The rapid development of network technology to enable enterprises to share resources of LAN access INTERNET way more and more, for most purposes, DDN line with its stable performance, good scalability advantages of a widely used method, DDN approach Connect the hardware requirements are simple, only needs a router (router), the proxy server (proxy server) can be, but the configuration of the system on a number of staff in terms of network management is a more difficult problem. Below to CISCO router, for example, the author of several more successful on the configuration method to make in order to introduce, for the peer reference:
First, directly through the router to access INTERNET resource allocation
1. The general idea and the equipment connection method
In general, Internal LAN have reservations on the use of INTERNET address:
10.0.0.0 / 8:10.0.0.0 ~ 10.255.255.255
172.16.0.0/12: 172.16.0.0 ~ 172.31.255.255
192.168.0.0/16: 192.168.0.0 ~ 192.168.255.255
In the conventional case, the Internal workstation using routing in direct foreign visit, we will use for the workstation is reserved on the Internet address of the router was filtered, resulting in no access to Internet resources. Solution to this problem is to use routing operating system provides NAT (Network Address Translation) address translation functions to the private address of the internal network into legal addresses on the Internet, so do not have valid IP addresses of users can access through the NAT to external Internet. This benefit is equipped with a proxy server without the need to reduce investment, but also reduce legal IP address and improve internal network security.
There are two types of NAT: Single mode and global mode.
The single mode using NAT, just like its name, as many local area network can be mapped to an Internet address of the host. LAN to all hosts on the external Internet network is concerned, have been seen as an Internet user. Local LAN hosts continue to use the local address.
The global model using NAT, the router's local LAN interface will host a number of mapping a certain range of Internet addresses (IP address pool). When the local host port and Internet connection on the host, IP address pool of an IP address is automatically assigned to the local host, connection disruption dynamically assigned IP addresses will be released, the release of the IP address may be other local hosts use.
The following units of the network environment in my case, the configuration and process are listed out for reference.
I unit used Unicom Cable (V.35) access to INTERNET, the router is CISCO2610, LAN switches using the INTEL550 Fast, Unicom to provide us with the following four IP addresses:
211.90.137.25 (255.255.255.252) for the local router's WAN port
211.90.137.26 (255.255.255.252) for the other side (China Unicom) port
211.90.139.41 (255.255.255.252) at their disposal
211.90.139.42 (255.255.255.252) at their disposal
2. Router configuration
(1) network connection diagram:
Note: all our workstations are connected with switches, routers are connected through the Ethernet port internal switch, router, Ethernet port using an internal private addresses, use both ends of the fiber Unicom two valid IP addresses assigned. In this connection, as long as the internal settings in the router NAT, it can make all the workstations to access INTERNTE Internal, and at each workstation just set the gateway point to the router's Ethernet port (192.168.0.3) can access without setting agent, and two valid IP addresses to save for their own discretionary (such as setting up their own units and E-MAIL WEB server). But there are also disadvantages: the proxy server can not enjoy the services provided to improve access speed CACHE. Therefore, this configuration for a smaller number of units of the workstation, for a large number of situations Internal workstation can use two methods described later. Specific configuration on the router as follows:
(2) the configuration of the router
en
config t
ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252
(Define an address pool c2601, within which includes two free legal IP address, NAT conversion for use)
int e0 / 0
ip address 192.168.0.3 255.255.255.0
ip nat inside
exit
(Set the IP address of Ethernet port, and set its internal network to connect the port)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
ip nat outside
exit
(Set WAN port IP address, and set its port to connect an external network)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
(Set dynamic routing)
access-list 2 permit 192.168.0.1 0.0.0.255
(Establishment of access control lists)
! Dynamic NAT
!
ip nat inside source list 2 pool c2610 overload
(Creation of dynamic address translation)
line console 0
exec-timeout 0 0
!
line vty 0 4
end
wr
(Save your settings)
3. Workstation configuration
Require the use of static IP address, TCP / IP properties set, and set off net to 192.168.0.3 (the router Ethernet port IP address), set the DNS address for the access provider, browser and other Internet tools without the need for any special settings.
Second, through a proxy server to access INTERNET resource allocation
1. General ideas and methods of device
Use a proxy server access to INTERNET resources, the advantage of using a proxy server can provide services to improve the INTERNET CACHE access speed and efficiency. More units more suitable for workstation use. Drawback is the need specially equipped with a computer as a proxy server, increase the investment cost; and over the first French side need only take up two legitimate IP addresses, network security is not high.
Use this program to access the Internet, connect the device as follows:
Two network cards installed on the proxy server, an intranet connection, set the internal private address; another one to connect the router Ethernet port, set the legitimate address assigned Unicom (211.90.139.42), and set its gateway to 211.90.139.41 (router too I)
Router Ethernet port is also set up China Unicom's legitimate IP address assigned (211.90.139.41)
In this way, the device is completed, the proxy server agent software is installed and the workstation set up a proxy to access INTERNET.
2. Router configuration
(1) network connection diagram:
Description: In the picture above, all computers inside the unit through the switch directly to the proxy server's internal network card (192.168.0.4) communications, and then under the control of agency services through the router software to access INTERNET.
(2) the configuration of the router
en
config t
int e0 / 0
ip address 211.90.139.41 255.255.255.252
exit
(Set Ethernet port IP address)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
exit
(Set WAN port IP address)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
ip routing
(Set dynamic routing, and activate the route)
end
wr
(Save your settings)
3. Proxy server settings
The proxy server must be installed two network cards, one used to connect the internal LAN IP address is located within the private address (such as: 192.168.0.4 netmask 255.255.255.0) without setting the gateway. The other one used to connect to the router, set up China Unicom's legitimate address assigned (211.90.139.42 netmask 255.255.255.252), and set the gateway: 211.90.139.41 (router Ethernet port).
In accordance with the above method to set a good card, then you can install a proxy software. (Eg: MS PROXY SERVER 2.0, WINGATE, etc., agent software installation methods, please refer to other information)
4. Workstation settings
(1) INTERNET EXPLORER set
Tools menu -> internet options -> Connections -> LAN Settings -> Use a proxy server -> Address: 192.168.0.4 port: 80 -> OK
(2) other software settings, please refer to the software instructions.
Third, direct access to co-exist with the configuration of proxy access
1. General ideas and methods of device
By two methods described above to configure, can successfully achieve INTERNET access, but each method has advantages that also has some shortcomings, and merits of both approaches are complementary. How could the advantages of both methods can not be combined, the third method is a kind of fish and the best of both worlds solution. Integrated one, two merits of both approaches, a savings of IP addresses, but also through a proxy server provided access to CACHE to improve the efficiency of INTERNET.
Use this program to access the Internet, connect the device as follows:
Two network cards installed on the proxy server, two network cards are connected to the switch, set IP addresses, two network cards are set to internal private addresses, but the two should not belong to a network address (IP address, network address that is different ), one for internal network communication (LAN 1), a router used for communications (NIC 2), otherwise the agent can not be achieved.
Do not install the proxy server NETBEUI agreement, only the installation of TCP / IP protocols. (Note: This step must be done, or because the proxy server and the switch connection line between the redundancy caused by the proxy server NETBIOS computer name conflicts affecting the normal communication)
Router Ethernet port is also set up an internal private address, the address for the address with the card 2 in the same network (ie IP address same as network address and network card 2)
2. Router settings
(1) network connection diagram
(2) the configuration of the router
en
config t
ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252
(Define an address pool c2601, within which includes two free legal IP address, NAT conversion for use)
int e0 / 0
ip address 192.168.1.1 255.255.255.0
ip nat inside
exit
(Set the IP address of Ethernet port, and set its internal network to connect the port)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
ip nat outside
exit
(Setting WAN Port IP address and set it as the port to connect an external network)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
(Set dynamic routing)
access-list 2 permit 192.168.0.1 0.0.0.255
(Establishment of access control lists)
! Dynamic NAT
!
ip nat inside source list 2 pool c2610 overload
(Creation of dynamic address translation)
line console 0
exec-timeout 0 0
!
line vty 0 4