刚开始时只有中国电信一家ISP,带宽8M,后来随着公司规模的不断扩大,出现带宽不足的情况,考虑增加带宽,但因为办公楼只能接入电信的网络,价格偏贵所以引入了带宽为10M的光环新网的微波网络。所有流量均通光环新网的网络,后来发现用光环新网的网络会出现收发邮件不正常,ping邮件服务器有时会出现延时过大甚至丢包的情况,所以就考虑把去往mail服务器的流量转移到中国电信的这条8M的网络上,在网络正常(使用光环新网)的情况下增加如下配置:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
用电信收发邮件:
access-list tomail extended permit ip 10.1.2.0 255.255.255.0 207.5.74.0 255.255.255.0
access-list WAN1_access_in extended permit object-group icmp any any
access-group WAN1_access_in in interface WAN1
nat (LAN0) 102 access-list tomail
global (WAN1) 102 interface
route WAN1 207.5.74.0 255.255.255.0 124.126.247.65 1
不用电信收发邮件:
no nat (LAN0) 102 access-list tomail
no global (WAN1) 102 interface
no access-group WAN1_access_in in interface WAN1
no access-list tomail extended permit ip 10.1.2.0 255.255.255.0 207.5.74.0 255.255.255.0
no access-list WAN1_access_in extended permit object-group icmp any any
no route WAN1 207.5.74.0 255.255.255.0 124.126.247.65 1
