系统集成论坛

标题: 配置VPN用户通过NAT方式访问Internet外网的示例 [打印本页]

作者: 胡振宇 时间: 2015-11-20 13:45
标题: 配置VPN用户通过NAT方式访问Internet外网的示例
ip vpn-instance vpna  //配置vpn实例vpna
ipv4-family
  route-distinguisher 100:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb  //配置vpn实例vpnb
ipv4-family
  route-distinguisher 100:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
acl number 2000  //配置nat outbound的acl 2000
rule 5 permit vpn-instance vpna source 192.168.1.0 0.0.0.255
rule 10 permit vpn-instance vpnb source 192.168.2.0 0.0.0.255
#
interface GigabitEthernet0/0/0  //配置Router的出接口
ip address 202.100.1.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/1  //连接vpna的接口
ip binding vpn-instance vpna
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2  //连接vpnb的接口
ip binding vpn-instance vpnb
ip address 172.16.2.1 255.255.255.0
#
ip route-static 192.168.1.0 255.255.255.0 vpn-instance vpna 172.16.1.2  //配置Internet到vpna的主机的路由，下一跳为CE1
ip route-static 192.168.2.0 255.255.255.0 vpn-instance vpnb 172.16.2.2  //配置Internet到vpnb的主机的路由，下一跳为CE2
ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 202.100.1.2 public  //配置vpna到Internet的默认路由
ip route-static vpn-instance vpnb 0.0.0.0 0.0.0.0 202.100.1.2 public  //配置vpnb到Internet的默认路由
#

欢迎光临系统集成论坛 (http://bbs.xtjc.com/)