组网图如下:
LLB,外网口1/0/1绑定VPN实例HK,内网口不做绑定,属于public;192.168.0.1 telnet 1.1.1.2,中间路由和策略打通
#
nqa template icmp test
vpn-instance HK
#
interface GigabitEthernet1/0/0
port link-mode route
combo enable copper
ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip binding vpn-instance HK
ip address 1.1.1.1 255.255.255.0
#
#
security-zone name Trust
import interface GigabitEthernet1/0/0
#
security-zone name HK
import interface GigabitEthernet1/0/1
#
ip route-static 1.1.1.0 24 vpn-instance HK 1.1.1.2
ip route-static vpn-instance HK 192.168.0.1 32 10.0.0.1 public
#
acl advanced 3333
rule 0 permit ip
#
loadbalance link-group wai
transparent enable
probe test
#
loadbalance class client type link-generic match-any
match 1 acl 3333
#
loadbalance action client type link-generic
link-group wai
#
loadbalance action default type link-generic
forward all
#
loadbalance policy llb type link-generic
class client action client
default-class action default
#
virtual-server llb type link-ip
virtual ip address 0.0.0.0 0
lb-policy llb
service enable
#
loadbalance link wai
router ip 1.1.1.2
link-group wai
probe test
vpn-instance HK
#
security-policy ip
#
security-policy ip
rule 0 name 00
action pass
vrf HK
source-zone local
destination-zone HK
source-ip-host 1.1.1.1
destination-ip-host 1.1.1.2
rule 1 name 11
action pass
source-zone trust
destination-zone HK
source-ip-host 192.168.0.1
destination-ip-host 1.1.1.2
#
注意VPN实例配置的方向
注意链路下不在配置继承,需要和外网口保持一致
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作