本文档详细介绍了如何配置电信与联通双线路的网络连接,包括接口设置、区域划分、NAT策略、端口映射、路由配置以及会话链路状态检查的关闭,确保设备能够同时使用两条线路进行稳定上网。
1:配置接口
interface GigabitEthernet0/0/1
description DianXin
ip address 222.177.xxx.xxx 255.255.255.224
interface GigabitEthernet0/0/2
description LianTong
ip address 113.204.xxx.xxx 255.255.255.240
interface GigabitEthernet0/0/3
description lan
ip address 1.1.1.1 255.255.255.248
2:配置zone,双线不能在同一个zone
trust
priority is 85
interface of the zone is (2):
GigabitEthernet0/0/0
GigabitEthernet0/0/3
untrust
priority is 5
interface of the zone is (1):
GigabitEthernet0/0/1 //电信
untrust1
priority is 6
interface of the zone is (1):
GigabitEthernet0/0/2 //联通
3:配置nat池和源nat配置
nat address-group 1 dianxin 222.177.xxx.xxx 222.177.xxx.xxx
nat address-group 2 liantong 113.204.xxx.xxx 113.204.xxx.xxx
nat-policy interzone trust untrust outbound
policy 1
action source-nat
address-group dianxin
nat-policy interzone trust untrust1 outbound
policy 1
action source-nat
address-group liantong
4:配置端口映射
nat server 0 protocol tcp global 113.204.xxx.xxx www inside 192.168.100.6 www no-reverse
nat server 45 protocol tcp global 222.177.xxx.xxx 6000 inside 192.168.100.3 6000 no-reverse
5:配置一条电信默认路由和多条网通静态路由
ip route-static 0.0.0.0 0.0.0.0 222.177.xxx.xxx
ip route-static 1.1.1.8 255.255.255.248 1.1.1.2
ip route-static 58.16.0.0 255.255.0.0 113.204.65.81
ip route-static 58.17.0.0 255.255.128.0 113.204.65.81
ip route-static 58.17.128.0 255.255.128.0 113.204.65.81
ip route-static 58.18.0.0 255.255.0.0 113.204.65.81
ip route-static 58.19.0.0 255.255.0.0 113.204.65.81
ip route-static 58.20.0.0 255.255.0.0 113.204.65.81
ip route-static 58.21.0.0 255.255.0.0 113.204.65.81
静态路由表下载地址:
http://www.h3c.com.cn/Service/Software_Download/Router/Catalog/ER/ER_WAN/200911/655278_30005_0.htm
6:关闭会话链路状态检查
undo firewall session link-state check
7:包过滤默认允许所有
firewall packet-filter default permit all
扫一扫
422
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
