1.电信、联通都是10M光纤接入，固定IP：电信：121.x.x.x联通：58.x.x.x2.域名在DNSPOD上做双线解析（电信为默认线路，）;3.内网有一台web服务器需要发布到公网;4.现在一台Cisco2911 K9路由器3个GB LAN口5.内网只有一个网段192.168.0.0/24实现结果：1.内网用户能正常通过2个出口上网（负载或冗余）2.外网用户访问web服务器：一、联通用户访问走联通线路（收集了800多条联通的路由条目）;二、电信和其他任何运营商线路都走电信线路.下面是配置：version 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!enable secret 5 $1$KEex$6XEpUd1oJbZAXjD7LXJok1!no aaa new-modelclock timezone GMT 8 0!no ipv6 cefip source-route!!!!!no ip domain lookupmultilink bundle-name authenticated!!crypto pki token default removal timeout 0!!license udi pid CISCO2911/K9 sn FGLXXXXXXX!!username XXXXX secret 5 $1$rqjo$xx8MyKYj186xrUeD4CUZ2.!!!!!!interface GigabitEthernet0/0ip address 192.168.0.X 255.255.255.0ip nat insideip virtual-reassembly induplex autospeed auto!interface GigabitEthernet0/1ip address 121.x.x.x 255.255.255.248ip nat outsideip virtual-reassembly induplex autospeed auto!interface GigabitEthernet0/2ip address 58.x.x.x 255.255.255.248ip nat outsideip virtual-reassembly induplex autospeed auto!ip forward-protocol nd!no ip http serverno ip http secure-server!ip nat translation tcp-timeout 300ip nat translation udp-timeout 30ip nat translation syn-timeout 30ip nat translation icmp-timeout 30ip nat pool pool-telecom 121.x.x.113 121.x.x.117 netmask 255.255.255.248 ip nat pool pool-unicom 58.x.x.2 58.x.x.5 netmask 255.255.255.248ip nat source static tcp 192.168.0.254 8018 58.x.x.x 8018 extendable ip nat source static tcp 192.168.0.254 8018 121.x.x.x 8018 extendableip nat inside source route-map telecom pool pool-telecom overloadip nat inside source route-map unicom pool pool-unicom overload ip nat inside source static tcp 192.168.0.247 21 58.x.x.x 21 extendable ip nat inside source static tcp 192.168.0.251 80 58.x.x.x 80 extendableip nat inside source static tcp 192.168.0.254 2020 58.x.x.x 2020 extendable ip nat inside source static tcp 192.168.0.254 8018 58.x.x.x 8018 extendable ip nat inside source static tcp 192.168.0.251 8019 58.x.x.x 8019 extendable ip nat inside source static tcp 192.168.0.246 8080 58.x.x.x 8080 extendable ip nat inside source static tcp 192.168.0.247 21 121.x.x.x 21 extendable ip nat inside source static tcp 192.168.0.251 80 121.x.x.x 80 extendable ip nat inside source static tcp 192.168.0.254 2020 121.x.x.x 2020 extendable ip nat inside source static tcp 192.168.0.254 8018 121.x.x.x 8018 extendable ip nat inside source static tcp 192.168.0.251 8019 121.x.x.x 8019 extendable ip nat inside source static tcp 192.168.0.246 8080 121.x.x.x 8080 extendableip route 0.0.0.0 0.0.0.0 121.x.x.118ip route 0.0.0.0 0.0.0.0 58.x.x.1 50ip route 1.24.0.0 255.248.0.0 58.x.x.1ip route 1.56.0.0 255.248.0.0 58.x.x.1ip route 1.188.0.0 255.252.0.0 58.x.x.1ip route 14.204.0.0 255.254.0.0 58.x.x.1..................800多路由条目..............!access-list 2001 permit ip 192.168.0.0 0.0.0.255 any!route-map unicom permit 10match ip address 2001match interface GigabitEthernet0/2set ip next-hop 58.x.x.1!route-map telecom permit 10match ip address 2001match interface GigabitEthernet0/1set ip next-hop 121.x.x.118!!!control-plane!!line con 0logging synchronouslogin localline aux 0line vty 0 4logging synchronouslogin localtransport input all!scheduler allocate 20000 1000endRouter#现在结果：1.内网用户可以正常上网，通过电信、联通都可以出去2.电信用户、联通用户通过自己运营商的DNS服务器来解析我的网站，正常访问3.遇到的问题：一、其它非电信、非联通的运营商可能会用到联通的DNS服务器来解析我的网站，从而就解析到我的联通ip,造成的结果是，用户从联通接口进来，出去时就走电信线路了，造成不能访问网站的情况。

该如何解决？二、还有更坑爹的是：有的用户是电信线路，用的是联通dns解析; 有的是联通用户，用电信DNS解析。

这样解析出来的地址刚好是交叉的，也不能访问，（真遇到过这样的复杂的用户:小区物业电信、联通宽带叠加，不知道搞了什么策略，联通线路有时出口解析时用到电信DNS解析的）这又该如何解决？纠结啊.....................以上2个问题该如何解决，还忘各位高手鼎力相助，谢谢！！！！！！！该问题已经解决！详情请看12楼！！！！！问题最终解决，下面是我的配置web服务器添加双IP，双ip 80 端口分别映射到不同线路，然后用策略路由，指定双IP出去公网的数据到不同ip,即可！下面是配置信息Router#show runnCurrentconfiguration : 42687 bytes!! Noconfiguration change since last restart!version15.1servicetimestamps debug datetime msec servicetimestamps log datetime msecnoservice password-encryption!hostnameRouter!boot-start-markerboot-end-marker!!enablesecret 5 $1$KEex$6XEpUd1oJbZAXjD7LXJok1!no aaanew-modelclocktimezone GMT 8 0!no ipv6cefipsource-routeip cef!!!!!no ipdomain lookupmultilinkbundle-name authenticated!!cryptopki token default removal timeout 0!!licenseudi pid CISCO2911/K9 sn FGLXXXXXX!!username XXXXsecret 5 $1$rqjo$xx8MyKYj186xrUeD4CUZ2. !!!!!!interfaceGigabitEthernet0/0ip address 192.168.0.2 255.255.255.0ip nat insideip virtual-reassembly inip policy route-map PBR-WWW --------------------------------------------------------------------------------------a1duplex autospeed auto!interfaceGigabitEthernet0/1ip address 121.x.x.116 255.255.255.248ip nat outsideip virtual-reassembly induplex autospeed auto!interfaceGigabitEthernet0/2ip address 58.x.x.4 255.255.255.248ip nat outsideip virtual-reassembly induplex autospeed auto!ipforward-protocol nd!no iphttp serverno iphttp secure-server!ip nattranslation tcp-timeout 300ip nattranslation udp-timeout 30ip nattranslation syn-timeout 30ip nattranslation icmp-timeout 30ip nat pool pool-telecom 121.x.x.113 121.x.x.117 netmask255.255.255.248ip nat pool pool-unicom 58.x.x.2 58.x.x.5 netmask 255.255.255.248 -----------------------------------------a2ip nat inside source route-map telecom pool pool-telecom overloadip nat inside source route-map unicom pool pool-unicom overload-------------------------------------------a3ip nat inside sourcestatic tcp 192.168.0.250 80 58.x.x.4 80 extendableip nat inside source static tcp192.168.0.251 80 121.x.x.116 80 extendable------------------------------------------a4ip route 0.0.0.0 0.0.0.0121.x.x.118ip route 0.0.0.0 0.0.0.0 58.x.x.1 50--------------------------------------------------------------------------------------------a5ip route1.24.0.0 255.248.0.0 58.x.x.1ip route1.56.0.0 255.248.0.0 58.x.x.1ip route1.188.0.0 255.252.0.0 58.x.x.1ip route14.204.0.0 255.254.0.0 58.x.x.1ip route27.8.0.0 255.248.0.0 58.x.x.1ip route27.36.0.0 255.252.0.0 58.x.x.1ip route27.40.0.0 255.248.0.0 58.x.x.1ip route27.54.192.0 255.255.224.0 58.x.x.1ip route27.98.224.0 255.255.224.0 58.x.x.1ip route27.106.128.0 255.255.192.0 58.x.x.1ip route27.112.8.0 255.255.252.0 58.x.x.1ip route27.112.12.0 255.255.254.0 58.x.x.1ip route27.115.0.0 255.255.128.0 58.x.x.1ip route27.131.220.0 255.255.252.0 58.x.x.1ip route27.192.0.0 255.224.0.0 58.x.x.1ip route36.32.0.0 255.252.0.0 58.x.x.1ip route36.248.0.0 255.252.0.0 58.x.x.1ip route42.48.0.0 255.254.0.0 58.x.x.1ip route42.51.0.0 255.255.0.0 58.x.x.1ip route42.62.0.0 255.255.224.0 58.x.x.1ip route42.62.32.0 255.255.248.0 58.x.x.1ip route42.63.0.0 255.255.0.0 58.x.x.1ip route42.84.0.0 255.252.0.0 58.x.x.1ip route42.157.0.0 255.255.248.0 58.x.x.1ip route 42.157.8.0255.255.252.0 58.x.x.1ip route42.224.0.0 255.240.0.0 58.x.x.1ip route58.16.0.0 255.248.0.0 58.x.x.1ip route58.24.0.0 255.254.0.0 58.x.x.1ip route58.68.128.0 255.255.240.0 58.x.x.1ip route58.68.144.0 255.255.248.0 58.x.x.1ip route58.68.179.0 255.255.255.0 58.x.x.1ip route58.68.180.0 255.255.255.0 58.x.x.1......................800[/url]多条联通网段--------------------------------------------------------------a6ip route223.203.208.0 255.255.240.0 58.x.x.1ip route223.255.0.0 255.255.128.0 58.x.x.1!ip access-list extended CNC-250permit ip host192.168.0.250 anyip access-list extended TEL-251permit ip host192.168.0.251 any----------------------------------------------------------------------------a7!access-list 2001 permit ip 192.168.0.0 0.0.0.255 any----------------------------------------------------a8!route-map unicom permit 10[/url]matchip address 2001matchinterface GigabitEthernet0/2set ipnext-hop 58.x.x.1!route-map telecom permit 10matchip address 2001matchinterface GigabitEthernet0/1set ipnext-hop 121.x.x.118-----------------------------------------------------------------------------------------------a9!route-map PBR-WWW permit 10[/url]match ip addressTEL-251match interfaceGigabitEthernet0/1set ip next-hop121.x.x.118!route-map PBR-WWW permit 20match ip addressCNC-250match interfaceGigabitEthernet0/2set ip next-hop58.x.x.1--------------------------------------------------------------------------------------------a10!!!control-plane!line con0logging synchronousline aux0line vty0 4logging synchronouslogin localtransport input all!schedulerallocate 20000 1000end[hr]a1:内网接口上应用策略路由，使从外网进来访问访问WEB的数据能从正确的线路无误的返回，避免用户进来的数据从不正确的端口返回，造成用户不能正常访问网站的情况a2:]建立电信、联通做NAT转换用的地址池a3:双线Nat做转换是用Route-map来匹配，overload不可少，这点详情请问度娘。