请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科服务支持社区 点击关注
思科服务支持社区

  
 找回密码
 立即注册

扫一扫,访问微社区

搜索
热搜: 邮件服务器
查看: 680|回复: 3

cisco 2911内网访问映射公网IP问题

[复制链接]
发表于 2018-5-14 19:02:45 | 显示全部楼层 |阅读模式
3可用金钱
HI 各位大神:
   有思科2911路由,配置如下:
interface GigabitEthernet0/0
description connect to CT
ip address 113.140.*.* 255.255.255.0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map cisco
!
interface GigabitEthernet0/1
description connect to Firewall_g0/0
ip address 10.86.98.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat translation tcp-timeout 2400
ip nat inside source list nat interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendable
ip route 0.0.0.0 0.0.0.0 113.140.*.*
ip route 10.86.95.0 255.255.255.0 10.86.98.2
ip route 10.86.96.0 255.255.255.0 10.86.98.2
ip route 10.86.97.0 255.255.255.0 10.86.98.2
ip route 10.86.98.192 255.255.255.192 10.86.98.2 name wlan_guest
!
ip access-list extended nat
deny   ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended vpn
permit ip 10.86.95.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.95.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.96.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.97.0 0.0.0.255 10.216.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.86.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.16.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.98.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.70.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.232.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.40.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.32.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.50.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.99.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.97.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.200.0.0 0.0.255.255
permit ip 10.86.98.0 0.0.0.255 10.216.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
line con 0
timeout login response 60
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
line vty 5 15
login local
transport input none
line vty 16 935
login local
transport input all
!
scheduler allocate 20000 1000
!
end


ip nat inside source static tcp 10.86.95.24 89 113.140.*.* 8999 extendable
现需要内网IP地址,通过公网IP113.140.*.*,访问映射出去的10.86.95.24 89这个服务器,麻烦给给配置。

最佳答案

查看完整内容

最佳解决方案:使用域名,一劳永逸。内网架设DNS server,解析为真实内部IP。外部的DNS解析为映射后的IP。 另一个解决方案就是用ip nat enbale,之前社区有人试过,好像不稳定,具体配置看这个帖子5楼: http://bbs.csc-china.com.cn/forum.php?mod=redirect&goto=findpost&ptid=985673&pid=1021023&fromuid=78304
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (2 评价)
发表于 2018-5-14 19:02:46 | 显示全部楼层
最佳解决方案:使用域名,一劳永逸。内网架设DNS server,解析为真实内部IP。外部的DNS解析为映射后的IP。

另一个解决方案就是用ip nat enbale,之前社区有人试过,好像不稳定,具体配置看这个帖子5楼:
http://bbs.csc-china.com.cn/foru ... 3&fromuid=78304
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (2 评价)
发表于 2018-5-15 08:54:57 | 显示全部楼层
楼上说的是最好的方法,DNS解决
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (2 评价)
发表于 2018-5-15 08:56:55 | 显示全部楼层
本帖最后由 YilinChen 于 2018-5-15 08:58 编辑

内部DNS 是推荐的解决方案;

  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (2 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科服务支持社区  

GMT+8, 2018-7-17 11:29 , Processed in 0.081266 second(s), 37 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表