Topología:
Datos: Lans en RT-LAB-02: 192.168.10.0/24, 192.168.20.0/24 Red de transito entre RT-LAB-01 y RT-LAB-02: 2.2.2.0/29 Segmentos Públicos: 172.16.20.0/24, 172.16.21.0/24
El objetivo es que 192.168.10.0/24 salga por RT-ISP1-01 y 192.168.20.0/24 salga por RT-ISP2-01 para testear que sea así, al finalizar la configuración utilizamos el comando “traceroute”
Configuración en RT-LAB-01:
!
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! no ip domain lookup ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 ip address 172.16.20.1 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 ip address 172.16.21.1 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1/0 ip address 2.2.2.2 255.255.255.252 ip nat inside ip virtual-reassembly ip policy route-map isp1 speed auto half-duplex ! ip forward-protocol nd ip route 192.168.10.0 255.255.255.0 2.2.2.1 ip route 192.168.20.0 255.255.255.0 2.2.2.1 ! no ip http server no ip http secure-server ip nat inside source list 10 interface FastEthernet0/0 overload ip nat inside source list 20 interface FastEthernet0/1 overload ! access-list 1 remark isp1 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 2 remark isp2 access-list 2 permit 192.168.20.0 0.0.0.255 access-list 10 remark NAT_ISP-01 access-list 10 permit 192.168.10.0 0.0.0.255 access-list 20 remark NAT_ISP-02 access-list 20 permit 192.168.20.0 0.0.0.255
!
route-map isp1 permit 10 match ip address 1 match interface FastEthernet0/0 set ip next-hop 172.16.20.2 ! route-map isp1 permit 20 match ip address 2 match interface FastEthernet0/1 set ip next-hop 172.16.21.2 ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Configuración en RT-LAB-02:
!
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! no ip domain lookup ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface Loopback0 ip address 192.168.10.1 255.255.255.0 ! interface Loopback1 ip address 192.168.20.1 255.255.255.0 ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/1 ip address 2.2.2.1 255.255.255.252 speed auto half-duplex ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 2.2.2.2 ip route 10.10.10.0 255.255.255.0 2.2.2.2 ip route 172.16.20.0 255.255.255.0 2.2.2.2 ip route 172.16.21.0 255.255.255.0 2.2.2.2 ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end
Testeamos con traceroute:
RT-LAB-02#traceroute 10.10.10.3 source lo0
Type escape sequence to abort. Tracing the route to 10.10.10.3
1 2.2.2.2 64 msec 40 msec 28 msec 2 172.16.20.2 76 msec 68 msec 32 msec 3 10.10.10.3 72 msec 68 msec 68 msec
RT-LAB-02#traceroute 10.10.10.3 source lo1
Type escape sequence to abort. Tracing the route to 10.10.10.3
1 2.2.2.2 52 msec 20 msec 36 msec 2 172.16.21.2 104 msec 28 msec 36 msec 3 10.10.10.3 52 msec 84 msec 100 msec
Comments