четверг, 2 июля 2015 г.

CPU using reducing on cisco isr g2 2921 with many nat translations


*/creating vrf

ip vrf out
 rd 1:1
 route-target export 1:1
 route-target import 1:1



 */Internet interface with VRF

interface GigabitEthernet0/2
 description -= WAN =-
ip vrf forwarding out
 ip address 86.62.75.* 255.255.255.240 secondary
 ip address 86.62.75.* 255.255.255.240
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

 */ inside interface 

interface GigabitEthernet0/0.11
 description to_sw-root
 encapsulation dot1Q 11
 ip address 10.252.11.254 255.255.255.0
 ip nbar protocol-discovery
 ip nat inside
 ip virtual-reassembly in
 service-policy input block_p2p


ip route 86.62.75.208 255.255.255.240 GigabitEthernet0/2 /* route from vrf routing table which must to leak into global routing table
ip route vrf out 0.0.0.0 0.0.0.0 86.62.75.* /* default route for vrf 


*/ keyring for VRF

crypto keyring DMVPN vrf out
  pre-shared-key address 0.0.0.0 0.0.0.0 key #**

*/ on the tunnel interfaces add command tunnel vrf out

interface Tunnel3
tunnel vrf out
int t4
tunnel vrf out
int t5
tunnel vrf out
int t8
tunnel vrf out

route from global routing table which must to leak into vrf

ip route vrf out 10.252.11.0 255.255.255.0 GigabitEthernet0/0.11 10.252.11.253 global
ip route vrf out 172.16.100.0 255.255.254.0 GigabitEthernet0/0.11 10.252.11.253 global
ip route vrf out 172.16.102.0 255.255.254.0 GigabitEthernet0/0.11 10.252.11.253 global
ip route vrf out 172.16.75.0 255.255.255.0 Tunnel6 172.254.255.85 global
ip route vrf out 10.252.0.0 255.255.0.0 GigabitEthernet0/0.11 10.252.11.253 global


port forwarding from  VRF interface to LOCAL networks

ip nat inside source static tcp 172.16.100.11 20 86.62.75.* 20 vrf out extendable
ip nat inside source static tcp 172.16.100.11 21 86.62.75.* 21 vrf out  extendable
ip nat inside source static tcp 172.16.100.3 80 86.62.75.* 80 vrf out extendable
ip nat inside source static tcp 172.16.100.245 1080 86.62.75.* 1080 vrf out  extendable
ip nat inside source static tcp 172.16.101.16 3389 86.62.75.* 3131 vrf out  extendable
ip nat inside source static tcp 172.16.100.15 3389 86.62.75.* 3315  vrf out extendable
ip nat inside source static tcp 172.16.85.4 5858 86.62.75.* 5858 vrf out extendable
ip nat inside source static tcp 172.16.101.16 9000 86.62.75.* 9000  vrf outextendable
ip nat inside source static tcp 172.16.75.17 22 86.62.75.* 2222 vrf out extendable






Автор: на

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)