Есть cisco 3620:
fa 1/0 - смотрит в другую циску (3725, ip 10.1.2.1), с которой идут пользователи с адресами 10.1.3.х
Serial1/0:0 - смотрит в интернет, куда этих пользователей надо выпустить через НАТ.Вроде все стандартно:
interface FastEthernet1/0
description To Local
ip address 10.1.2.2 255.255.255.252
ip nat inside
speed 10
half-duplex
!
interface Serial1/0:0
description To Inet
ip address 94.25.10.94 255.255.255.252
ip nat outside
no fair-queue
!
ip nat inside source route-map nat_to_rt2 interface Serial1/0:0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 94.25.10.93 100
ip route 10.1.3.0 255.255.255.0 10.1.2.1
no ip http server
!
access-list 100 permit ip 10.1.3.0 0.0.0.255 any log
access-list 100 deny ip any any log
no cdp run
route-map nat_to_rt2 permit 10
match ip address 100
Но не работает: с пользователя пингуется 94.25.10.94, но не дальше, т.е. уже 94.25.10.93 недоступен.
Команда
sh ip nat tr
показывает пустую таблицу трансляций.
Пробовал вариант:
route-map nat_to_rt2 permit 10
match ip address 100
set ip default next-hop 94.25.10.93
Результат тот же. :(
Немножко диагностики:
c3620#sh access-lists
Extended IP access list 100
permit ip 10.1.3.0 0.0.0.255 any log
deny ip any any log (560 matches)
c3620#sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 243 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 374 message lines logged
Log Buffer (4096 bytes):
*Mar 2 12:19:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 210.55.78.120(0), 1 packet
*Mar 2 12:21:52 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:21:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.145.89(0), 3 packets
*Mar 2 12:22:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.6.238(0), 3 packets
*Mar 2 12:23:19 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 200.87.106.34(0), 1 packet
*Mar 2 12:23:40 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 87.226.191.1(0), 1 packet
*Mar 2 12:24:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.136.153(0), 3 packets
*Mar 2 12:25:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 210.55.78.120(0), 4 packets
*Mar 2 12:26:34 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:26:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.145.89(0), 3 packets
*Mar 2 12:27:05 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:27:47 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 94.25.10.94 (0/0), 1 packet
*Mar 2 12:27:49 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 94.25.10.93 (0/0), 1 packet
*Mar 2 12:28:00 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 195.54.2.1 (0/0), 1 packet
*Mar 2 12:28:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 87.226.191.1(0), 35 packets
*Mar 2 12:28:58 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 85.113.253.126 (0/0), 1 packet
*Mar 2 12:29:34 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:30:42 CHE: %SEC-6-IPACCESSLOGP: list 100 denied udp 94.25.10.94(0) -> 87.226.191.5(0), 1 packet
*Mar 2 12:31:00 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.2.218(0), 1 packet
*Mar 2 12:31:01 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:31:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.145.89(0), 3 packets
*Mar 2 12:32:01 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
*Mar 2 12:32:57 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 94.25.10.93 (0/0), 4 packets
*Mar 2 12:33:57 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 195.54.2.1 (0/0), 4 packets
*Mar 2 12:34:57 CHE: %SEC-6-IPACCESSLOGDP: list 100 denied icmp 94.25.10.94 -> 85.113.253.126 (0/0), 1 packet
*Mar 2 12:35:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied udp 94.25.10.94(0) -> 87.226.191.5(0), 4 packets
*Mar 2 12:36:57 CHE: %SEC-6-IPACCESSLOGP: list 100 denied tcp 94.25.10.94(0) -> 94.25.145.89(0), 3 packets
*Mar 2 12:39:05 CHE: %SYS-5-CONFIG_I: Configured from console by andrei on vty0 (10.1.2.1)
Прочитал несколько веток форума по этой теме. Вроде все так, но... Подскажите - чего не учел? Заранее благодарен за советы.