cisco路由环回策略

allen1021

cisco2621路由器：

interface FastEthernet0/0
ip address 10.10.1.1 255.255.255.0
ip nat inside   
interface FastEthernet0/1
ip address 211.147.237.123 255.255.255.0
ip nat outside
上面是IP地址配置
ip nat inside source static tcp  10.0.0.7 3389 211.147.237.123 3389 extendable
这个是做的远程。



内网可以直接输入10.0.0.7访问

外网可以211.147.237.123远程访问。
但是内网不能通过211.147.237.123访问

请问如何通过内网也可以输入211.147.237.123访问？

84983251

这个是DNS 的问题··ASA 8.4（2）有个新功能rewrite dns 可以将你的DNS从定向为内部的服务器的IP···但是路由器没有 要不 ···您辛苦下 修改 下每个需要访问3389的机器的HOSTS文件将他们的域名重定向为内网·
ip nat inside source static tcp  10.0.0.7 3389 211.147.237.123 3389 extendable

这个语句的意思是有人访问我外网接口的3389我就重定向到内网10.0.0.7的服务器的 3389 上面去，如果你是直接通过IP地址访问 是没有办法通过内网访问公网IP来访问你的内网服务器的

宇宙飞侠cwb

路由器不好实现    ASA可以，内部弄个DNS把

allen1021

84983251 发表于 2014-3-19 16:08
这个是DNS 的问题··ASA 8.4（2）有个新功能rewrite dns 可以将你的DNS从定向为内部的服务器的IP···但 ...

华为的可以。在上面做了个双策略。cisco的就不知道怎么弄了。现在又出现了一个问题：

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password Lenx.kdtser
!
username admin password 0 Lenx.kdtser
no aaa new-model
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!         
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.1.1 255.255.255.0
ip nat inside
no shutdown
duplex auto
speed 100
!         
interface FastEthernet0/1
ip address 211.147.237.123 255.255.255.0
ip address 211.147.237.126 255.255.255.0 secondary
ip nat outside
no shutdown
duplex auto
speed 100
!
interface Ethernet1/0
no ip address
shutdown
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
ip nat pool lenx 211.147.237.123 211.147.237.126 netmask 255.255.255.0
ip nat inside source list 1 pool lenx overload
ip nat inside source static tcp  10.0.0.7 3389 211.147.237.123 3389 extendable
ip nat inside source static tcp 10.0.0.7 1723 211.147.237.123 1723 extendable
ip nat inside source static tcp 10.0.0.39 80 211.147.237.123 80 extendable
ip nat inside source static tcp 10.0.0.39 8080 211.147.237.123 8080 extendable
ip nat inside source static tcp 10.0.0.15 12052 211.147.237.123 12052 extendable
ip nat inside source static tcp 10.0.0.10 8010 211.147.237.123 8010 extendable
ip nat inside source static tcp 10.0.0.10 3389 211.147.237.123 8029 extendable
ip nat inside source static tcp 10.0.0.45 8019 211.147.237.123 8019 extendable
ip nat inside source static tcp 10.0.0.45 8087 211.147.237.123 8087 extendable
ip nat inside source static tcp 10.0.0.69 443 211.147.237.123 8091 extendable
ip nat inside source static tcp 10.0.0.68 8099 211.147.237.123 8099 extendable
ip nat inside source static tcp 10.0.0.26 3389 211.147.237.123 4389 extendable
ip nat inside source static tcp 10.0.0.26 8080 211.147.237.123 9080 extendable
ip nat inside source static tcp 10.0.0.26 8081 211.147.237.123 8081 extendable
ip nat inside source static tcp 10.0.0.13 88 211.147.237.123 9092 extendable
ip nat inside source static tcp 10.0.0.33 8010 211.147.237.123 8070 extendable
ip nat inside source static tcp 10.0.0.70 80 211.147.237.126 80 extendable
ip nat inside source static tcp 10.0.0.80 8080 211.147.237.126 8080 extendable
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 211.147.237.97
ip route 10.0.0.0 255.255.0.0 10.10.1.2
ip route 10.1.1.0 255.255.255.0 10.10.1.2
ip route 10.2.1.0 255.255.255.0 10.10.1.2
ip route 10.3.1.0 255.255.255.0 10.10.1.2
ip route 10.4.1.0 255.255.255.0 10.10.1.2
ip route 10.5.1.0 255.255.255.0 10.10.1.2
!
!
access-list 1 permit any
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password Lenx.kdtser
login
!         
!
!
end
这是路由器的配置。在F0/1S上加了一个辅助地址之后，就上不了外网了。

天涯迪