双nat路由试验,走ospf动态路由
试验环境:
一台路由器(R2)三个接口,一个接内部网络,二个接ISP1(R1)和ISP2(R3),把二个ISP的出口接入同一个交换机,然后在交换机外再接一台路由器(route),二个ISP即(R1,R3,router)走ospf 动态路由,再R2上做策略路由,根据下一跳地址来做路由决定。
---R3 ---
route--- ----R2----内部网络
---R1 ---
R3#sh run
Building configuration...
Current configuration : 902 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service passWord-encryption
!
hostname R3
!
enable secret 5 $1$yd5D$PSCihTgQQhhAsLJRhZYBI.
!
ip subnet-zero
no ip domain-lookup
ip host R3 192.168.23.3
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Ethernet0
ip address 172.16.13.3 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
ip address 192.168.23.3 255.255.255.0
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 172.16.13.0 0.0.0.255 area 0
!
ip classless
ip route 192.168.100.0 255.255.255.0 192.168.23.2
ip http server
!
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps tty
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
logging synchronous
login
!
end
R3#
R2#
R2#sh run
Building configuration...
Current configuration : 1667 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
logging rate-limit console 10 except errors
enable secret 5 $1$yOVt$dwGkyiFW674ow6bsPMdgZ0
!
ip subnet-zero
no ip finger
no ip domain-lookup
ip host R2 192.168.12.1
ip host R3 192.168.23.3
!
cns event-service server
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0
ip address 192.168.100.107 255.255.255.0
ip nat inside
!
interface Serial0
ip address 192.168.12.2 255.255.255.0
ip nat outside
clockrate 64000
!
interface Serial1
ip address 192.168.23.2 255.255.255.0
ip nat outside
clockrate 64000
!
interface Serial2
no ip address
shutdown
!
interface Serial3
no ip address
shutdown
!
interface BRI0
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source route-map nat interface Serial1 overload
ip nat inside source route-map test interface Serial0 overload
ip classless
ip route 172.16.13.0 255.255.255.0 192.168.23.3
ip route 172.16.13.0 255.255.255.0 192.168.12.1
no ip http server
!
Access-list 1 permit 192.168.100.199
access-list 1 permit 192.168.100.233
access-list 1 permit 192.168.100.224
access-list 9 permit 192.168.12.1
access-list 10 permit 192.168.23.3
route-map test permit 10
match ip address 1
match ip next-hop 9
!
route-map cisco permit 10
!
route-map nat permit 10
match ip address 1
match ip next-hop 10
!
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
logging synchronous
transport input none
line aux 0
line vty 0 4
password cisco
logging synchronous
login
!
end
R2#
R1#sh run
Building configuration...
Current configuration : 1017 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
no logging rate-limit
enable secret 5 $1$Ogll$BSpS5/nOBq8HtaKfwOZ8W0
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
frame-relay switching
cns event-service server
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Ethernet0
ip address 172.16.13.1 255.255.255.0
!
interface Serial0
ip address 192.168.12.1 255.255.255.0
!
interface Serial1
no ip address
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 172.16.13.0 0.0.0.255 area 0
!
ip kerberos source-interface any
ip classless
ip route 192.168.100.0 255.255.255.0 192.168.12.2
ip http server
!
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
logging synchronous
transport input none
line aux 0
line vty 0 4
password cisco
logging synchronous
login
!
end
R1#
Router#sh run
Building configuration...
Current configuration : 769 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret 5 $1$9esl$iWZwf6dLviD/956PWJoOT0
!
memory-size iomem 25
ip subnet-zero
!
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Ethernet0
no ip address
shutdown
half-duplex
!
interface FastEthernet0
ip address 172.16.13.254 255.255.255.0
speed auto
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 172.16.13.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
no scheduler allocate
end
Router#