我们有 2 个 Fortigate 200B 防火墙,希望它们在 Active/Active HA 模式下运行 - 但显然,它们无法在外部接口上启用 PPPoE/DHCP 来执行此操作。
为了解决这个问题,我们想使用 Cisco 1841 作为其f0/1接口上的 PPPoE 终端,并在其接口上显示静态 IP f0/0(我们对 Cisco 857 盒进行了类似操作,以终止 RJ11 ADSL PPPoE 连接,并在 200B 的 RJ45 FE 接口上转发)。这将使我们能够将两个 200B 设置为手动,并向它们分配公共 IP 地址。
一般理论是:
f0/0取消对具有PPPoE虚拟接口的LAN侧的静态路由地址的编号Dialer1。
因此,我们在 Cisco 857 上有这个配置(可以工作):
!Internally facing
interface Ethernet0
ip address [ip.add.ress.here] 255.255.255.248
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!Externally facing ADSL connection
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
no oam-pvc manage
pppoe-client dial-pool-number 1
!Virtual PPPoE interface
interface Dialer1
ip unnumbered Ethernet0
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [our username]
ppp chap password 7 [our password]
ppp pap sent-username [our username] password 7 [our password]
!
ip route 0.0.0.0 0.0.0.0 Dialer1
在我们的 1841 上,我们有这个:
! Internally Facing
interface FastEthernet0/0
ip address [ip.add.ress.here] 255.255.255.248
ip nat inside
speed 100
full-duplex
! Externally Facing
interface FastEthernet0/1
no ip address
speed 100
full-duplex
pppoe enable group global
pppoe-client dial-pool-number 1
! Virtual PPPoE Interface
interface Dialer1
mtu 1492
ip unnumbered FastEthernet0/0
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [our username]
ppp chap password 0 [our password]
ppp pap sent-username [our username] password 0 [our password]
no cdp enable
!
no ip classless
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
但是我们似乎对这个配置不太满意,有人可以提供建议吗?