已解决: cisco2801双外线配置问题

lxjun · ‎11-06-2015

不知道怎么回事，传不了图片，只能大概说下：
Route fa0/1 ip 200.200.200.7 -11 255.255.255.248 200.200.200.6
fa0/3/1 adsl

fa0/0 172.16.10.1 (内)
switch ga0/1 ip 172.16.10.2
vlan1:192.168.1.1 访问外网从 200.200.200.7 出
vlan2:192.168.2.1 访问外网从 200.200.200.8 出
vlan3:192.168.3.1 禁外网
vlan4:192.168.4.1 访问外网从 200.200.200.9 出
vlan5:192.168.5.1 访问外网从 200.200.200.10 出
vlan6:192.168.6.1 访问外网从adsl出
我现在的问题是有网络，但是打不开网站（拔掉一条外线就正常了）。应该出口或者回路没做好，帮忙看下还需要配置什么？
下面是我的一些配置
ip nat pool a 200.200.200.7 200.200.200.7 netmask 255.255.255.248
ip nat pool b 200.200.200.8 200.200.200.8 netmask 255.255.255.248
ip nat pool c 200.200.200.9 200.200.200.9 netmask 255.255.255.248
ip nat pool e 200.200.200.10 200.200.200.10 netmask 255.255.255.248
ip nat pool d 200.200.200.11 200.200.200.11 netmask 255.255.255.248
ip nat inside source list 1 pool a overload
ip nat inside source list 2 pool b overload
ip nat inside source list 4 pool d overload
ip nat inside source list 5 pool e overload
ip nat inside source list 6 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 200.200.200.6
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 172.16.10.2
ip route 192.168.2.0 255.255.255.240 172.16.10.2
ip route 192.168.4.0 255.255.255.0 172.16.10.2
ip route 192.168.5.0 255.255.255.0 172.16.10.2
ip route 192.168.6.0 255.255.255.0 172.16.10.2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 4 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.5.0 0.0.0.255
access-list 6 permit 192.168.6.0 0.0.0.255
ip nat inside source static tcp 192.168.2.3 21 200.200.200.7 21 extendable
ip nat inside source static tcp 192.168.2.5 80 200.200.200.7 80 extendable 映射只这样做能访问进来吗

pebao · ‎11-06-2015

双出口肯定不能配置两条默认路由啊，肯定是一个出接口是默认路由，一个出接口用route-map啊。

在原帖中查看解决方案

pebao · ‎11-06-2015

双出口肯定不能配置两条默认路由啊，肯定是一个出接口是默认路由，一个出接口用route-map啊。

报告不当内容 · ‎11-08-2015

您好，欢迎您来社区论坛来发帖，图片上传不了可能是浏览器兼容性设置的问题，请您选择浏览器兼容模式发帖上传图片，谢谢！

526506675pan · ‎11-08-2015

有可能是两条缺省路由的问题，你tracert看下路径先

suzhouxiaoniu · ‎11-08-2015

你这里是不是要做双出口NAT的负载均衡呢
ISP是一家还是2家，配置不完整看不出来
给你一份参考配置吧
http://blog.163.com/tyrone_1986/blog/static/166442099201052593622905/

lxjun · ‎11-09-2015

526506675pan 发表于 2015-11-9 10:55
有可能是两条缺省路由的问题，你tracert看下路径先

只有一个 172.16.100.1 通其它都是* 号

lxjun · ‎11-09-2015

suzhouxiaoniu 发表于 2015-11-9 15:21
你这里是不是要做双出口NAT的负载均衡呢
ISP是一家还是2家，配置不完整看不出来

不需要负载。其它都是最基本的。这些你也要看吗？
interface FastEthernet0/0
ip address 172.16.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip policy route-map t0
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 200.200.200.7 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/3/1
description adsl
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
description adsl
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username 075507@163.gd password 0 WVPTXQID
ppp ipcp dns request
!
ip forward-protocol nd

wangxubing · ‎11-11-2015

浮动路由导致数据包回来路径不一致导致的吧

lxjun · ‎11-12-2015

wangxubing 发表于 2015-11-11 17:49
浮动路由导致数据包回来路径不一致导致的吧

我配置了 route-map 之后，变成只能固定ip的光纤能上网。拔号的无法上网。（之前是，拔掉一根，另一根就能正常上网）。你有配置实例吗?发份给我

YilinChen · ‎11-12-2015

多线路（物理或逻辑）配置PAT，要调用Route-map的配置方式去实现

yanzha4 · ‎11-15-2015

给你一个配置参考一下吧
实现双出口双NAT + SLA监控链路有效性实验
GW#sh run
Building configuration...
Current configuration : 1871 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.1.1 10.1.1.10
ip dhcp excluded-address 10.1.2.1 10.1.2.20
!
ip dhcp pool P1
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
!
ip dhcp pool P2
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1 255.255.255.0
!
!
ip sla monitor 10
type echo protocol ipIcmpEcho 60.30.1.2 source-interface FastEthernet1/0
frequency 10
ip sla monitor schedule 10 start-time now recurring
!
track 100 rtr 10 reachability
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 60.30.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 2
!
ip nat inside source route-map LianTong interface FastEthernet1/0 overload
ip nat inside source route-map Yidong interface FastEthernet0/0 overload
!
access-list 100 permit ip 10.1.0.0 0.0.255.255 any
!
route-map LianTong permit 10
match ip address 100
match interface FastEthernet1/0
!
route-map LianTong permit 20
!
route-map Yidong permit 10
match ip address 100
match interface FastEthernet0/0
!
route-map Yidong permit 20
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end

yanzha4 · ‎11-15-2015

YilinChen 发表于 2015-11-13 10:02
多线路（物理或逻辑）配置PAT，要调用Route-map的配置方式去实现

正解

lxjun · ‎01-27-2016

pebao 发表于 2016-1-25 16:23
双出口肯定不能配置两条默认路由啊，肯定是一个出接口是默认路由，一个出接口用route-map啊。

怎么操作，能弄个实例吗？