Software company Development Network Environment Construction

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/61/wKiom1c-1ZTDeAOvAACySaakkdk723.png "style=" float: none; "title=" Image.png "alt=" Wkiom1c-1ztdeaovaacysaakkdk723.png "/>

One or one-way fiber multiple public IP settings

Company 192.168.1.0/24 subnet for server cluster, 192.168.0.0/24 subnet for office subnets, two subnets physically not in one piece.

When the company opened, applied for telecom 40Mbps optical fiber, 5 IP address, Gateway: *.168.112.9 255.255.255.248, address block: *.168.112.10-14, the telecommunications company sent a light cat, a router, 5 public IP is bound together, Now you need to set up the public IP in the router, convenient for the server to post information, the method has two:

1, from the router sent by the telecommunications cable to the h3c-msr930 router, such as plug-in h3c-msr930 router G0, G1, G2 port, each port set a public IP, and then set the routing policy, you can use multiple public IP, but this method is troublesome.

2, because the h3c-msr930 router is a gigabit router, and only 5 ports, the resources are very valuable, so decided to send a router from the telecom only pull a cable into the h3c-msr930 G0 port, using sub-interface, the public network is set in this G0 port, so the router setup also easy Ah, Settings are as follows:

Interface Vlan-interface1
IP address 192.168.0.1 255.255.255.0
DHCP server apply Ip-pool Vlan1
#
Interface Vlan-interface2
IP address 192.168.1.1 255.255.255.0
#
Interface gigabitethernet0/0
Port Link-mode Route
Nat Outbound 2000
IP Address *.168.112.10 255.255.255.248
IP Address *.168.112.11 255.255.255.248 Sub

IP Address *.168.112.12 255.255.255.248 Sub

IP Address *.168.112.13 255.255.255.248 Sub

IP Address *.168.112.14 255.255.255.248 Sub

DDNS Apply Policy 9xiang.picp.net
DNS Server 202.96.209.133
DNS Server 202.96.209.5
#
Interface GIGABITETHERNET0/1
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/2
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/3
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/4
Port Link-mode Bridge
Port Link-type Trunk
Port Trunk Permit VLAN All
#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0 *.168.112.9

(Note: The real address is hidden under the * number, the reason we know, mainly red character set)

Second, intranet server map to public network access

Software enterprises to do software products, to publish to the outside of the network testing, use, only need to do a NAT translation on the export line, the following on the router's exit configuration Nat.

#  
Interface gigabitethernet0/0    
Port Link-mode route     
Nat Outbound 2000    
 nat server Protocol TCP Global *.168.112.11 8088 inside 192.168.1.1 8088    
NAT Server Protocol TCP Global * .168.112.11 8888 inside 192.168.1.170 8181      
NAT Server Protocol TCP global *. 168.112.10 8888 inside 192.168.1.168 8080      
NAT Server Protocol TCP global *. 168.112.11 8181 inside 192.168.0.56 8181      
NAT Server Protocol TCP global *. 168.112.11 18080 inside 192.168.0.36 8080      
NAT Server Protocol TCP global *. 168.112.11 www inside 192.168.1.197 8080     
IP address *.168.112.10 255.255.255.248     
IP address *.168.112.11 255.255.255.248 sub

IP Address *.168.112.12 255.255.255.248 Sub

IP Address *.168.112.13 255.255.255.248 Sub

IP Address *.168.112.14 255.255.255.248 Sub

DDNS Apply Policy 9xiang.picp.net
DNS Server 202.96.209.133
DNS Server 202.96.209.5
#

Third, intranet through the public address to access internal server

Now after the intranet server is published to the outside network, the extranet is a normal access to the company's server, but the problem is published to the outside, such as the use of the browser on the network outside the company access to http://*.168.112.11:8888 is normal access, But the company intranet 192.168.0.0/24 office network segment Access this http://*.168.112.11:8888 can not access. The problem is on the router, originally, such as IP is 192.168.0.50 's computer issued an access http://*.168.112.11:8888 instruction, the target address specified in the TCP protocol is *. 168.112.11:8888, the source address is 192.168.0.50,h3c-msr930 router in the NAT address Table A match, found *.168.112.11:8888 corresponding IP is 192.168.1.170 : 8181, the request is forwarded to the 192.168.1.170:8181 server, the 192.168.1.170:8181 server responds to the request, Give the source address 192.168.0.50 give the desired response, when the response message is packaged into the destination address is 192.168.0.50, the source address is 192.168.1.170 : 8181 sent to the target host 192.168.0.50, but 192.168.0.50 received this response package, to unlock a look, the source address is 192.168.1.170:8181 sent the package, TM I was to *.168.112.11:8888 sent a request, 192.168.1.170:8181 is which two goods ah, so the router decisively put this bag as garbage discarded, Bitter 192.168.0.50 on the browser, but also in the bitter Baba's response, waiting for a half-day did not respond, had to show the future a dark, nothing, this is in the intranet through the public address access to internal server common fault, the solution is to build a NAT conversion table on the intranet VLAN1, so that the response server 192.168.1 .170:8,181 to the target host 192.168.0.50 information is re-blocked in the router to the destination address is 192.168.0.50, the source address is *. 168.112.11:8888, will not be the IP is 192.168.0.50 computer to lose the package, the following settings:

#
Interface Vlan-interface1
IP address 192.168.0.1 255.255.255.0
DHCP server apply Ip-pool Vlan1
NAT Server Protocol TCP global *.168.112.11 8888 inside 192.168.1.170 8181
NAT server Protocol TCP global *.168.112.11 8181 inside 192.168.0.56 8181
NAT server Protocol TCP global *.168.112.11 9090 inside 192.168.1.197 8080
NAT server Protocol TCP global *.168.112.10 8888 inside 192.168.1.168 8080
NAT server Protocol TCP global *.168.112.11 18080 inside 192.168.0.36 8080

NAT server Protocol TCP global *.168.112.11 www inside 192.168.1.197 8080

#
Interface Vlan-interface2
IP address 192.168.1.1 255.255.255.0
#
Interface gigabitethernet0/0
Port Link-mode Route
Nat Outbound 2000
NAT server Protocol TCP global *.168.112.11 8088 inside 192.168.1.1 8088
NAT server Protocol TCP global *.168.112.11 8888 inside 192.168.1.170 8181
NAT server Protocol TCP global *.168.112.10 8888 inside 192.168.1.168 8080
NAT server Protocol TCP global *.168.112.11 8181 inside 192.168.0.56 8181
NAT server Protocol TCP global *.168.112.11 18080 inside 192.168.0.36 8080
NAT server Protocol TCP global *.168.112.11 www inside 192.168.1.197 8080
IP address *.168.112.10 255.255.255.248
IP Address *.168.112.11 255.255.255.248 Sub
DDNS Apply Policy 9xiang.picp.net
DNS Server 202.96.209.133
DNS Server 202.96.209.5
#
Interface GIGABITETHERNET0/1
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/2
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/3
Port Link-mode Bridge
Port Access VLAN 2
#
Interface GIGABITETHERNET0/4
Port Link-mode Bridge
Port Link-type Trunk
Port Trunk Permit VLAN All
#
IP route-static 0.0.0.0 0.0.0.0 gigabitethernet0/0 *.168.112.9

Iv. VPN to the company Home Office

There are many resources on the company's servers and Nas, at home to access the company's internal resources, it is best to establish a L2TP VPN, so at home after a pull, and in the same company, all the resource address is directly open, to achieve this function, need to be configured on the router and computer, first, Router-side:

1, set up to L2TP VPN login user Pppvpn, password: [Email protected]#$

#
Local-user Admin
Password cipher $c $3$3l/gdc59tw4jjl61545454lbskbluvhut5wq3
Authorization-attribute Level 3
Service-type Telnet
Service-type Web
Local-user Pppvpn
password cipher [email protected]#$

Service-type PPP
#

2. Assign IP address pool 1 for VPN users who are logged in.

#
Domain system
Access-limit Disable
State Active
Idle-cut Disable
Self-service-url Disable
IP Pool 1 192.168.2.10 192.168.2.20
#

3, the establishment of VPN closed mode and virtual interface, access to the VPN gateway is 192.168.2.1

#
L2tp-group 1
Undo Tunnel Authentication
Allow L2TP virtual-template 0
#
Interface Aux0
Async Mode Flow
Link-protocol PPP
#
Interface cellular0/0
Async Mode Protocol
Link-protocol PPP
TCP MSS 1024
#
Interface Virtual-template0
PPP Authentication-mode CHAP domain system
Remote Address Pool 1
IP address 192.168.2.1 255.255.255.0
#

4, computer-side settings (WIN10)

4.1 Increased VPN (open network connection or network settings)

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/5F/wKioL1c-17-yLpY8AAEC5QG9_aY925.png "title=" Image_ Thumb[2].png "alt=" Wkiol1c-17-ylpy8aaec5qg9_ay925.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/5F/wKioL1c-19qCZpqWAACRRJPv_Zs534.png "title=" image[ 7].png "alt=" Wkiol1c-19qczpqwaacrrjpv_zs534.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/61/wKiom1c-1xXC1vQjAAFNvAjzwjM930.png "title=" Image6.png "alt=" Wkiom1c-1xxc1vqjaafnvajzwjm930.png "/>

The connection name can be written by itself, and the server IP address is filled in as: *.168.112.10

Flip down as follows:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/61/wKiom1c-1zqxKf6gAACCXt31hrY549.png "title=" Image11.png "alt=" Wkiom1c-1zqxkf6gaaccxt31hry549.png "/>

4.2. Turn on "Change adapter Options" or open network connection

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/5F/wKioL1c-2FSCv6GCAACYoDcufSg765.png "title=" Image1.png "alt=" Wkiol1c-2fscv6gcaacyodcufsg765.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/80/5F/wKioL1c-2GzgIE_wAAC4I8rh9TE744.png "title=" Image61.png "alt=" Wkiol1c-2gzgie_waac4i8rh9te744.png "/>

Modify the settings as follows and determine.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/61/wKiom1c-15zxnI7xAACCFHVJw6U525.png "title=" Image91.png "alt=" Wkiom1c-15zxni7xaaccfhvjw6u525.png "/>

4.3. VPN connection

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/61/wKiom1c-18DiwJKNAAC7rs40x-s203.png "title=" Image_ Thumb4.png "alt=" Wkiom1c-18diwjknaac7rs40x-s203.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/61/wKiom1c-19XD731vAADUce2iZnE666.png "title=" Image15.png "alt=" Wkiom1c-19xd731vaaduce2izne666.png "/>

This article from the "Strong Technical communication blog," Please be sure to keep this source http://newthink.blog.51cto.com/872263/1775483

Software company Development Network Environment Construction