Proxy router configuration scheme in LAN

Many users may not understand the router configuration, so I have studied the proxy router configuration scheme in the LAN. I will share it with you here, hoping it will be useful to you. With the rapid development of network technology, more and more ways are available for enterprises and institutions to access INTERNET shared resources. In most cases, ddnleased lines are widely used with their stable performance and good scalability, DDN connection is simple in terms of hardware requirements. Only one router (router) and the proxy server (proxyserver) are required, however, the system router configuration is a tough problem for many network administrators.

1. configure a router to access INTERNET resources directly through a vro

1. Overall Ideas and device Connection Methods

10.0.0.0/8:10. 0.0.0 ~ 10.20.255.255
172.16.0.0/12: 172.16.0.0 ~ 172.31.255.255
192.168.0.0/16: 192.168.0.0 ~ 192.168.255.255

Under normal circumstances, when a workstation inside the Organization directly uses a route for external access, it will be filtered out by the router because the workstation uses a reserved address on the Internet, as a result, Internet resources cannot be accessed. The solution to this problem is to use the NATNetworkAddressTranslation provided by the routing operating system to convert private addresses on the Intranet to valid addresses on the Internet, this allows users with invalid IP addresses to access the Internet through NAT. In this way, you do not need to configure a proxy server to reduce investment, save valid IP addresses, and improve the security of the internal network.

NAT has two types: Single mode and global mode. The NAT single mode maps many local LAN hosts into an Internet address just like its name. All hosts in the LAN are regarded as Internet users for External Internet networks. The host in the local LAN continues to use the local address.

In the global mode of NAT, the router interface maps many local LAN hosts into an IP address pool with a certain Internet address range ). When the local host port is connected to a host on the Internet, an IP address in the IP address pool is automatically assigned to the local host. After the connection is interrupted, the dynamically assigned IP address is released, the released IP address can be used by other local hosts. The following uses the network environment of our Organization as an example to list the router configuration methods and processes for your reference. Our company uses China Unicom Optical Cable V.35) to access the INTERNET. The router is CISCO2610 and the LAN uses the INTEL550 M switch. China Unicom provides us with the following four IP addresses:

211.90.137.25255.255.255.252) Wan port used for the local Router
211.90.137.2620.0000252) port used for peer connection
211.90.139.41255.20.252) at your disposal
211.90.139.42255.255.255.252) for your own control

2. router configuration

All workstations in the school are connected to the vswitch, And the vro is also connected to the internal vswitch through the Ethernet port. The Ethernet port on the vro uses the internal private address, two valid IP addresses allocated by China Unicom are used at both ends of the optical fiber. In this connection mode, you only need to set NAT inside the vro to allow all workstations within the organization to access INTERNTE. On each workstation, you only need to set the gateway to the Ethernet port 192.168.0.3 of the vro) you can access the Internet without having to set up a proxy, and save two valid IP addresses for your own freedom to control, such as setting up your own WEB and E-MAIL servers ). But there are also disadvantages: you cannot enjoy the CACHE service provided by the proxy server to speed up access. Therefore, this vro configuration scheme is suitable for a small number of workstation units. You can use the two methods described later when the number of workstation units is large. The vro configuration is as follows:

3. workstation configuration

Static IP addresses are required. You must set the IP address in the TCP/IP attribute and the Ethernet IP address of the 192.168.0.3 router, no special settings are required in Web browsers and other online tools.

2. router configuration for accessing INTERNET resources through a proxy server

The proxy server can be used to access INTERNET resources. The advantage is that the CACHE service provided by the proxy server can be used to improve INTERNET access speed and efficiency. It is suitable for use in units with a large number of workstations. The disadvantage is that a dedicated computer is needed as the proxy server, which increases the investment cost. In addition, the first method requires two more valid IP addresses, and the network security is not high. This solution is used to access the Internet. The device connection method is as follows: install two NICs on the proxy server, one is connected to the Intranet, and the other is connected to the Ethernet port of the router, set the valid IP address allocated by China Unicom to 211.90.139.42), set the gateway to 211.90.139.41, and vro Ethernet to 211.90.139.41. In this way, after the device is connected, install the agent software on the proxy server, and set a proxy on the workstation to access the INTERNET.