alespopov
Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору
1)
interface FastEthernet3/1
ip nat outside
int FastEthernet0/0
ip nat inside
int FastEthernet3/0
ip nat inside
2)
ip nat inside source route-map nonat1 interface FastEthernet0/1 overload
ip nat inside source route-map nonat2 interface FastEthernet1/0 overload
ip nat inside source route-map nonat3 interface FastEthernet3/1 overload
#
route-map nonat1 permit 10
match ip address 110
route-map nonat2 permit 10
match ip address 111
route-map nonat3 permit 10
match ip address 112
#
access-list 110 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx1.225 0.0.0.31
access-list 110 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx2.1 0.0.0.31
access-list 110 permit ip 172.17.22.0 0.0.0.15 any
access-list 110 permit ip 172.17.24.0 0.0.0.15 any
access-list 110 permit ip 172.17.177.0 0.0.0.255 any
access-list 111 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx1.225 0.0.0.31
access-list 112 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx2.1 0.0.0.31
access-list 111 permit ip 172.17.22.0 0.0.0.15 any
access-list 111 permit ip 172.17.24.0 0.0.0.15 any
access-list 111 permit ip 172.17.177.0 0.0.0.255 any
access-list 112 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx1.225 0.0.0.31
access-list 112 deny ip 195.хх.хх.238 0.0.0.3 84.xx.xx2.1 0.0.0.31
access-list 112 permit ip 172.17.22.0 0.0.0.15 any
access-list 112 permit ip 172.17.24.0 0.0.0.15 any
access-list 112 permit ip 172.17.177.0 0.0.0.255 any
Ну как-то так, вроде должно быть у Вас. Обратите внимание на маски в acess-list-ах!
|
Всего записей: 377 | Зарегистр. 04-09-2001 | Отправлено: 15:27 15-10-2009 | Исправлено: alespopov, 15:34 15-10-2009 |
|
