HI 各位大神:
有思科2911路由,配置如下:
interface GigabitEthernet0/0
description connect to CT
ip address 113.140.*.* 255.255.255.0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map cisco
!
interface GigabitEthernet0/1
description connect to Firewall_g0/0
ip address 10.86.98.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat translation tcp-timeout 2400
ip nat inside source list nat interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendableip route 0.0.0.0 0.0.0.0 113.140.*.*
ip route 10.86.95.0 255.255.255.0 10.86.98.2
ip route 10.86.96.0 255.255.255.0 10.86.98.2
ip route 10.86.97.0 255.255.255.0 10.86.98.2
ip route 10.86.98.192 255.255.255.192 10.86.98.2 name wlan_guest
!
ip access-list extended nat
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended vpn
permit ip 10.86.95.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.216.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
line con 0
timeout login response 60
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
line vty 5 15
login local
transport input none
line vty 16 935
login local
transport input all
!
scheduler allocate 20000 1000
!
end
ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendable现需要内网IP地址,通过公网IP113.140.*.*,访问映射出去的10.86.95.24 89这个服务器,麻烦给给配置。