组网图如下:
LLB,内网口1/0/0绑定VPN实例HK,外网口绑定HG,192.168.0.1 telnet 1.1.1.2,中间路由和策略打通
#
ip vpn-instance HG
#
ip vpn-instance HK
#
nqa template icmp test
vpn-instance HG
#
interface NULL0
#
interface GigabitEthernet1/0/0
port link-mode route
combo enable copper
ip binding vpn-instance HK
ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip binding vpn-instance HG
ip address 1.1.1.1 255.255.255.0
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
security-zone name HG
import interface GigabitEthernet1/0/1
#
security-zone name HK
import interface GigabitEthernet1/0/0
#
scheduler logfile size 16
#
ip route-static vpn-instance HK 1.1.1.0 24 vpn-instance HG 1.1.1.2
ip route-static vpn-instance HG 192.168.0.1 32 vpn-instance HK 10.0.0.1
#
info-center loghost 127.0.0.1 port 3301 format default
info-center source CFGLOG loghost level informational
#
acl advanced 3333
rule 0 permit ip
#
loadbalance link-group wai
transparent enable
probe test
#
loadbalance class client type link-generic match-any
match 1 acl 3333
#
loadbalance action client type link-generic
link-group wai
#
loadbalance action default type link-generic
forward all
#
loadbalance policy llb type link-generic
class client action client
default-class action default
#
virtual-server llb type link-ip
vpn-instance HK
virtual ip address 0.0.0.0 0
lb-policy llb
service enable
#
loadbalance link wai
router ip 1.1.1.2
link-group wai
probe test
vpn-instance HG
inherit vpn-instance disable
#
security-policy ip
rule 0 name 00
action pass
vrf HK
source-zone HK
destination-zone HG
source-ip-host 192.168.0.1
destination-ip-host 1.1.1.2
rule 1 name 11
action pass
vrf HG
source-zone local
destination-zone HG
source-ip-host 1.1.1.1
destination-ip-host 1.1.1.2
注意VPN实例配置的方向
注意链路下不在配置继承,需要和外网口保持一致
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作