市局有一台服务器地址为172.15.242.2,只允许我局交换机S5500的10.96.189.0这个网段去访问,然后我想我单位的内网192.168.4.0这个网段可以直接访问,请问一下有什么方法。
S5500配置:
#
interface LoopBack0
ip address 172.29.33.235 255.255.255.255
#
interface LoopBack1
ip address 80.23.8.2 255.255.255.255
#
interface Vlan-interface100
ip address 80.16.1.2 255.255.255.252
#
interface Vlan-interface300 description Office LAN
ip address 10.96.189.254 255.255.255.128
#
interface Vlan-interface350 description Server LAN
ip address 10.96.189.126 255.255.255.128
#
interface Vlan-interface400 description TO_SiHui_MS3040-G0/1
ip address 172.29.34.74 255.255.255.252
#
interface Vlan-interface2906
ip address 80.23.8.1 255.255.248.0
#
interface GigabitEthernet1/0/1 port access vlan 400
#
interface GigabitEthernet1/0/2 port access vlan 300
#
interface GigabitEthernet1/0/3 description to MSR20-20
port access vlan 100
#
interface GigabitEthernet1/0/4 description to-user-fw
#
interface GigabitEthernet1/0/25 description to-osn1500-huiju
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/27 description to PTN6200-huiju
#
interface GigabitEthernet1/0/28 description to PTN6200-huiju
port link-type trunk
port trunk permit vlan all
#
ospf 313 router-id 172.29.33.235
import-route direct
import-route static
area 0.0.0.114
network 172.29.33.235 0.0.0.0
network 172.29.34.72 0.0.0.3
network 10.96.189.0 0.0.0.255
#
ip route-static 80.23.1.0 255.255.255.0 80.16.1.1
MSR20-20配置:
nat address-group 1 80.23.1.0 80.23.1.253
nat address-group 2 10.96.181.211 10.96.181.211
#
acl number 2999
rule 5 permit source 192.168.4.0 0.0.0.255
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.255.255 acl number 3001
#
interface Ethernet0/0 port link-mode route description to-5500-0/3
nat outbound 3000 address-group 1
nat outbound 2999 address-group 2
ip address 80.16.1.1 255.255.255.252
#
interface Ethernet0/1 port link-mode route description to-user
ip address 80.16.2.1 255.255.255.252
undo dhcp select server global-pool
dns server 202.96.128.86
dns server 202.96.128.166
#
ip route-static 0.0.0.0 0.0.0.0 80.16.1.2
ip route-static 192.168.0.0 255.255.0.0 80.16.2.2
拓扑图
(0)
最佳答案
外网访问内网服务器配置nat server,限制访问源可以在nat server后加acl
(0)
对端我没办法控制的,只能在我20-20改
可以把MSR20-20到S5500的地址改成10.96.189.X不?
(0)
不可以,他本身已经有业务在用了
80.16.1.X段只起到连接这两个设置的作用,其它地方没有用到,可以改的
我把地址改成了这个网段还是不行
当然还要改路由: ip route-static 80.23.1.0 255.255.255.0 80.16.1.1和 ip route-static 0.0.0.0 0.0.0.0 80.16.1.2
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明