您的位置:首页 > 其它

策略路由和NAT实现负载均衡实例教程

2014-03-16 13:07 453 查看
一、组网需求:

1.正常情况下10.0.0.2从出口12.12.12.0NAT转化成100.0.0.0的地址,20.0.0.2从出口13.13.13.0NAT转化成200.0.0.0的地址,实现负载均衡。

2.FW双出口的某一条链路down,所有用户NAT成同一地址段出去,实现链路冗余。

二、实验组网



四、关键配置

USG5360 (V100R003C01SPC007):

ip address-set 100and200 type object

address 0 10.0.0.0 mask 24

address 1 20.0.0.0 mask 24

#

ip address-set 10.0.0.2 type object

address 0 10.0.0.0 mask 24

#

ip address-set 20.0.0.2 type object

address 0 20.0.0.0 mask 24

#

acl number 3001

rule 0 permit ip source 10.0.0.0 0.255.255.255

acl number 3002

rule 0 permit ip source 20.0.0.0 0.255.255.255

#

nat address-group 100 NAT1 100.0.0.1 100.0.0.100

nat address-group 200 NAT2 200.0.0.1 200.0.0.100

#

traffic classifier 12

if-match acl 3001

traffic classifier 13

if-match acl 3002

#

traffic behavior 12

remark ip-nexthop 12.12.12.2 output-interface GigabitEthernet0/0/0

traffic behavior 13

remark ip-nexthop 13.13.13.2 output-interface GigabitEthernet0/0/1

#

qos policy re

classifier 12 behavior 12

classifier 13 behavior 13

#

interface GigabitEthernet0/0/0

ip address 12.12.12.1 255.255.255.252

#

interface GigabitEthernet0/0/1

ip address 13.13.13.1 255.255.255.252

#

interface GigabitEthernet0/0/2

ip address 20.0.0.1 255.255.255.0

#

interface GigabitEthernet0/0/3

ip address 10.0.0.1 255.255.255.0

# http://www.server-cn.com/
firewall zone local

set priority 100

#

firewall zone trust

set priority 85

qos apply policy re outbound

add interface GigabitEthernet0/0/2

add interface GigabitEthernet0/0/3

#

firewall zone untrust

set priority 5

#

firewall zone name t100

set priority 10

add interface GigabitEthernet0/0/0

#

firewall zone name t200

set priority 11

add interface GigabitEthernet0/0/1

#

nat-policy interzone trust untrust outbound

#

nat-policy interzone trust t100 outbound

policy 0

action source-nat

policy source address-set 100and200 copyright
by http://www.server-cn.com/
address-group NAT1

#

nat-policy interzone trust t200 outbound

policy 0

action source-nat

policy source address-set 100and200

address-group NAT2

#

ip route-static 0.0.0.0 0.0.0.0 13.13.13.2

ip route-static 0.0.0.0 0.0.0.0 12.12.12.2

#
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航