Dakle, veza je tipa:
LAN 192.168.100.0----R1----Frame relay---R2---LAN 10.202.4.0---PIX(VPN)------>serveri
Potrebno je da hostovi sa mreze 192.168.100.0 (putem frame relay) pristupe mrezi 10.202.4.0 a odatle preko VPN ka serverima. E sad, problem je sto na VPN mogu da izadju samo adrese iz opsega 10.202.4.0/24, Sto znaci da bih mora svaki zahtev sa 192.168.100.0 mreze nekako NAT-ovati na 10.202.4.0 mrezu.
Na kom ruteru to raditi (R1 ili R2) i kako to da izvedem, nisam nacisto sa komandama ip nat outside(inside) source(destination) - deluje mi zbunjujuce u mom slucaju. Ako neko moze neka mi napise konfig
Uradio sam sledece ali tu nesto ne valja.
Code:
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 10.202.4.8 255.255.252.0
ip nat outside <-------------------
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 2000
ip address 10.1.10.1 255.255.255.0
ip nat inside <-------------------
encapsulation frame-relay IETF
frame-relay interface-dlci 100
frame-relay lmi-type ansi
!
ip classless
ip route 192.168.100.0 255.255.255.0 10.1.10.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool MOJNAT 10.202.4.20 10.202.4.23 netmask 255.255.255.0 <-------------------
ip nat outside source list 20 pool MOJNAT overload <-------------------
!
access-list 20 permit any <-------------------
access-list 23 permit 10.202.4.0 0.0.0.255
!
control-plane
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 10.202.4.8 255.255.252.0
ip nat outside <-------------------
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 2000
ip address 10.1.10.1 255.255.255.0
ip nat inside <-------------------
encapsulation frame-relay IETF
frame-relay interface-dlci 100
frame-relay lmi-type ansi
!
ip classless
ip route 192.168.100.0 255.255.255.0 10.1.10.2
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool MOJNAT 10.202.4.20 10.202.4.23 netmask 255.255.255.0 <-------------------
ip nat outside source list 20 pool MOJNAT overload <-------------------
!
access-list 20 permit any <-------------------
access-list 23 permit 10.202.4.0 0.0.0.255
!
control-plane
[ mod markom: code tagovi ]
[Ovu poruku je menjao markom dana 04.09.2007. u 11:44 GMT+1]