РАЗРАБОТКИ РЭА   |    CISCO  ]



    Подключение к 2-м провайдерам на CISCO (используем VRF)

2isp via vrf 


!
ip cef
!
ip vrf PROV1
 rd 111:111
!
ip vrf PROV2
 rd 222:222
!
ip inspect name PROV1 tcp router-traffic
ip inspect name PROV1 udp router-traffic
ip inspect name PROV1 icmp router-traffic
ip inspect name PROV2 tcp router-traffic
ip inspect name PROV2 udp router-traffic
ip inspect name PROV2 icmp router-traffic
!
!
!
track 11 rtr 11 reachability
 delay down 2
!
track 21 rtr 21 reachability
 delay down 2
!
!
interface Tunnel11
 description PROV1 
 ip address 192.168.100.9 255.255.255.252
 ip mtu 1500
 tunnel source Loopback11
 tunnel destination 192.168.100.2
!
interface Tunnel12
 description PROV1 
 ip vrf forwarding PROV1
 ip address 192.168.100.10 255.255.255.252
 ip mtu 1500
 ip nat inside
 ip virtual-reassembly
 tunnel source Loopback12
 tunnel destination 192.168.100.1
!
interface Tunnel21
 description PROV2 
 ip address 192.168.100.13 255.255.255.252
 ip mtu 1500
 tunnel source Loopback21
 tunnel destination 192.168.100.4
!
interface Tunnel22
 description PROV2 
 ip vrf forwarding PROV2
 ip address 192.168.100.14 255.255.255.252
 ip mtu 1500
 ip nat inside
 ip virtual-reassembly
 tunnel source Loopback22
 tunnel destination 192.168.100.3
!
!
interface Loopback22
 ip address 192.168.100.4 255.255.255.255
!
interface Loopback21
 ip address 192.168.100.3 255.255.255.255
!
interface Loopback12
 ip address 192.168.100.2 255.255.255.255
!
interface Loopback11
 ip address 192.168.100.1 255.255.255.255
!
!
interface FastEthernet0.10
 description PROV1 
 encapsulation dot1Q 10
 ip vrf forwarding PROV1
 ip address 212.1.1.66 255.255.255.248
 ip access-group PROV1-in in
 ip nat outside
 ip inspect PROV1 out
 ip virtual-reassembly
!
interface FastEthernet0.11
 description PROV2 
 encapsulation dot1Q 11
 ip vrf forwarding PROV2
 ip address 112.1.1.18 255.255.255.248
 ip access-group PROV2-in in
 ip nat outside
 ip inspect PROV2 out
 ip virtual-reassembly
!
interface FastEthernet0.20
 description LocalNet
 encapsulation dot1Q 20
 ip address 10.1.50.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1360
 ip policy route-map ROUTEBACK
 no cdp enable
!
router ospf 11 vrf PROV1
 log-adjacency-changes
 network 192.168.100.8 0.0.0.3 area 0
 default-information originate
!
router ospf 21 vrf PROV2
 log-adjacency-changes
 network 192.168.100.12 0.0.0.3 area 0
 default-information originate
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets
 passive-interface FastEthernet0.20
 network 10.1.50.0 0.0.0.255 area 0
 network 192.168.100.8 0.0.0.3 area 0
 network 192.168.100.12 0.0.0.3 area 0
!
ip route vrf PROV1 0.0.0.0 0.0.0.0 212.1.1.65 track 11
ip route vrf PROV2 0.0.0.0 0.0.0.0 112.1.1.17 track 21
!
ip nat inside source list 100 interface FastEthernet0.10 vrf PROV1 overload
ip nat inside source list 100 interface FastEthernet0.11 vrf PROV2 overload
!
ip nat inside source static tcp 10.1.50.20 25 212.1.1.66 25 vrf PROV1 extendable match-in-vrf
ip nat inside source static tcp 10.1.50.21 25 112.1.1.18 25 vrf PROV2 extendable match-in-vrf
!
ip access-list extended PROV1-in
 permit tcp any host 212.1.1.66 eq smtp
 permit tcp any host 212.1.1.66 eq 22
 permit icmp any host 212.1.1.66 
 deny   ip any any
!
ip access-list extended PROV2-in
 permit tcp any host 112.1.1.18 eq smtp
 permit tcp any host 112.1.1.18 eq 22
 permit icmp any host 112.1.1.18
 deny   ip any any
!
ip sla 11
 icmp-echo 212.1.1.65 source-ip 212.1.1.66
 timeout 1000
 threshold 40
 vrf PROV1
 frequency 3
ip sla schedule 11 life forever start-time now
ip sla 21
 icmp-echo 112.1.1.17 source-ip 112.1.1.18
 timeout 1000
 threshold 40
 vrf PROV2
 frequency 3
ip sla schedule 21 life forever start-time now
!
access-list 100 remark ----------- NAT -------------
access-list 100 permit ip 10.1.50.0 0.0.0.255 any
access-list 100 remark ----------- NAT -------------
!
access-list 106 remark -------- PROV1 DNS ------
access-list 106 permit ip any host 212.2.2.2
access-list 106 permit ip any host 212.2.3.2
access-list 106 remark --
access-list 107 remark -------- PROV2 DNS ------
access-list 107 permit ip any host 112.2.2.2
access-list 107 permit ip any host 112.2.3.2
access-list 107 remark ---
!
access-list 120 remark -------- ROUTEBACK VIA PROV1 ------
access-list 120 permit ip host 10.1.50.20 any
access-list 120 remark ---
access-list 122 remark -------- ROUTEBACK VIA PROV2 ------
access-list 122 permit ip host 10.1.50.21 any
access-list 122 remark ---
!
access-list 130 remark ------- ROUTE TO RAPIDSHARE -------
access-list 130 permit ip any 195.122.131.0 0.0.0.255
access-list 130 permit ip any 62.67.50.0 0.0.0.255
access-list 130 permit ip any 80.231.0.0 0.0.255.255
access-list 130 permit ip any 80.239.0.0 0.0.255.255
access-list 130 permit ip any 64.211.0.0 0.0.255.255
access-list 130 permit ip any 64.215.0.0 0.0.255.255
access-list 130 permit ip any 208.48.0.0 0.0.255.255
access-list 130 permit ip any 208.73.0.0 0.0.255.255
access-list 130 permit ip any 212.162.0.0 0.0.255.255
access-list 130 remark ---
!
route-map ROUTEBACK permit 10
 description -=[ Always via PROV1 ]=-
 match ip address 106 120
 set interface Tunnel11
!
route-map ROUTEBACK permit 20
 description -=[ Always via PROV2 ]=-
 match ip address 107 122
 set interface Tunnel21
!
route-map ROUTEBACK permit 30
 description [Route to PROV1]
 match ip address 130 
 set ip next-hop verify-availability 192.168.100.10 1 track 11
!