Route mapa w routerze
Download
Report
Transcript Route mapa w routerze
Autor: Leszek Gorzelnik , Kraków 2007
DHCP
local
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
Router jednointerface'wy jako
serwer DHCP z usługą NAT
DHCP
ip dhcp excluded-address 10.188.215.200
ip dhcp excluded-address 10.188.215.1
ip dhcp excluded-address 10.188.215.100
!
ip dhcp pool LOKALNA_215
network 10.188.215.0 255.255.255.0
default-router 10.188.215.1
dns-server 10.10.0.2 10.10.0.3
local
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
Sieć
10.188.215.0
DHCP
ip dhcp excluded-address 10.188.215.200
ip dhcp excluded-address 10.188.215.1
ip dhcp excluded-address 10.188.215.100
!
ip dhcp pool LOKALNA_215
network 10.188.215.0 255.255.255.0
default-router 10.188.215.1
dns-server 10.10.0.2 10.10.0.3
local
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
Sieć 172.27.10.0
brama 172.27.10.1
Sieć 10.10.0.0
ip route 0.0.0.0 0.0.0.0 172.27.10.1
interface FastEthernet0/0
ip address 10.188.215.1 255.255.255.0 secondary
ip address 172.27.10.3 255.255.255.0
ip access-group 111 in
ip nat outside
ip policy route-map NAT
local
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
interface FastEthernet0/0
ip address 10.188.215.1 255.255.255.0 secondary
ip address 172.27.10.3 255.255.255.0
ip access-group 111 in
ip nat outside
ip policy route-map NAT
local
ACL
fa0/0
route-map
Loopback0
Inside
public
access-list 111 permit tcp 10.10.0.0 0.0.255.255 any eq telnet
Outside
access-list
111 deny tcp any any eq telnet
access-list 111 permit icmp 10.188.0.0 0.0.255.255 any
access-list 111 permit icmp any any echo-reply
access-list 111 deny icmp NAT
any any
access-list 111 permit tcp 10.10.0.0 0.0.255.255 any eq 3389
access-list 111 deny tcp any any eq 3389
access-list 111 permit tcp 10.10.0.0 0.0.255.255 any eq 5900
access-list 111 deny tcp any any eq 5900
access-list 111 permit ip any any
interface FastEthernet0/0
ip address 10.188.215.1 255.255.255.0 secondary
ip address 172.27.10.3 255.255.255.0
ip access-group 111 in
ip nat outside
ip policy route-map NAT
local
interface Loopback0
ip address 192.168.215.1 255.255.255.0
ip nat inside
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
interface FastEthernet0/0
ip address 10.188.215.1 255.255.255.0 secondary
ip address 172.27.10.3 255.255.255.0
ip access-group 111 in
ip nat outside
ip policy route-map NAT
local
interface Loopback0
ip address 192.168.215.1 255.255.255.0
ip nat inside
ACL
public
fa0/0
route-map
Loopback0
Inside
Outside
NAT
route-map NAT permit 10
match ip address SiecNAT
set interface Loopback0
ip access-list extended SiecNAT
permit ip 10.188.215.0 0.0.0.255 any
interface FastEthernet0/0
ip address 10.188.215.1 255.255.255.0 secondary
ip address 172.27.10.3 255.255.255.0
ip access-group 111 in
ip nat outside
ip policy route-map NAT
local
interface Loopback0
ip address 192.168.215.1 255.255.255.0
ip nat inside
ACL
public
172.27.10.3
fa0/0
route-map
Loopback0
Inside
Outside
route-map NAT permit 10
match ip address SiecNAT
set interface Loopback0
NAT
ip nat pool TRANSLATOR 172.27.10.3 172.27.10.3 netmask 255.255.255.0
ip nat inside source list SiecNAT pool TRANSLATOR overload
ip nat inside source static tcp 10.188.215.100 5900 172.27.10.3 5900 extendable
ip nat inside source static tcp 10.188.215.100 3389 172.27.10.3 3389 extendable
Sieć 10.10.0.0