配置双WAN遇到的问题

latte

先上拓扑

这个做起来很麻烦，我把所以的show的贴上来，方便大家查看。

首先上拓扑现在做出来的结果是LAN1和LAN2可以PING通所有的接口，

但是我关闭ISP1的S1/0接口， 出现的问题是LAN1和LAN2都PING不通ISP1的回环口，

其他的接口还是可以PING通的。 开始我以为是模拟PC的路由开启了ip routing的原因，

但是后面我关闭了这个，加入了默认网关， 还是一样的效果，就是切换不过去，求解决办法？

还是GNS3就做不了route-map?
LAN1LAN1#show run
Building configuration...Current configuration : 774 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname LAN1
!
!
ip subnet-zero
!
!
no ip domain-lookup
ip domain-name lab.local
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!         
!         
!         
fax interface-type fax-mail
mta receive maximum-recipients 0
!         
!         
!         
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!         
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!         
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!         
!         
dial-peer cor custom
!         
!         
!         
!         
!         
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login   
!         
end  LAN2:LAN2#show run
Building configuration...Current configuration : 820 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname LAN2
!
!
ip subnet-zero
no ip routing
!
!
no ip domain-lookup
ip domain-name lab.local
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!         
!         
!         
!         
fax interface-type fax-mail
mta receive maximum-recipients 0
!         
!         
!         
interface FastEthernet0/0
ip address 192.168.2.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!         
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!         
ip default-gateway 192.168.2.1
ip classless
no ip http server
!         
!         
dial-peer cor custom
!         
!         
!         
!         
!         
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login   
!         
end

tea

关键配置在R3上，贴R3的配置

另，贴配置的时候，为了方便坛友排错，帖关键配置即可，否则看起来很DT  ：）

坐等

latte

NAT#show run
!         
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip policy route-map load
duplex auto
speed auto
!         
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip policy route-map load
duplex auto
speed auto
!         
interface Serial1/0
ip address 100.100.100.1 255.255.255.0
ip nat outside
serial restart-delay 0
!         
interface Serial1/1
ip address 200.200.200.1 255.255.255.0
ip nat outside
serial restart-delay 0
!         
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!         
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!         
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source route-map nat1 interface Serial1/0 overload
ip nat inside source route-map nat11 interface Serial1/1 overload
ip nat inside source route-map nat2 interface Serial1/1 overload
ip nat inside source route-map nat22 interface Serial1/0 overload
ip nat inside source route-map nat3 interface Serial1/0 overload
ip nat inside source route-map nat33 interface Serial1/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.100.100.2
ip route 0.0.0.0 0.0.0.0 200.200.200.2
no ip http server
!         
!         
ip access-list extended isp1
permit ip any 20.20.10.0 0.0.0.255
permit ip any 20.20.20.0 0.0.0.255
permit ip any 20.20.30.0 0.0.0.255
permit ip any 60.0.0.0 0.0.0.255
permit ip any 100.100.100.0 0.0.0.255
permit ip any 200.200.200.0 0.0.0.255
ip access-list extended isp2
permit ip any 220.220.1.0 0.0.0.255
permit ip any 220.220.2.0 0.0.0.255
permit ip any 220.220.3.0 0.0.0.255
permit ip any 60.0.0.0 0.0.0.255
permit ip any 100.100.100.0 0.0.0.255
permit ip any 200.200.200.0 0.0.0.255
access-list 1 permit 192.168.1.0
access-list 1 permit any
route-map load permit 10
match ip address isp1
set interface Serial1/0
set default interface Serial1/1
!         
route-map load permit 20
match ip address isp2
set interface Serial1/1
set default interface Serial1/0
!         
route-map nat2 permit 10
match ip address isp2
match interface Serial1/1
!         
route-map nat1 permit 10
match ip address isp1
match interface Serial1/0
!         
route-map isp3 permit 10
match ip address 1
match interface Serial1/0
!         
route-map isp33 permit 10
match ip address 1
match interface Serial1/1
!         
route-map nat11 permit 10
match ip address isp1
match interface Serial1/1
!         
route-map nat22 permit 10
match ip address isp2
match interface Serial1/0
!         

latte

ISP1#show run      
interface Loopback0
ip address 20.20.10.1 255.255.255.0
!         
interface Loopback1
ip address 20.20.20.1 255.255.255.0
!         
interface Loopback2
ip address 20.20.30.1 255.255.255.0
!         
interface Loopback4
ip address 6.6.6.6 255.255.255.0
!         
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!         
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!         
interface Serial1/0
ip address 100.100.100.2 255.255.255.0
shutdown
serial restart-delay 0
!         
interface Serial1/1
ip address 60.0.0.1 255.255.255.0
serial restart-delay 0
!         
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!         
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!         
router bgp 1
bgp log-neighbor-changes
network 20.20.10.0 mask 255.255.255.0
network 20.20.20.0 mask 255.255.255.0
network 20.20.30.0 mask 255.255.255.0
network 60.0.0.0 mask 255.255.255.0
network 100.100.100.0 mask 255.255.255.0
neighbor 60.0.0.2 remote-as 2
!         


ISP2#show run
!         
interface Loopback0
ip address 220.220.1.1 255.255.255.0
!         
interface Loopback1
ip address 220.220.2.1 255.255.255.0
!         
interface Loopback2
ip address 220.220.3.1 255.255.255.0
!         
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!         
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!         
interface Serial1/0
ip address 200.200.200.2 255.255.255.0
serial restart-delay 0
!         
interface Serial1/1
ip address 60.0.0.2 255.255.255.0
serial restart-delay 0
!         
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!         
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!         
router bgp 2
bgp log-neighbor-changes
network 60.0.0.0 mask 255.255.255.0
network 200.200.200.0
network 220.220.1.0
network 220.220.2.0
network 220.220.3.0
neighbor 60.0.0.1 remote-as 1

latte

tea 发表于 2012-10-8 17:16
关键配置在R3上，贴R3的配置

另，贴配置的时候，为了方便坛友排错，帖关键配置即可，否则看起来很DT  ： ...

好了，感谢及时回复，已经全部贴好，折腾了一下午。

感觉问题出在两个地方，一个是NAT，或ISP1和ISP2 BGP的配置

因为如果端口全部开启的话，全部都能PING通，

如果关闭ISP上S1/0口，则这台设备的环回口就PING不通，

但和另端ISP的接口可以PING通

bookpig

还有人进来排错不？

Jeff.

latte 发表于 2012-10-8 17:17
NAT#show run
!         
interface FastEthernet0/0

你的NAT设备配置NAT有问题：
1、ip nat inside source list 1 interface FastEthernet0/0 overload   你要转换的应该是outside接口，可是你转了inside了~
2、另外，你的isp1 ，isp2里面acl没有包含inside内部的地址~所以无法进行NAT转换~

完毕~

latte

Jeff. 发表于 2012-10-10 09:37
你的NAT设备配置NAT有问题：
1、ip nat inside source list 1 interface FastEthernet0/0 overload   你 ...

非常谢谢 我试试

latte

Jeff. 发表于 2012-10-10 09:37
你的NAT设备配置NAT有问题：
1、ip nat inside source list 1 interface FastEthernet0/0 overload   你 ...

其实这句话多余的，我把给去掉了，因为我下面已经写了permit any到目的。现在好了，不过后期还有一些还要测试，因为我关闭的是ISP 上的S1/0接口， 如果关闭NAT上的接口 是可以行通的，难道要像配HSRP那样配置跟踪么？后面我试下