取消
显示结果 
搜索替代 
您的意思是: 
cancel
7264
查看次数
44
有帮助
3
回复

cisco 2911内网访问映射公网IP问题

albert_zhou123
Level 1
Level 1
HI 各位大神:
有思科2911路由,配置如下:
interface GigabitEthernet0/0
description connect to CT
ip address 113.140.*.* 255.255.255.0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map cisco
!
interface GigabitEthernet0/1
description connect to Firewall_g0/0
ip address 10.86.98.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat translation tcp-timeout 2400
ip nat inside source list nat interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendable
ip route 0.0.0.0 0.0.0.0 113.140.*.*
ip route 10.86.95.0 255.255.255.0 10.86.98.2
ip route 10.86.96.0 255.255.255.0 10.86.98.2
ip route 10.86.97.0 255.255.255.0 10.86.98.2
ip route 10.86.98.192 255.255.255.192 10.86.98.2 name wlan_guest
!
ip access-list extended nat
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended vpn
permit ip 10.86.95.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.216.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
line con 0
timeout login response 60
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
line vty 5 15
login local
transport input none
line vty 16 935
login local
transport input all
!
scheduler allocate 20000 1000
!
end
ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendable
现需要内网IP地址,通过公网IP113.140.*.*,访问映射出去的10.86.95.24 89这个服务器,麻烦给给配置。
1 个已接受解答

已接受的解答

Mansur
Spotlight
Spotlight
最佳解决方案:使用域名,一劳永逸。内网架设DNS server,解析为真实内部IP。外部的DNS解析为映射后的IP。
另一个解决方案就是用ip nat enbale,之前社区有人试过,好像不稳定,具体配置看这个帖子5楼:
http://bbs.csc-china.com.cn/forum.php?mod=redirect&goto=findpost&ptid=985673&pid=1021023&fromuid=78304

在原帖中查看解决方案

3 条回复3

Mansur
Spotlight
Spotlight
最佳解决方案:使用域名,一劳永逸。内网架设DNS server,解析为真实内部IP。外部的DNS解析为映射后的IP。
另一个解决方案就是用ip nat enbale,之前社区有人试过,好像不稳定,具体配置看这个帖子5楼:
http://bbs.csc-china.com.cn/forum.php?mod=redirect&goto=findpost&ptid=985673&pid=1021023&fromuid=78304

13nash
Level 8
Level 8
楼上说的是最好的方法,DNS解决

YilinChen
Spotlight
Spotlight
本帖最后由 YilinChen 于 2018-5-15 08:58 编辑
内部DNS 是推荐的解决方案;
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接