设为首页收藏本站
切换到窄版

博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
博威---云架构决胜云计算»广场 云计算 华为技术 asa5520 双ISP做简单的备份 并通过outside口网通线路作v ...
返回列表 发新帖
查看: 1899|回复: 4

asa5520 双ISP做简单的备份 并通过outside口网通线路作vpn应用。

[复制链接]
发表于 2008-2-20 14:07:20 | 显示全部楼层 |阅读模式
asa5520 双ISP做简单的备份 并通过outside口网通线路作vpn应用。


用cisco的client软件连不上请教?配置如下!谢谢!!!!!
show ver

Cisco Adaptive Security Appliance Software Version 7.0(6)
Device Manager Version 5.0(6)

Compiled on Tue 22-Aug-06 13:22 by builders
System image file is "disk0:/asa706-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 33 mins 25 secs

Hardware:   ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0  : address is 001a.6de9.2ac8, irq 9
1: Ext: GigabitEthernet0/1  : address is 001a.6de9.2ac9, irq 9
2: Ext: GigabitEthernet0/2  : address is 001a.6de9.2aca, irq 9
3: Ext: GigabitEthernet0/3  : address is 001a.6de9.2acb, irq 9
4: Ext: Management0/0       : address is 001a.6de9.2acc, irq 11
5: Int: Not licensed        : irq 11
6: Int: Not licensed        : irq 5
<--- More --->
              

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 100      
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled   
VPN-3DES-AES                : Disabled  
Security Contexts           : 2         
GTP/GPRS                    : Disabled  
VPN Peers                   : 750      

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1051K3T1
Running Activation Key: 0x411f0f45 0xdc0d9a28 0xe82155c8 0xa45c10e4 0xc818d480
Configuration register is 0x1
Configuration last modified by enable_15 at 01:18:23.520 UTC Sun Mar 18 2007

ciscoasa#  show run
: Saved
:
ASA Version 7.0(6)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password kOnQwctX3GA7YBoq encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif dianxin
security-level 0
ip address 222.89.175.210 255.255.255.224
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 61.154.188.12 255.255.255.248
!
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 172.16.7.254 255.255.252.0
!
interface GigabitEthernet0/3
nameif inside
security-level 100
ip address 192.138.138.1 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd 9jNfZuG3TC5tCVH0 encrypted
ftp mode passive
access-list 101 extended permit ip 192.138.138.0 255.255.255.0 192.138.138.0 255.255.255.0
pager lines 24
mtu dianxin 1500
mtu outside 1500
mtu dmz 1500
mtu inside 1500
ip local pool vpnpool 192.138.138.50-192.138.138.99
no failover
icmp permit any dianxin
icmp permit any outside
asdm image disk0:/asdm506.bin
<--- More --->
              
no asdm history enable
arp timeout 14400
global (dianxin) 1 interface
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0
route dianxin 59.42.0.0 255.255.0.0 222.89.175.193 1
route dianxin 0.0.0.0 0.0.0.0 222.89.175.193 254
route outside 0.0.0.0 0.0.0.0 61.154.188.9 1
route dmz 172.16.0.0 255.255.0.0 172.16.4.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpnclient internal
group-policy vpnclient attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 101
webvpn
username kfdl password ADh2zndpjBZijVBB encrypted
http server enable
http 192.138.138.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-des esp-sha-hmac
crypto dynamic-map vpnmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic vpnmap
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group kfdl type ipsec-ra
tunnel-group kfdl general-attributes
address-pool vpnpool
authentication-server-group none
authorization-server-group LOCAL
default-group-policy vpnclient
tunnel-group kfdl ipsec-attributes
pre-shared-key *
telnet 192.138.138.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 dianxin
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
dhcpd address 192.138.138.100-192.138.138.254 inside
dhcpd dns 202.102.224.68 202.102.227.68
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:d2481e9552601db5301308f682f95571
: end

ciscoasa#
回复

使用道具 举报

 楼主| 发表于 2008-2-20 14:08:43 | 显示全部楼层
满足了客户的以下要求:
1,平常上网从网通走
2,有些地方用电信访问自己的网站比较快的从电信出去 3,电信线路起到备份作用3,销售人员通过cisco的VPN-CLIENT连入内网访问资源。


ciscoasa# show run
: Saved
:
ASA Version 7.0(6)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password z0uKXc.5hU1EiSza encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif dianxin
security-level 0
ip address 222.89.175.210 255.255.255.224
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 61.154.188.12 255.255.255.248
!
interface GigabitEthernet0/2
nameif dmz
security-level 50
ip address 172.16.7.254 255.255.252.0
!
interface GigabitEthernet0/3
nameif inside
security-level 100
ip address 192.138.138.1 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd oIi1AmRVZ2DQujhk encrypted
ftp mode passive
access-list nonat extended permit ip 192.138.138.0 255.255.255.0 192.168.10.0 255.255.255.192
access-list 101 extended permit ip 192.138.138.0 255.255.255.0 192.168.10.0 255.255.255.192
pager lines 24
mtu dianxin 1500
mtu outside 1500
mtu dmz 1500
mtu inside 1500
ip local pool vpnclient 192.168.10.1-192.168.10.63
no failover
icmp permit any dianxin
icmp permit any outside
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
global (dianxin) 1 interface
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0
route dianxin 0.0.0.0 0.0.0.0 222.89.175.193 254  电信缺省路由用于备份
route dianxin 59.42.0.0 255.255.0.0 222.89.175.193 1 其它电信路由用于简单的负载均衡
route dianxin 61.145.52.0 255.255.255.0 222.89.175.193 1
route dianxin 61.145.53.0 255.255.255.0 222.89.175.193 1
route dianxin 61.145.54.0 255.255.255.0 222.89.175.193 1
route dianxin 61.145.55.0 255.255.255.0 222.89.175.193 1
route dianxin 61.129.70.0 255.255.255.0 222.89.175.193 1
route dianxin 61.129.78.0 255.255.255.0 222.89.175.193 1
route dianxin 61.129.88.0 255.255.255.0 222.89.175.193 1
route dianxin 219.140.177.0 255.255.255.0 222.89.175.193 1
route dianxin 219.148.1.0 255.255.255.0 222.89.175.193 1
route dianxin 219.150.193.0 255.255.255.0 222.89.175.193 1
route dianxin 219.154.152.111 255.255.255.255 222.89.175.193 1
route dianxin 59.43.0.0 255.255.0.0 222.89.175.193 1
route dianxin 58.42.0.0 255.255.0.0 222.89.175.193 1
route dianxin 58.43.0.0 255.255.0.0 222.89.175.193 1
route dianxin 58.40.0.0 255.248.0.0 222.89.175.193 1
route dianxin 59.48.0.0 255.255.0.0 222.89.175.193 1
route dianxin 59.49.0.0 255.255.128.0 222.89.175.193 1
route dianxin 59.49.128.0 255.255.128.0 222.89.175.193 1
route dianxin 59.50.0.0 255.255.0.0 222.89.175.193 1
route dianxin 60.160.0.0 255.224.0.0 222.89.175.193 1
route dianxin 60.168.0.0 255.248.0.0 222.89.175.193 1
route dianxin 61.136.128.0 255.255.128.0 222.89.175.193 1
route dianxin 125.104.0.0 255.248.0.0 222.89.175.193 1
route dianxin 61.177.0.0 255.255.0.0 222.89.175.193 1
route dianxin 61.178.0.0 255.255.0.0 222.89.175.193 1
route dianxin 61.180.0.0 255.255.0.0 222.89.175.193 1
route dianxin 159.226.26.78 255.255.255.255 222.89.175.193 1
route dianxin 202.107.204.206 255.255.255.255 222.89.175.193 1
route outside 0.0.0.0 0.0.0.0 61.154.188.9 1 网通缺省路由
route dmz 172.16.0.0 255.255.0.0 172.16.4.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpnclient internal
group-policy vpnclient attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value nonat
webvpn
http server enable
http 192.138.138.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map vpnmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic vpnmap
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group lyyt type ipsec-ra
tunnel-group lyyt general-attributes
address-pool vpnclient
authentication-server-group none
authorization-server-group LOCAL
default-group-policy vpnclient
tunnel-group lyyt ipsec-attributes
pre-shared-key *
telnet 192.138.138.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 dianxin
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
dhcpd address 192.138.138.100-192.138.138.254 inside
dhcpd dns 202.102.224.68 202.102.227.68
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:9bbc66712c70ab0cad70ef7f455a0165
: end
回复 支持 反对

使用道具 举报

 楼主| 发表于 2008-2-20 14:09:08 | 显示全部楼层
http://www.cisco.com/en/US/produ ... 86a00806e880b.shtml
回复 支持 反对

使用道具 举报

 楼主| 发表于 2008-2-20 14:09:51 | 显示全部楼层
http://www.cisco.com/en/US/produ ... 86a00806e880b.shtml
回复 支持 反对

使用道具 举报

 楼主| 发表于 2008-2-20 14:12:20 | 显示全部楼层
另外一个很有参考的案例



jxwsj(config)# show run
: Saved
:
ASA Version 7.0(5)
!
hostname jxwsj
domain-name cisco.com
enable password fCoWG.vztqKmZjts encrypted
names
dns-guard
!
interface GigabitEthernet0/0
description tocnc
nameif outside
security-level 0
ip address 网通IP 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.1.5.2 255.255.255.0
!
interface GigabitEthernet0/2
description to cnt
nameif ct
security-level 0
ip address 电信IP 255.255.255.248
!
interface GigabitEthernet0/3
nameif gov
security-level 40
ip address 21.36.255.14 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd nRRwDj.AHmVtB9jY encrypted
ftp mode passive
access-list 110 extended permit ip any any
access-list 150 extended permit tcp any any eq www
access-list 150 extended permit tcp any any eq 8080
access-list 150 extended permit tcp any any eq lotusnotes
access-list 150 extended permit icmp any any
access-list 150 extended deny ip any any
access-list inside_in extended permit ip any any
access-list 102 extended permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.3.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.4.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.1.5.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list tempdeny extended deny ip host 192.168.3.11 any
access-list tempdeny extended deny ip host 192.168.3.12 any
access-list tempdeny extended deny ip host 192.168.3.13 any
access-list tempdeny extended deny ip host 192.168.3.14 any
access-list tempdeny extended permit ip any any
access-list 111 extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu gov 1500
mtu management 1500
mtu ct 1500
ip local pool vpdn 192.168.200.1-192.168.200.100
no failover
asdm image disk0:/asdm505.bin
no asdm history enable
arp inside 192.168.3.14 0016.1727.a178
arp inside 192.168.3.13 000a.480b.2295
arp inside 192.168.3.12 0030.1b31.a88b
arp inside 192.168.3.11 000a.480e.24a4
arp timeout 14400
global (outside) 1 interface
global (ct) 1 interface
nat (inside) 0 access-list 102
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 110 in interface outside
access-group tempdeny in interface inside
access-group 150 in interface gov
access-group 111 in interface ct
route outside 0.0.0.0 0.0.0.0 网通网关 254  (备份路由)
route outside 222.160.0.0 255.224.0.0 网通网关 1
route outside 222.162.0.0 255.255.0.0 网通网关 1
route outside 222.160.0.0 255.254.0.0 网通网关 1
route outside 222.136.0.0 255.248.0.0 网通网关 1
route outside 222.132.0.0 255.252.0.0 网通网关 1
route outside 222.128.0.0 255.252.0.0 网通网关 1
route outside 221.216.0.0 255.248.0.0 网通网关 1
route outside 221.213.0.0 255.255.0.0 网通网关 1
route outside 221.212.0.0 255.255.0.0 网通网关 1
route outside 221.208.0.0 255.252.0.0 网通网关 1
route outside 221.207.0.0 255.255.192.0 网通网关 1
route outside 221.204.0.0 255.254.0.0 网通网关 1
route outside 221.200.0.0 255.252.0.0 网通网关 1
route outside 221.199.192.0 255.255.240.0 网通网关 1
route outside 221.199.128.0 255.255.192.0 网通网关 1
route outside 221.199.32.0 255.255.240.0 网通网关 1
route outside 221.199.0.0 255.255.224.0 网通网关 1
route outside 221.198.0.0 255.255.0.0 网通网关 1
route outside 221.196.0.0 255.254.0.0 网通网关 1
route outside 221.192.0.0 255.252.0.0 网通网关 1
route outside 221.14.0.0 255.254.0.0 网通网关 1
route outside 221.13.128.0 255.255.128.0 网通网关 1
route outside 221.13.64.0 255.255.224.0 网通网关 1
route outside 221.13.0.0 255.255.192.0 网通网关 1
route outside 125.210.0.0 255.255.0.0 网通网关 1
route outside 58.100.0.0 255.255.0.0 网通网关 1
route outside 219.82.0.0 255.255.0.0 网通网关 1
route outside 218.108.0.0 255.255.0.0 网通网关 1
route outside 221.12.128.0 255.255.192.0 网通网关 1
route outside 221.12.0.0 255.255.128.0 网通网关 1
route outside 221.11.128.0 255.255.224.0 网通网关 1
route outside 221.11.0.0 255.255.128.0 网通网关 1
route outside 221.10.0.0 255.255.0.0 网通网关 1
route outside 221.8.0.0 255.254.0.0 网通网关 1
route outside 221.7.128.0 255.255.128.0 网通网关 1
route outside 221.7.64.0 255.255.224.0 网通网关 1
route outside 221.7.0.0 255.255.192.0 网通网关 1
route outside 221.6.0.0 255.255.0.0 网通网关 1
route outside 221.4.0.0 255.254.0.0 网通网关 1
route outside 221.3.128.0 255.255.128.0 网通网关 1
route outside 221.0.0.0 255.252.0.0 网通网关 1
route outside 218.68.0.0 255.254.0.0 网通网关 1
route outside 218.67.128.0 255.255.128.0 网通网关 1
route outside 218.60.0.0 255.254.0.0 网通网关 1
route outside 218.56.0.0 255.252.0.0 网通网关 1
route outside 218.28.0.0 255.254.0.0 网通网关 1
route outside 218.26.0.0 255.254.0.0 网通网关 1
route outside 218.24.0.0 255.254.0.0 网通网关 1
route outside 218.12.0.0 255.255.0.0 网通网关 1
route outside 218.11.0.0 255.255.0.0 网通网关 1
route outside 218.10.0.0 255.255.0.0 网通网关 1
route outside 218.8.0.0 255.254.0.0 网通网关 1
route outside 218.7.0.0 255.255.0.0 网通网关 1
route outside 202.111.160.0 255.255.224.0 网通网关 1
route outside 202.111.128.0 255.255.224.0 网通网关 1
route outside 202.110.192.0 255.255.192.0 网通网关 1
route outside 202.110.64.0 255.255.192.0 网通网关 1
route outside 202.110.0.0 255.255.192.0 网通网关 1
route outside 202.108.0.0 255.255.0.0 网通网关 1
route outside 202.107.0.0 255.255.128.0 网通网关 1
route outside 202.106.0.0 255.255.0.0 网通网关 1
route outside 202.102.224.0 255.255.224.0 网通网关 1
route outside 202.102.128.0 255.255.192.0 网通网关 1
route outside 202.99.224.0 255.255.224.0 网通网关 1
route outside 202.99.192.0 255.255.224.0 网通网关 1
route outside 202.99.128.0 255.255.192.0 网通网关 1
route outside 202.99.64.0 255.255.192.0 网通网关 1
route outside 202.99.0.0 255.255.192.0 网通网关 1
route outside 202.98.0.0 255.255.224.0 网通网关 1
route outside 202.97.192.0 255.255.192.0 网通网关 1
route outside 202.97.160.0 255.255.224.0 网通网关 1
route outside 202.97.128.0 255.255.224.0 网通网关 1
route outside 202.96.64.0 255.255.224.0 网通网关 1
route outside 202.96.0.0 255.255.192.0 网通网关 1
route outside 61.189.0.0 255.255.128.0 网通网关 1
route outside 61.182.0.0 255.255.0.0 网通网关 1
route outside 61.181.0.0 255.255.0.0 网通网关 1
route outside 61.180.128.0 255.255.128.0 网通网关 1
route outside 61.179.0.0 255.255.0.0 网通网关 1
route outside 61.176.0.0 255.255.0.0 网通网关 1
route outside 61.168.0.0 255.255.0.0 网通网关 1
route outside 61.167.0.0 255.255.0.0 网通网关 1
route outside 61.163.0.0 255.255.0.0 网通网关 1
route outside 61.162.0.0 255.255.0.0 网通网关 1
route outside 61.161.128.0 255.255.128.0 网通网关 1
route outside 61.161.0.0 255.255.192.0 网通网关 1
route outside 61.159.0.0 255.255.192.0 网通网关 1
route outside 61.158.128.0 255.255.128.0 网通网关 1
route outside 61.156.0.0 255.255.0.0 网通网关 1
route outside 61.148.0.0 255.254.0.0 网通网关 1
route outside 61.139.128.0 255.255.192.0 网通网关 1
route outside 61.138.128.0 255.255.192.0 网通网关 1
route outside 61.138.64.0 255.255.192.0 网通网关 1
route outside 61.138.0.0 255.255.192.0 网通网关 1
route outside 61.137.128.0 255.255.128.0 网通网关 1
route outside 61.136.64.0 255.255.192.0 网通网关 1
route outside 61.135.0.0 255.255.0.0 网通网关 1
route outside 61.134.96.0 255.255.224.0 网通网关 1
route outside 61.133.0.0 255.255.128.0 网通网关 1
route outside 61.55.0.0 255.255.0.0 网通网关 1
route outside 61.54.0.0 255.255.0.0 网通网关 1
route outside 61.52.0.0 255.254.0.0 网通网关 1
route outside 61.48.0.0 255.252.0.0 网通网关 1
route outside 60.220.0.0 255.252.0.0 网通网关 1
route outside 60.216.0.0 255.254.0.0 网通网关 1
route outside 60.208.0.0 255.248.0.0 网通网关 1
route outside 60.31.0.0 255.255.0.0 网通网关 1
route outside 60.24.0.0 255.248.0.0 网通网关 1
route outside 60.16.0.0 255.248.0.0 网通网关 1
route outside 60.13.128.0 255.255.128.0 网通网关 1
route outside 60.13.0.0 255.255.192.0 网通网关 1
route outside 60.12.0.0 255.255.0.0 网通网关 1
route outside 60.10.0.0 255.255.0.0 网通网关 1
route outside 60.8.0.0 255.254.0.0 网通网关 1
route outside 60.0.0.0 255.248.0.0 网通网关 1
route inside 192.168.0.0 255.255.255.0 192.1.5.1 1
route inside 192.168.3.0 255.255.255.0 192.1.5.1 1
route inside 192.168.4.0 255.255.255.0 192.1.5.1 1
route inside 192.168.1.0 255.255.255.0 192.1.5.1 1
route gov 21.0.0.0 255.0.0.0 21.36.255.1 1
route ct 0.0.0.0 0.0.0.0 电信网关 1 track 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute

sla monitor 123
type echo protocol ipIcmpEcho 某一可信IP interface outside
num-packets 3
frequency 10
!
sla monitor schedule 123 life forever start-time now
!
track 1 rtr 123 reachability

telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 ct
ssh timeout 60
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
Cryptochecksum:38caa994b55d5b8bf627a1e972ed56ee
: end

注明:以上配置未经测试..目的是保证部分网通站点做网通线路,其余走电信,实现负载,并且两条线路实现故障倒换.
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 09:08 , Processed in 0.191264 second(s), 17 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表