Next message: emre aksoy: "[cisco-ttl] router ama frame-relay switch görünümlü"
evet buyuk bir hata ile boyle bir sey demisim. odaklandigim branch lari internete cikarmak degil, branchlari guvenli bir sekilde internete cikarmakti.
Iyi calismalar
"A.Murat BAYRAM" <mbayram_at_yyu.edu.tr> wrote:
Def route core router olursa myo'lar firewall'suz nasil nete cikarlar? Cunku
tum nat'lar pix'de tanimli...
Ilker Bey, dediklerinizin uzerinde calisiyorum....
> Burda sorun MYO baglantilarinin router in oncesine gecmesi (PIX) e
> daha sonra tekrar routerdan ulaknet e cikmasi anladigim kadariyla .
> Def route core router olursa myo'lar firewall suz nete cikacaklar.
>
> Ilker'in soyledigi cozumun anladigim su. Routerin fastethernet
> portunda subinterface olusturuyoruz. ayni zamanda 802.1q destekleyen
> switchimizde pix in ic ve dis bacagi icin iki adet vlan yaratiyoruz
> (ya da var) . Switchde bir adet untagged portu configure edip router
> in fastethernetini buraya bagliyoruz. Dolayisiyla myo den internete
> gelen bir istek once core routerin fastethernet portuna gelecek
> burdan ilgili subinterface ile pix'e gidecek yine ayni sekilde diger
> subinterface uzerinde router a geri donecek ve internet.
>
> pasabakac
wrote:
> merhaba,
> >>>ip route 0.0.0.0 0.0.0.0 10.100.0.5 (bu pix'in ipsi)
>
> Default route u neden pix e yapıyorsunuz.MYO nda 193.140.0.134 e
> yapsanız 7200 de de 193.140.0.133 e yapsanız internet için sorun
> çıkmaz sanırım. intranet için olan yönlendirmeyide 7200 de
> ayarlarsınız.
>
> ip route 10.200.0.0 255.255.0.0 10.100.0.254
>
> 10.100.0.254 switch in ipsi mi? --- In cisco-ttl_at_yahoogroups.com,
> "A.Murat BAYRAM" wrote:
> > Bir nat problemiyle sayfalar dolusu ilgilenildi, bizim sorunumuza
> tek bir
> > harf cevap gelmedi. Kiskandim dogrusu. :(
> > Bu sorunumuzla ilgilenecek yok muu...?
> >
> >
> > > Merhaba,
> > >
> > > Merkezimizden uzak birimlere 7200 router ile ATM
> > > baglanti mevcut. ayni hat uzerinden ayni zamanda ULAKNET'e
> bagliyiz.
> > > Pix Firewall kullaniyoruz. Ancak diger birimleri iceri
> > > yonlendirdikten sonra disariya cikamiyorlar. Birimlerin
> routerindan
> > > ulaknetin bagli oldugu 193.140.0.134 bacagina ping atilabiliyor,
> > > ancak bu routerlardan disariya trace yapildiginda mesela;
> > > MUS_SAGLIK_MYO#trace 212.156.4.4
> > >
> > > Type escape sequence to abort.
> > > Tracing the route to 212.156.4.4
> > >
> > > 1 10.200.30.1 64 msec 68 msec 64 msec
> > > 2 * * *
> > > seklinde devam ediyor. Buradaki kullancilarin disari
> erisebilmeleri
> > > icin iceriye proxy server kurmak zorunda kaldik, proxyde sorun
> > > cikinca baglantilari da kesilmis oluyor. İlker Temir Bey dot1q
> > > destegi olan bir switch kullaniyorsak, fastethernet0/0da iki
> > > subinterface tanimlayip bunlardan birini switchte firewall
> internal,
> > > digerini de externala koymamizi onermisti. 6006 core switch
> > > kullaniyoruz. sh ver asagidaki sekilde.. Boylece birimlerden
> (yani
> > > Meslek Yuksek Okullarindan -MYO-) gelen trafigi 7200 uzerinde
> PBR
> > > (ip policy route-map) kullanarak firewall'in internal ayagina
> > > yonlendirirsiniz. Bu yontemle MYO'lari bir anlamda internal
> > > networkunuzun parcasi haline getirmis olursunuz demisti.
> > >
> > > VYY_6506 sh ver
> > > WS-C6006 Software, Version NmpSW: 5.5(1)
> > > Copyright (c) 1995-2000 by Cisco Systems
> > > NMP S/W compiled on Jun 8 2000, 21:09:45
> > >
> > > System Bootstrap Version: 5.3(1)
> > >
> > > Hardware Version: 2.0 Model: WS-C6006 Serial #: TBA04510859
> > >
> > > Mod Port Model Serial # Versions
> > > --- ---- ------------------- ----------- -------------------------
> ----------
> > --
> > > -
> > > 1 2 WS-X6K-SUP1A-2GE SAD05020DAT Hw : 7.0
> > > Fw : 5.3(1)
> > > Fw1: 5.4(2)
> > > Sw : 5.5(1)
> > > Sw1: 5.5(1)
> > > L3 Switching Engine SAD05020F26 Hw : 1.1
> > > 3 16 WS-X6416-GBIC SAD043609TJ Hw : 1.2
> > > Fw : 5.4(2)
> > > Sw : 5.5(1)
> > > 4 48 WS-X6348-RJ-45 SAL044111CT Hw : 1.4
> > > Fw : 5.4(2)
> > > Sw : 5.5(1)
> > > 15 1 WS-F6K-MSFC2 SAD05020HPZ Hw : 1.1
> > > Fw : 12.1(2)E,
> > > Sw : 12.1(2)E,
> > >
> > > DRAM FLASH NVRAM
> > > Module Total Used Free Total Used Free Total
> Used Free
> > > ------ ------- ------- ------- ------- ------- ------- ----- -----
> -----
> > > 1 65408K 38689K 26719K 16384K 6925K 9459K 512K
> 230K 282K
> > >
> > > Uptime is 237 days, 21 hours, 7 minutes
> > > ---------------------------------------------------------
> > >
> > > Peki bunun icin, hem 7200'e hem switche uygulayabilecegimiz bir
> > > konfigurasyon ornegi yardiminda bulunabilir misiniz? 7200
> routerin
> > > sh ver ciktisi ve confu ile bir Yuksek Okulun confu asagidaki
> sekilde...
> > >
> > > > >
> > > > > VanYYU#sh ver
> > > > > Cisco Internetwork Operating System Software
> > > > > IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(9)E3,
> EARLY
> > DEPLOYMENT
> > > > > RELEASE SOFTWARE (fc1)
> > > > > TAC Support: http://www.cisco.com/tac
> > > > > Copyright (c) 1986-2002 by cisco Systems, Inc.
> > > > > Compiled Mon 11-Feb-02 20:39 by eaarmas
> > > > > Image text-base: 0x60008950, data-base: 0x61178000
> > > > >
> > > > > ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE
> (fc2)
> > > > > BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.1(8a)E,
> EARLY
> > > DEPLOYMENT
> > > > > RELEASE SOFTWARE (fc1)
> > > > >
> > > > > VanYYU uptime is 2 weeks, 2 hours, 35 minutes
> > > > > System returned to ROM by reload
> > > > > System restarted at 10:43:52 UTC Sun Aug 31 2003
> > > > > System image file is "disk0:c7200-is-mz.121-9.E3.bin"
> > > > >
> > > > > cisco 7206VXR (NPE400) processor (revision A) with
> 114688K/16384K
> > bytes
> > > of
> > > > > memory.
> > > > > Processor board ID 26807173
> > > > > R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2,
> 4096KB L3
> > > Cache
> > > > > 6 slot VXR midplane, Version 2.6
> > > > >
> > > > > Last reset from power-on
> > > > > G.703/E1 software, Version 1.0.
> > > > > G.703/JT2 software, Version 1.0.
> > > > > Bridging software.
> > > > > X.25 software, Version 3.0.0.
> > > > > 2 FastEthernet/IEEE 802.3 interface(s)
> > > > > 4 Serial network interface(s)
> > > > > 1 ATM network interface(s)
> > > > > 125K bytes of non-volatile configuration memory.
> > > > >
> > > > > 47040K bytes of ATA PCMCIA card at slot 0 (Sector size 512
> bytes).
> > > > > 8192K bytes of Flash internal SIMM (Sector size 256K).
> > > > > Configuration register is 0x2102
> > > > > ------------------------------------------------------
> > > > > VanYYU# sh run
> > > > >
> > > > > Building configuration...
> > > > >
> > > > > Current configuration : 2238 bytes
> > > > > !
> > > > > ! Last configuration change at 12:37:19 UTC Sun Sep 14 2003
> > > > > ! NVRAM config last updated at 11:46:27 UTC Sun Sep 14 2003
> > > > > !
> > > > > version 12.1
> > > > > service timestamps debug uptime
> > > > > service timestamps log uptime
> > > > > service password-encryption
> > > > > !
> > > > > hostname VanYYU
> > > > > !
> > > > > enable password 7 *********
> > > > > !
> > > > > ip subnet-zero
> > > > > ip cef
> > > > > !
> > > > > !
> > > > > !
> > > > > !
> > > > > !
> > > > > !
> > > > >
> > > > > !
> > > > > interface FastEthernet0/0
> > > > > description connected to FIREWALL OUTSIDE
> > > > > ip address 193.255.143.254 255.255.255.0
> > > > > duplex auto
> > > > > speed auto
> > > > > !
> > > > > interface FastEthernet0/1
> > > > > description buradan core switche bir baglanti yaptik
> > > > > ip address 10.100.0.200 255.255.255.0
> > > > > duplex auto
> > > > > speed auto
> > > > > !
> > > > > interface Serial2/0
> > > > > no ip address
> > > > > encapsulation atm-dxi
> > > > > no keepalive
> > > > > serial restart-delay 0
> > > > > !
> > > > > interface Serial2/1
> > > > > no ip address
> > > > > shutdown
> > > > > serial restart-delay 0
> > > > > !
> > > > > interface Serial2/2
> > > > > no ip address
> > > > > shutdown
> > > > > serial restart-delay 0
> > > > > !
> > > > > interface Serial2/3
> > > > > no ip address
> > > > > shutdown
> > > > > serial restart-delay 0
> > > > > !
> > > > > interface ATM3/0
> > > > > bandwidth 8129
> > > > > ip address 193.140.0.134 255.255.255.252
> > > > > no atm sonet ilmi-keepalive
> > > > > no atm ilmi-keepalive
> > > > > pvc 0/34
> > > > > protocol ip 193.140.0.133
> > > > > encapsulation aal5snap
> > > > > !
> > > > > !
> > > > > interface ATM3/0.1 point-to-point
> > > > > description Bitlis MYO
> > > > > ip address 10.200.50.1 255.255.255.0
> > > > > pvc 0/151
> > > > > protocol ip 10.200.50.2
> > > > > encapsulation aal5snap
> > > > > !
> > > > > !
> > > > > interface ATM3/0.2 point-to-point
> > > > > description Mus MYO
> > > > > ip address 10.200.30.1 255.255.255.0
> > > > > pvc 0/35
> > > > > protocol ip 10.200.30.2
> > > > > broadcast
> > > > > encapsulation aal5snap
> > > > > !
> > > > > !
> > > > > interface ATM3/0.3 point-to-point
> > > > > description Hakkari MYO
> > > > > ip address 10.200.40.1 255.255.255.0
> > > > > pvc 0/36
> > > > > protocol ip 10.200.40.2
> > > > > broadcast
> > > > > encapsulation aal5snap
> > > > > !
> > > > > !
> > > > > interface Virtual-Template2
> > > > > no ip address
> > > > > !
> > > > > router eigrp 100
> > > > > network 10.0.0.0
> > > > > no auto-summary
> > > > > no eigrp log-neighbor-changes
> > > > > !
> > > > > ip classless
> > > > > ip route 0.0.0.0 0.0.0.0 193.140.0.133
> > > > > ip route 10.200.0.0 255.255.0.0 10.100.0.254
> > > > > no ip http server
> > > > > !
> > > > > ip access-list logging interval 3
> > > > > snmp-server community *** RO
> > > > > snmp-server community *** RW
> > > > > snmp-server contact webmaster_at_y...
> > > > > snmp-server host 10.140.0.5 ****
> > > > > banner login ^CWelcome Van Yuzuncu Yil Universitesi Router^C
> > > > > !
> > > > > line con 0
> > > > > line aux 0
> > > > > line vty 0 4
> > > > > exec-timeout 0 0
> > > > > password 7 ***********
> > > > > login
> > > > > line vty 5 15
> > > > > password 7 ***********
> > > > > login
> > > > > !
> > > > > end
> > > > >
> > > > > -------------------------------------------------------------
> --------
> > > > > MUS_SAGLIK_MYO#sh run
> > > > > Building configuration...
> > > > >
> > > > > Current configuration : 1894 bytes
> > > > > !
> > > > > version 12.1
> > > > > service timestamps debug uptime
> > > > > service timestamps log uptime
> > > > > no service password-encryption
> > > > > !
> > > > > hostname MUS_SAGLIK_MYO
> > > > > !
> > > > > enable password ****
> > > > > !
> > > > > !
> > > > > !
> > > > > !
> > > > > !
> > > > > memory-size iomem 25
> > > > > ip subnet-zero
> > > > > no ip finger
> > > > > no ip domain-lookup
> > > > > !
> > > > > !
> > > > > !
> > > > > interface Serial0
> > > > > no ip address
> > > > > encapsulation frame-relay IETF
> > > > > frame-relay lmi-type ansi
> > > > > !
> > > > > interface Serial0.1 point-to-point
> > > > > ip address 10.200.30.2 255.255.255.0
> > > > > frame-relay interface-dlci 35
> > > > > !
> > > > > interface Serial1
> > > > > no ip address
> > > > > no keepalive
> > > > > shutdown
> > > > > !
> > > > > interface FastEthernet0
> > > > > ip address 10.1.30.254 255.255.255.0
> > > > > speed auto
> > > > > !
> > > > > router eigrp 100
> > > > > network 10.0.0.0
> > > > > no auto-summary
> > > > > no eigrp log-neighbor-changes
> > > > > !
> > > > > ip classless
> > > > > ip route 0.0.0.0 0.0.0.0 10.100.0.5 (bu pix'in ipsi)
> > > > > no ip http server
> > > > > !
> > > > > snmp-server community *** RW
> > > > > snmp-server community *** RO
> > > > > banner login ^CMUS SAGLiK^C
> > > > > !
> > > > > line con 0
> > > > > transport input none
> > > > > line aux 0
> > > > > line vty 0 4
> > > > > password ***
> > > > > login
> > > > > !
> > > > > end
> > > > >
> > >
> > > Tesekkurler...
> > >
> > >
> > > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
> > > bulunmamaktadir.
> > >
> > > Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com
> adresine
> > > bir e-posta gönderebilirsiniz.
> > >
> > > Your use of Yahoo! Groups is subject to
> > > http://docs.yahoo.com/info/terms/
> > ------- End of Original Message -------
>
> Yahoo! Groups SponsorADVERTISEMENT
>
> Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
> bulunmamaktadir.
>
> Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine
> bir e-posta gönderebilirsiniz.
>
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
>
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
------- End of Original Message -------
Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.
Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
This archive was generated by hypermail 2.1.5
: Thu Oct 23 2003 - 08:37:42 GMT