三层网络通过双网络出口发布网站方案(上)
一.本系统目前网络现状
服务器单独在vlan1, 4006配置了三层路由, vlan1地址10.10.10.249,所有VLAN通过PIX515做NAT 上网。 PIX 内部地址:10.10.10.1,服务器的网关均指向10.10.10.249。
4006三层配置(部分):
start--------------
interface Port-channel1.1
encapsulation dot1Q 2
ip address 10.10.10.249 255.255.255.0
no ip redirects
no ip directed-broadcast
ip pim sparse-mode
ip cgmp
!
interface Port-channel1.2
encapsulation dot1Q 10
ip address 10.10.11.1 255.255.255.0
ip helper-address 10.10.10.8
no ip redirects
no ip directed-broadcast
ip pim sparse-mode
ip cgmp
!
interface Port-channel1.3
encapsulation dot1Q 11
ip address 10.10.12.1 255.255.255.0
ip helper-address 10.10.10.8
no ip redirects
no ip directed-broadcast
ip pim sparse-mode
ip cgmp
!
ip classless
ip route 0.0.0.0 0.0.0.0 211.45.90.1
------------------------------------over------------------------------------------
PIX配置(静态映射和路由部分):
----------------------------------static& conduit------------------------------
tatic (inside,outside) udp a.b.c.188 domain 10.10.10.9 domain netmask 255.255.255.255 0 0
static (inside,outside) tcp a.b.c.188 FTP 10.10.10.9 ftp netmask 255.255.255.255 0 0
static (inside,outside) tcp a.b.c.188 www 10.10.10.3 www netmask 255.255.255.255 0 0
static (inside,outside) tcp a.b.c.186 smtp 10.10.10.8 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp a.b.c.186 pop3 10.10.10.5 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp a.b.c.186 www 10.10.10.5 www netmask 255.255.255.255 0 0
conduit permit tcp host a.b.c.188 eq ftp any
conduit permit udp host a.b.c.188 eq domain any
conduit permit tcp host a.b.c.188 eq www any
conduit permit tcp host a.b.c.186 any
----------------------------------route chapter--------------------------------
route outside 0.0.0.0 0.0.0.0 a.b.c.129 1
route inside 10.10.11.0 255.255.255.0 10.10.10.249 1
route inside 10.10.12.0 255.255.255.0 10.10.10.249 1
route inside 10.10.13.0 255.255.255.0 10.10.10.249 1
-------------over-------------
PIX的outsie接联通的网络.
二、网络需求
因为联通网络不能提供足够的IP地址做所有服务器的发布.所以本单位决定再租用电信的一条链路来发布其他网站.如图所示.
请问这个系统应该怎么规划?