【求助】2811+1个HWIC-4ESW做了双出口,发布内部WEB服务的问题
使用2811+1个HWIC-4ESW配置双线路,以下配置可以实现内部用户访问不同网段的地址走不同的线路,如果一个线路网关不同会走另一个线路,由于没有购买VPN,想实现发布内部WEB服务、远程VPN接入,需要做端口映射来发布内部的WEB服务器和VPN服务器,在使用国产某一双WAN 口路由器上实验一切没有问题,但在2811上却不知道如何实现了,特此求助。
两个问题:
1、做了端口映射发布内部web服务,但从外部访问非常慢,页面只能打开一点
2、从外部不能用telnet 登陆到路由器,连不上23端口,但可以ping到路由器的IP,该如何设置允许登陆
配置如下:
Building configuration...
Current configuration : 3411 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2811
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$Tn5d$ZmPkiEKSCj.FIqviHHde31
enable password bantouyan
!
no aaa new-model
!
resource policy
!
clock timezone Beijing 8
ip subnet-zero
!
!
ip cef
!
!
ip domain name c2811.com
ip name-server 202.102.152.3
!
username cisco privilege 15 secret 5 $1$YAdC$jqBk3Qh0E/nAEEiLaRdgK.
!
!
!
interface FastEthernet0/0
description Route_CNC$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address 221.xxx.xxx.213 255.255.255.248
no ip proxy-arp
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description Route_EDU$ETH-LAN$
ip address 202.xxx.xxx.229 255.255.255.240
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/2/0
switchport access vlan 2
no mop enabled
!
interface FastEthernet0/2/1
!
interface FastEthernet0/2/2
shutdown
!
interface FastEthernet0/2/3
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.16.1.254 255.255.255.0
ip nat inside
ip policy route-map dual_isp
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 172.16.1.0 255.255.255.0 172.16.1.253
!
ip http server
ip http port 8081
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map NAT_CNC interface FastEthernet0/0 overload
ip nat inside source route-map NAT_EDU interface FastEthernet0/1 overload
ip nat inside source static tcp 172.16.1.253 80 221.xxx.xxx.213 80 extendable
!
access-list 101 permit ip 172.16.1.0 0.0.0.255 202.xxx.0.0 0.0.255.255
access-list 102 permit ip any any
snmp-server community public RO
route-map dual_isp permit 10
match ip address 101
set ip next-hop 202.xxx.xxx.238 221.xxx.xxx.214
!
route-map dual_isp permit 20
match ip address 102
set ip next-hop 221.xxx.xxx.214 202.xxx.xxx.238
!
route-map NAT_CNC permit 10
match interface FastEthernet0/0
!
route-map NAT_EDU permit 10
match interface FastEthernet0/1
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco".
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username privilege 15 secret 0
no username cisco
Replace and with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password bantouyan
login local
transport input none
line vty 5 15
privilege level 15
password bantouyan
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
阅读(1445) | 评论(0) | 转发(0) |