[cisco-ttl] access-list sorunu
From: erkan erdem (erbugercetin_1_at_yahoo.com)
Date: Tue Jan 20 2004 - 08:03:09 GMT
Next message: onur kasap: "RE: [cisco-ttl] pix vpn sorunu"
selam arkadaşlar ;
firewall üzerinde yaptığım bir konfigurasyonda remote access vpn ile network üme bağlanan kullanıcılar içerdeki her servera remote ile bağlanıp, her porta erişebiliyor.ama benim yaptığım konfigurasyonda ftp,http, telnet portlarına bağlanmalarını istemiştim. bu kısıtlamayı nasıl yapabilirim? konfşgurasyonum;
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
isakmp policy 8 encr 3des
isakmp policy 8 hash md5
isakmp policy 8 authentication pre-share
isakmp policy 8 group 2
isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq telnet
access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ftp
access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq http
nat (inside) 0 access-list 80
crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
crypto dynamic-map cisco 4 set transform-set strong-des
crypto map partner-map 20 ipsec-isakmp dynamic cisco
crypto map partner-map interface outside
crypto map partner-map client authentication partnerauth
ip local pool dealer 10.1.1.1-10.1.1.254
crypto map partner-map client configuration address initiate
vpngroup superteam address-pool dealer
vpngroup superteam dns-server 10.0.0.15
vpngroup superteam wins-server 10.0.0.15
vpngroup superteam default-domain erkel.com
vpngroup superteam split-tunnel 80
vpngroup superteam idle-time 1800
---------------------------------
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
This archive was generated by hypermail 2.1.5
: Tue Jan 20 2004 - 12:03:50 GMT
|