ping 的 ip 添加路由，以便它始终从正确的接口出去：

ip route 8.8.8.8 255.255.255.255 66.219.1.1

完整示例配置（在 VIRL 中测试），我组成了您的公共 IP 和网关的最后 2 个八位字节：

track 1 ip sla 1 reachability

interface GigabitEthernet0/0
 ip address 10.1.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
    !
interface GigabitEthernet0/1
 ip address 74.92.1.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 66.219.1.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0
 ip address 10.1.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

ip nat inside source route-map wan1 interface GigabitEthernet0/1 overload
ip nat inside source route-map wan2 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 66.219.1.1 track 1
ip route 0.0.0.0 0.0.0.0 74.92.1.1 10
ip route 8.8.8.8 255.255.255.255 66.219.1.1
!
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 10
ip sla schedule 1 life forever start-time now
!
route-map wan1 permit 10
 match interface GigabitEthernet0/1
!        
route-map wan2 permit 10
 match interface GigabitEthernet0/2

其它你可能感兴趣的问题

上一篇1000baseT 到 10/100 适配器需要下一篇通过两个防火墙和双 NAT 的流量