User needs:
- Site 1/2 requires access to the internet, ISP1 is the main line, and ISP2 is the backup line;
- Site 1 requires a WEB/FTP server to be deployed to provide services. FTP can only provide services to the intranet, and the WEB server allows a separate fixed IP access to the Internet, with an address of 100.1.2.3;
- The headquarters purchased a fixed export IP through ISP01, allowing company users to log in through the fixed IP, access the company's intranet through SSL VPN, and access the intranet WEB/FTP server;
- A secure VPN tunnel is required to be established between site 1 and site 2 to achieve inter-site network communication;
The network topology is as follows:
1. ISP operator configuration
ISP01 initialization configuration:
sys
int e0/0/0
ip address 100.1.20.254 24
int e0/0/1
ip address 100.1.1.254 24
int g0/0/0
ip address 200.100.0.1 30
int g0/0/1
ip address 100.100.1.1 30
int g0/0/2
ip address 100.100.2.1 30
The Internet segment of routers and firewalls in the enterprise is 30 bits.
ISP02 initialization configuration:
sys
int e0/0/0
ip address 200.1.2.254 24
int e0/0/1
ip address 200.1.1.254 24
int g0/0/0
ip address 200.100.0.2 30
int g0/0/1