模似双ISP接入NAT转换+内外链路负载均担+BT限制

network

router# show run
Building configuration...
Current configuration : 2733 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
!
ip subnet-zero
!
!
!
!
!
class-map match-any p2p
  match protocol fasttrack file-transfer "*"  //定义匹配协议条件
!
!
policy-map block-p2p
  class p2p                                //策略条件
   set ip dscp 1
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0     //内网IP
duplex auto
speed auto
no cdp enable
!
interface Serial1/0                         //外网IP-ISP1
description Internet/Outside facing interface
ip address xxx.27.144.254 255.255.255.0
ip access-group 100 out
ip nat outside
serial restart-delay 0
!
interface Serial1/1                         //外网IP-ISP2
description Internet/Outside facing interface
ip address xxx.27.155.254 255.255.255.0
ip access-group 100 out                     
ip nat outside
serial restart-delay 0
!         
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip nat pool isp-s1/0 192.168.1.2 192.168.1.50 prefix-length 24    //isp1 NAT poll   
ip nat pool isp-s1/1 192.168.1.51 192.168.1.100 prefix-length 24  //isp2 NAT poll
ip nat pool webset 192.168.1.200 192.168.1.210 netmask 255.255.255.0 type rotary  //destination NAT poll
ip nat pool ftpserver 192.168.1.220 192.168.1.221 netmask 255.255.255.0 type rotary//destination NAT poll
ip nat inside source route-map isp-s1/0 pool isp-s1/0 overload  //应用到source interface
ip nat inside source route-map isp-s1/1 pool isp-s1/1 overload  //应用到source interface
ip nat inside destination list 1 pool webset                   //关联destination list
ip nat inside destination list 2 pool ftpserver               // 关联destination list
ip route 0.0.0.0 0.0.0.0 xxx.27.144.1                        //浮动路由下一跳地址
ip route 192.168.1.0 255.255.255.0 xxx.27.155.1             // 浮动路由下一跳地址
ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 115 deny   tcp any any eq 135
access-list 115 deny   udp any any eq 135
access-list 115 deny   udp any any eq tftp
access-list 115 deny   udp any any eq netbios-ns
access-list 115 deny   udp any any eq netbios-dgm
access-list 115 deny   tcp any any eq 139
access-list 115 deny   udp any any eq netbios-ss
access-list 115 deny   tcp any any eq 445
access-list 115 deny   tcp any any eq 593
access-list 115 deny   tcp any any eq 1068
access-list 115 deny   tcp any any eq 5554
access-list 115 deny   tcp any any eq 9995
access-list 115 deny   tcp any any eq 9996
access-list 115 deny   tcp any any eq 3127
access-list 115 deny   tcp any any eq 2745
access-list 115 deny   tcp any any eq 1025
access-list 115 deny   tcp any any eq 6129
access-list 115 deny   tcp any any eq 54123
route-map isp-s1/0 permit 2                       //路由策略条件
match ip address 10
set ip next-hop xxx.27.144.1
!
route-map isp-s1/1 permit 2                      //路由策略条件
match ip address 10
set ip next-hop xxx.27.155.1
!
!
line con 0
line aux 0
login
line vty 0 4
login
!
end