思科实战之采用isdn备份DDN时，NAT的处理

线路备份都是在几秒内完成的，但相对的NAT time-out的时间至少有5分钟，在这5分钟内，整个网络都是无法访问的，可以通过设置NAT time-out来实现，但太小的time-out轻易导致更重的网络负载。这个问题可以通过route-map配合nat来实现。

这个试验采用一个串口代替isdn拨号端口。双静态路由代替dynamic routing来实现。其中需要转换的源地址可以定义ACLs进行取代。

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service passWord-encryption

!

hostname r2514

!

enable secret 5 $1$EkUC$WUTRmsOG.bMfJ7AwcUpur0

enable password cisco

!

ip subnet-zero

no ip domain-lookup

!

!

!

interface Ethernet0

ip address 192.168.1.222 255.255.255.0

no ip directed-broadcast

ip nat inside

no ip mroute-cache

!

interface Ethernet1

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

!

interface Serial0

ip address 172.16.10.2 255.255.255.252

no ip directed-broadcast

ip nat outside

encapsulation ppp

no ip mroute-cache

clockrate 125000

!

interface Serial1

ip address 172.16.20.2 255.255.255.252

no ip directed-broadcast

ip nat outside

no ip mroute-cache

!

ip nat inside source route-map bak-nat interface Serial1 overload

ip nat inside source route-map bck-nat interface Serial0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.10.1

ip route 0.0.0.0 0.0.0.0 172.16.20.1 2

!

logging trap debugging

logging 192.168.1.119

Access-list 12 permit 192.168.1.222

route-map bck-nat permit 10

match interface Serial0

!

route-map bak-nat permit 20

match interface Serial1

!

snmp-server community public RO

!

line con 0

transport input none

line aux 0

line vty 0 4

password cisco

login

!

end