各位技术大神,现在有一方案,SH与HK两地思科路由器上网问题,我想实现访问国内IP直接通过SH出口,访问其它的走GRE通道到HK.
我现在配置好后并没有实现我的IP分流,在SH端PING 8.8.8.8不通,而且HK端也没有SH端的NAT表。
请帮忙看看问题出在哪儿了?感谢感谢!
!---!!SH端
En
Conf t
No ip domain lookup
Hostname SH
interface g 0/1
ip address 172.16.1.1 255.255.255.0
no sh
Ip nat enable
Ip nat inside
interface g 0/0
ip address 1.0.1.2 255.255.255.252
no sh
Ip nat enable
Ip nat outside
ip http server
no ip http secure-server
!------gre tunnel
interface Tunnel 0
ip address 10.0.0.1 255.255.255.252
tunnel source g 0/0
tunnel destination 61.244.148.166
en
conf t
ip route 116.6.132.32 255.255.255.248 202.104.170.225
ip route 172.16.2.0 255.255.255.0 10.0.0.2
ip route 1.0.1.0 255.255.255.0 1.0.1.1
ip route 1.0.2.0 255.255.254.0 1.0.1.1
ip route 1.0.8.0 255.255.248.0 1.0.1.1
!...其它国内IP地址段约7000条
ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip access-list extended extlist.nonat.vpn
deny ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.255.255
deny ip 172.16.1.0 0.0.255.255 10.0.0.0 0.0.255.255
permit ip 172.16.1.0 0.0.255.255 any
ip nat inside source list extlist.nonat.vpn interface g 0/0 overload
!----------------------------------------SH END-------------------------------------------------
!-------------------------------------------hk begin----------------------------------------------
!---HK
En
Conf t
No ip domain lookup
Hostname taiwan
interface g 0/0
ip address 61.244.148.166 255.255.255.252
no sh
Ip nat enable
ip nat outside
interface g 0/1
ip address 172.16.2.1 255.255.255.0
no sh
Ip nat enable
Ip nat inside
ip http server
no ip http secure-server
ip route 1.0.1.2 255.255.255.252 61.244.148.165
ip route 0.0.0.0 0.0.0.0 61.244.148.165
ip route 172.16.1.0 255.255.255.0 10.0.0.1
!------gre tunnel
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
tunnel source g 0/0
tunnel destination 1.0.1.2
ip access-list extended extlist.nonat.vpn
permit ip 172.16.1.0 0.0.255.255 any
permit ip 172.16.2.0 0.0.255.255 any
!
ip nat inside source list extlist.nonat.vpn interface g 0/0 overload
!
End
Wr
!-------------------------------------------hk end----------------------------------------------
我现在配置好后并没有实现我的IP分流,在SH端PING 8.8.8.8不通,而且HK端也没有SH端的NAT表。
请帮忙看看问题出在哪儿了?感谢感谢!
!---!!SH端
En
Conf t
No ip domain lookup
Hostname SH
interface g 0/1
ip address 172.16.1.1 255.255.255.0
no sh
Ip nat enable
Ip nat inside
interface g 0/0
ip address 1.0.1.2 255.255.255.252
no sh
Ip nat enable
Ip nat outside
ip http server
no ip http secure-server
!------gre tunnel
interface Tunnel 0
ip address 10.0.0.1 255.255.255.252
tunnel source g 0/0
tunnel destination 61.244.148.166
en
conf t
ip route 116.6.132.32 255.255.255.248 202.104.170.225
ip route 172.16.2.0 255.255.255.0 10.0.0.2
ip route 1.0.1.0 255.255.255.0 1.0.1.1
ip route 1.0.2.0 255.255.254.0 1.0.1.1
ip route 1.0.8.0 255.255.248.0 1.0.1.1
!...其它国内IP地址段约7000条
ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip access-list extended extlist.nonat.vpn
deny ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.255.255
deny ip 172.16.1.0 0.0.255.255 10.0.0.0 0.0.255.255
permit ip 172.16.1.0 0.0.255.255 any
ip nat inside source list extlist.nonat.vpn interface g 0/0 overload
!----------------------------------------SH END-------------------------------------------------
!-------------------------------------------hk begin----------------------------------------------
!---HK
En
Conf t
No ip domain lookup
Hostname taiwan
interface g 0/0
ip address 61.244.148.166 255.255.255.252
no sh
Ip nat enable
ip nat outside
interface g 0/1
ip address 172.16.2.1 255.255.255.0
no sh
Ip nat enable
Ip nat inside
ip http server
no ip http secure-server
ip route 1.0.1.2 255.255.255.252 61.244.148.165
ip route 0.0.0.0 0.0.0.0 61.244.148.165
ip route 172.16.1.0 255.255.255.0 10.0.0.1
!------gre tunnel
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
tunnel source g 0/0
tunnel destination 1.0.1.2
ip access-list extended extlist.nonat.vpn
permit ip 172.16.1.0 0.0.255.255 any
permit ip 172.16.2.0 0.0.255.255 any
!
ip nat inside source list extlist.nonat.vpn interface g 0/0 overload
!
End
Wr
!-------------------------------------------hk end----------------------------------------------
