User needs:
- All sites are required to communicate with the site01-bj headquarters through ISP-AR2;
- site02-sh, site03-GZ, site04-shenZhen dial up the Internet through dedicated lines without fixed public IP;
- site01-bj accesses the Internet through the fixed public IP of the dedicated line;
- site05-foshan dials up the Internet through optical modem;
The network topology is as follows:
Note: The private line public network IP can directly access the Internet through easy IP, but through the optical modem, the FW export device must first perform the first source SNAT to the optical modem, and then perform the second SNAT when reaching the optical modem. For return packets, regardless of whether Optical modem can perform return routing, the FW export device must be allowed to perform DNAT, and Optical modem must not be allowed to record NAT sessions for other addresses in the company's intranet. If Optical modem is used to do all NAT, the performance of Optical modem will be affected during peak traffic periods. It will not be able to handle a large number of session entries.
1. ISP-R2 operator configuration
R2 operator PPPOE dial-up configuration:
#创建拨号地址池
[ISP-R2]ip pool FS
[ISP-R2-ip-pool-FS] network 105.1.1.0 mask 255.255.255.0
#创建数据库+拨号用户
[ISP-R2]aaa
[ISP-R2-aaa]local-user abc456 password cipher Admin@1234
[ISP-R2-aaa]local-user abc456 service-type ppp
#创建拨号模版
[ISP-R2]interface Virtual-Template 2
[ISP-R2-Virtual-Template2]ppp authentication-mode cha