1. Simple topology diagram
Line import------line entrance (my room core switch)------My server terminal assigned IP
101.251.65.33 101.251.65.34 |
| IP route 101.230.0.0 255.255.0.0 nextop 101.251.65.33
Dedicated router
2. Border Routing 3945 configuration
Define inside ports and zones (My Computer room intranet interface)
Define the outside port and region (My computer room outside the network interface, is also the interface of the line access)
Access-list 1 Permit 10.1.11.0 0.0.0.255 (allow intranet segment as leased line to access my server Intranet segment Nat/pat)
IP nat inside source List 1 interface GIGABITETHERNET0/2 overload (port multiplexing via extranet interface)
IP nat inside source static TCP 10.1.11.4 12346 10.251.65.34 12346 (map access to the extranet IP so that the 101.230 segments assigned by the mobile terminal can access our intranet address and port directly)
IP route 10.230.0.0 255.255.0.0 10.251.65.33 (Specifies the next hop route for the access terminal to assign an address segment)
3. Firewall configuration
Bank for access line import
Access-list Zhuanxian Extended permit IP any any
Route Zhuanxian 10.10.12.0 (This is the ingress segment of the border router) 255.255.255.0 10.10.11.2 (intermediate device port address routed by boundary)
Route Zhuanxian 101.230.0.0 255.255.0.0 10.10.11.2 (access to leased line peer-to-peer routing configuration)
Mobile DDN Line and Unicom SDH special line access router and firewall configuration example