Cisco2911双线接入 策略路由web服务器双线访问

环境：电信、联通都是10M光纤接入，固定IP：

电信：121.x.x.x

联通：58.x.x.x域名在DNSPOD上做双线解析（电信为默认线路，）;内网有一台web服务器需要发布到公网；现在一台Cisco2911K9路由器3个GBLAN口内网只有一个网段/24实现结果：内网用户能正常通过2个出口上网（负载或冗余）外网用户访问web服务器：-、联通用户访问走联通线路（收集了800多条联通的路由条目）

二、电信和其他任何运营商线路都走电信线路.下面是配置：version15.1servicetimestampsdebugdatetimemsec

servicetimestampslogdatetimemsec

noservicepassword-encryption!hostnameRouter!boot-start-markerboot-end-marker!!enablesecret5$1$KEex$6XEpUd1oJbZAXjD7LXJok1!noaaanew-modelclocktimezoneGMT80

noipv6cef

ipsource-routeipcef

noipdomainlookup

multilinkbundle-nameauthenticated!!cryptopkitokendefaultremovaltimeout0!!licenseudipidCISCO2911/K9snFGLXXXXXXX!!usernameXXXXXsecret5$1$rqjo$xx8MyKYj186xrUeD4CUZ2.interfaceGigabitEthernet0/0

ipaddress192.168.0.X

ipnatinside

ipvirtual-reassemblyin

duplexauto

speedauto

!interfaceGigabitEthernet0/1

ipaddress121.x.x.x48

ipnatoutside

ipvirtual-reassemblyin

duplexauto

speedauto

!interfaceGigabitEthernet0/2

ipaddress58.x.x.x48

ipnatoutside

ipvirtual-reassemblyinduplexauto

speedauto

!ipforward-protocolnd

!noiphttpservernoiphttpsecure-server

!ipnattranslationtcp-timeout300ipnattranslationudp-timeout30ipnattranslationsyn-timeout30ipnattranslationicmp-timeout30ipnatpoolpool-telecom121.x.x.113121.x.x.117netmask48

ipnatpoolpool-unicom58.x.x.258.x.x.5netmask48ipnatsourcestatictcp54801858.x.x.x8018extendableipnatsourcestatictcp548018121.x.x.x8018extendable

ipnatinsidesourceroute-maptelecompoolpool-telecomoverloadipnatinsidesourceroute-mapunicompoolpool-unicomoverloadipnatinsidesourcestatictcp472158.x.x.x21extendable

ipnatinsidesourcestatictcp518058.x.x.x80extendableipnatinsidesourcestatictcp54202058.x.x.x2020extendableipnatinsidesourcestatictcp54801858.x.x.x8018extendableipnatinsidesourcestatictcp51801958.x.x.x8019extendableipnatinsidesourcestatictcp46808058.x.x.x8080extendableipnatinsidesourcestatictcp4721121.x.x.x21extendableipnatinsidesourcestatictcp5180121.x.x.x80extendableipnatinsidesourcestatictcp542020121.x.x.x2020extendableipnatinsidesourcestatictcp548018121.x.x.x8018extendableipnatinsidesourcestatictcp518019121.x.x.x8019extendableipnatinsidesourcestatictcp468080121.x.x.x8080extendableiproute121.x.x.118iproute58.x.x.150iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1 800多路由条目

access-list2001permitip55any

route-mapunicompermit10

matchipaddress2001

matchinterfaceGigabitEthernet0/2

setipnext-hop58.x.x.1

!route-maptelecompermit10

matchipaddress2001

matchinterfaceGigabitEthernet0/1

setipnext-hop121.x.x.118

control-plane

!

!linecon0

loggingsynchronous

loginlocallineaux0linevty04

loggingsynchronous

loginlocal

transportinputall

!schedulerallocate200001000

endRouter#现在结果：1.内网用户可以正常上网，通过电信、联通都可以出去2.电信用户、联通用户通过自己运营商的DNS服务器来解析我的网站，正常访问遇到的问题：一、其它非电信、非联通的运营商可能会用到联通的DNS服务器来解析我的网站，从而就解

析到我的联通ip,造成的结果是，用户从联通接口进来，出去时就走电信线路了，造成不能

访问网站的情况。该如何解决？二、还有更坑爹的是：有的用户是电信线路，用的是联通dns解析；有的是联通用户，用电信DNS解析。这样解析出来的地址刚好是交叉的，也不能访问，（真遇到过这样的复杂的用户：小区物业电信、联通宽带叠加，不知道搞了什么策略，联通线路有时出口解析时用到电信DNS解析的）这又该如何解决？纠结啊 以上2个问题该如何解决，还忘各位高手鼎力相助，谢谢！！！！！！！该问题已经解决!详情请看12楼！！！！！问题最终解决，下面是我的配置web服务器添加双^，双ip80端口分别映射到不同线路，然后用策略路由，指定双IP出去公网的数据到不同ip,即可！下面是配置信息Router#showrunnCurrentconfiguration:42687bytes!!Noconfigurationchangesincelastrestartversion15.1servicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecnoservicepassword-encryption!hostnameRouter!boot-start-markerboot-end-marker!!enablesecret5$1$KEex$6XEpUd1oJbZAXjD7LXJok1!noaaanew-modelclocktimezoneGMT80!noipv6cefipsource-routeipcefnoipdomainlookupmultilinkbundle-nameauthenticated!!cryptopkitokendefaultremovaltimeout0!!licenseudipidCISCO2911/K9snFGLXXXXXX!!usernameXXXXsecret5$1$rqjo$xx8MyKYj186xrUeD4CUZ2.interfaceGigabitEthernet0/0ipaddressipnatinsideipvirtual-reassemblyinip policy route-mapPBR-WWW a1duplexautospeedauto!interfaceGigabitEthernet0/1ipaddress121.x.x.11648ipnatoutsideipvirtual-reassemblyinduplexautospeedauto!interfaceGigabitEthernet0/2ipaddress58.x.x.448ipnatoutsideipvirtual-reassemblyinduplexautospeedauto!ipforward-protocolnd!noiphttpservernoiphttpsecure-server!ipnattranslationtcp-timeout300ipnattranslationudp-timeout30ipnattranslationsyn-timeout30ipnattranslationicmp-timeout30ipnatpoolpool-telecom121.x.x.113121.x.x.117netmask48ipnatpoolpool-unicom58.x.x.2 58.x.x.5netmaskTOC\o"1-5"\h\z48 a2ipnatinsidesourceroute-maptelecompoolpool-telecomoverloadipnatinsidesourceroute-mapunicompoolpool-unicomoverload a3ipnatinsidesourcestatictcp508058.x.x.480extendableipnatinsidesourcestatictcp51 80 121.x.x.116 80extendable a4iproute121.x.x.118ip route 58.x.x.1 50 a5iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1

iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1iproute58.x.x.1 800[/url] 多条联通网段 a6iproute58.x.x.1iproute58.x.x.1!ipaccess-listextendedCNC-250permitiphost50anyipaccess-listextendedTEL-251permitany----a7iphost51access-list2001permitpermitany----a7iphost51access-list2001permitip55a8anyroute-mapunicompermit10[/url]a8matchipaddress2001matchinterfaceGigabitEthernet0/2setipnext-hop58.x.x.1!route-maptelecompermit10matchipaddress2001matchinterfaceGigabitEthernet0/1set ipnext-hop121.x.x.118 a9!route-mapPBR-WWWpermit10[/url]matchipaddressTEL-251matchinterfaceGigabitEthernet0/1setipnext-hop121.x.x.118!route-mapPBR-WWWpermit20matchipaddressCNC-250matchinterfaceGigabitEthernet0/2set ipnext-hop58.x.x.1 a10control-planelinecon0loggingsynchronouslineaux0linevty0