移动光纤专线,panabit标准版,怎样设置wan口跟,路由策略呢
syslog direct None!
hostname xxxxxx
ixpset wan 3
no mirror-ports
!
ip domain proxy enable
!
!
sample_stat interval 1800
!
!
gbsc enable
gbsc group 23zx
range 10.0.1.2 10.0.1.100
!
gbsc group default
!
gbsc qos FastEthernet0/0
set-isp-bw 4000000 20000000
set-smtctrl-percent 60
!
gbsc add-to-blacklist 10.0.1.34
gbsc pushto mode text
gbsc filter-url enable
gbsc filter-url mode forbid
no gbsc filter-key enable
gbsc record-filter-url enable
gbsc push-filter-notify enable
gbsc filter url 111.13.179.200
gbsc filter url aliyun.com
gbsc filter url osfota.cdn
gbsc app-ctrl priority onlinegames all
no gbsc app-ctrl drop onlinegames all
!
arp attack-detect syslog
!
!
!
aaa authentication login default local-case
aaa authentication enable default none
aaa authentication ppp default local
aaa authorization network bindip local
!
username xxxxx password 0 xxxxx privilege 8
!
!
!
crypto isakmp key 0 123456 address 0.0.0.0 0.0.0.0
crypto isakmp policy 1
authentication pre-share
hash md5
!
crypto ipsec transform-set TS_TP0_1 esp-3des esp-md5-hmac
!
crypto dynamic-map DYN_TP0_1 1
set transform-set TS_TP0_1
Insert access-list extended NAT_WAN0_LIST rule deny
!
crypto map IPSEC_TUNNEL_TP0 1 ipsec-isakmp dynamic DYN_TP0_1
!
!
!
!
!
interface Loopback0
ip address 223.100.200.213 255.255.255.255
no ip directed-broadcast
ip http firewalltype 1
!
interface Virtual-template10
no ip address
no ip directed-broadcast
ip http firewalltype 1
!
interface FastEthernet0/0
ip address 10.62.200.114 255.255.255.252
no ip directed-broadcast
ip nat outside
ip fast-switch enable
ip http firewalltype 1
crypto map IPSEC_TUNNEL_TP0
!
interface FastEthernet0/1
ip address 10.0.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
ip fast-switch enable
ip http firewalltype 0
!
ip route default 10.62.200.113
!
snmp-server community 0 LNJk2011 RO
snmp-server host 211.137.32.212 LNJk2011 authentication configure snmp
snmp-server trap-source Loopback0
snmp-server source-addr 223.100.200.213
!
ip access-list standard 1
permit 10.0.1.1 255.255.255.0
!
ip access-list extended dmz
permit udp 10.0.1.200 255.255.255.255 eq 9300 any
permit udp 10.0.1.200 255.255.255.255 eq 9101 any
permit udp 10.0.1.200 255.255.255.255 eq 9100 any
!
ip access-list extended FIREWALL_LIST_BIND0
permit ip any any
!
!
!
vpdn enable
!
ip dhcpd pool 1
network 10.0.1.0 255.255.255.0
range 10.0.1.2 10.0.1.254
default-router 10.0.1.1
dns-server 123.125.81.6 114.114.114.114
ip dhcpd enable
!
ip http ispmode 1
ip http server
ip http port 80
ip http language chinese
no ip http limit-outside enable
ip http timeout 10
ip http set-name-value 0
!
no ip proxy enable
!
ip upnp enable
!
time-zone tz 8 0
!
ip nat anti-netsniper enable
ip nat service privateservice
ip nat pool 1 223.100.200.213 223.100.200.213 255.255.255.255
ip nat inside source list 1 pool 1 overload
ip nat inside source list 2 pool 2 overload 问题已经解决
参照
魏晋R1重大更新——NAT地址池
http://forum.panabit.com/thread-12273-1-1.html
页:
[1]