出口设备有Internet1和Internet2两个出口,互联接口G0/0、G0/2、G5/0属于instance 10,G0/1属于instance 20;
目前需要为PC2指定出口,从instance20出去;
选路需要使用PBR指定下一跳;
PC2往外发包可以使用PBR跨越VPN实例指定下一跳到外网;
外网回包需要注意此时包是先经过出口的NAT转换完成,进而才会命中PBR,故回包仍然可以使用PBR匹配,同时也可以使用明细路由;
配置如下:
#
acl advanced 3000
rule 5 permit ip vpn-instance 10 source 3.3.3.2 0
#
acl advanced 3001
rule 5 permit ip vpn-instance 20 destination 3.3.3.2 0
#
policy-based-route 1 permit node 10
if-match acl 3000
apply next-hop vpn-instance 20 4.4.4.1
#
policy-based-route 2 permit node 10
if-match acl 3001
apply next-hop vpn-instance 10 3.3.3.2
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip binding vpn-instance 10
ip address 1.1.1.2 255.255.255.0
nat outbound
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip binding vpn-instance 20
ip address 4.4.4.2 255.255.255.0
nat outbound
ip policy-based-route 2
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
ip binding vpn-instance 10
ip address 3.3.3.1 255.255.255.0
ip policy-based-route 2
#
或者G0/1不调用策略路由,直接在全局加上
ip route-static vpn-instance 20 3.3.3.2 0 vpn-instance 10 3.3.3.2
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作