[cisco-ttl] Re: access-list sorunu

From: iambatman6883 (iambatman6883_at_yahoo.com)
Date: Thu Jan 22 2004 - 12:27:39 GMT

Next message: iambatman6883: "[cisco-ttl] Re: access-list sorunu"

Previous message: iambatman6883: "[cisco-ttl] Re: 2600_2501_help_me"
In reply to: erkan erdem: "[cisco-ttl] access-list sorunu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

selam,
access-list pix de sadece interface e inbound olarak baglanabiliyor
pix in inside interface ile serverlarin oldugu networkun arasina
cift ethernet portlu router koyup access-listi o routerda
tanimlayabilirsin birde tam hatirlamiyorum ama cisco secure acs de
downloadable access-listler var belki onlar isine yarayabilir ayrica
cisco sitesinde ornek configler var belki ordan birsey
yakalayabilirsin
kolay gelsin
memo

--- In cisco-ttl_at_yahoogroups.com, erkan erdem <erbugercetin_1_at_y...>
wrote:
> selam arkadaþlar ;
> firewall üzerinde yaptýðým bir konfigurasyonda remote access vpn
ile network üme baðlanan kullanýcýlar içerdeki her servera remote
ile baðlanýp, her porta eriþebiliyor.ama benim yaptýðým
konfigurasyonda ftp,http, telnet portlarýna baðlanmalarýný
istemiþtim. bu kýsýtlamayý nasýl yapabilirim? konfþgurasyonum;
> aaa-server partnerauth protocol radius
> aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
> isakmp policy 8 encr 3des
> isakmp policy 8 hash md5
> isakmp policy 8 authentication pre-share
> isakmp policy 8 group 2
> isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
> access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
255.255.255.0
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq telnet
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq ftp
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq http
> nat (inside) 0 access-list 80
> crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
> crypto dynamic-map cisco 4 set transform-set strong-des
> crypto map partner-map 20 ipsec-isakmp dynamic cisco
> crypto map partner-map interface outside
> crypto map partner-map client authentication partnerauth
> ip local pool dealer 10.1.1.1-10.1.1.254
> crypto map partner-map client configuration address initiate
> vpngroup superteam address-pool dealer
> vpngroup superteam dns-server 10.0.0.15
> vpngroup superteam wins-server 10.0.0.15
> vpngroup superteam default-domain erkel.com
> vpngroup superteam split-tunnel 80
> vpngroup superteam idle-time 1800
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/

To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe_at_yahoogroups.com

Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

Next message: iambatman6883: "[cisco-ttl] Re: access-list sorunu"
Previous message: iambatman6883: "[cisco-ttl] Re: 2600_2501_help_me"
In reply to: erkan erdem: "[cisco-ttl] access-list sorunu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Jan 22 2004 - 16:29:46 GMT