[cisco-ttl] Re: access-list sorunu

From: iambatman6883 (iambatman6883_at_yahoo.com)
Date: Thu Jan 22 2004 - 13:02:53 GMT

Next message: sustundag_at_secura.com.tr: "Recall: [cisco-ttl] CSIDS version 4.0 FrankenIDS"

Previous message: iambatman6883: "[cisco-ttl] Re: access-list sorunu"
In reply to: erkan erdem: "[cisco-ttl] access-list sorunu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

yada vpn i pixin onundeki edge routerda sonlandir sonra trafigi
istedgin gibi ayikla router icin image upgrade gerekebilir
yada vpn concentrator 3000 serisinden kullanip trafigi daha sonra
firewalla yolla
remote access icin once concentrator sonra router daha iyi cozum
gozukuyor sit-to-site vpn ise pix-to-pix olabilir
saygilarimla
memo

--- In cisco-ttl_at_yahoogroups.com, erkan erdem <erbugercetin_1_at_y...>
wrote:
> selam arkadaþlar ;
> firewall üzerinde yaptýðým bir konfigurasyonda remote access vpn
ile network üme baðlanan kullanýcýlar içerdeki her servera remote
ile baðlanýp, her porta eriþebiliyor.ama benim yaptýðým
konfigurasyonda ftp,http, telnet portlarýna baðlanmalarýný
istemiþtim. bu kýsýtlamayý nasýl yapabilirim? konfþgurasyonum;
> aaa-server partnerauth protocol radius
> aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
> isakmp policy 8 encr 3des
> isakmp policy 8 hash md5
> isakmp policy 8 authentication pre-share
> isakmp policy 8 group 2
> isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
> access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
255.255.255.0
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq telnet
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq ftp
> access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0 eq http
> nat (inside) 0 access-list 80
> crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
> crypto dynamic-map cisco 4 set transform-set strong-des
> crypto map partner-map 20 ipsec-isakmp dynamic cisco
> crypto map partner-map interface outside
> crypto map partner-map client authentication partnerauth
> ip local pool dealer 10.1.1.1-10.1.1.254
> crypto map partner-map client configuration address initiate
> vpngroup superteam address-pool dealer
> vpngroup superteam dns-server 10.0.0.15
> vpngroup superteam wins-server 10.0.0.15
> vpngroup superteam default-domain erkel.com
> vpngroup superteam split-tunnel 80
> vpngroup superteam idle-time 1800
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/

To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe_at_yahoogroups.com

Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

Next message: sustundag_at_secura.com.tr: "Recall: [cisco-ttl] CSIDS version 4.0 FrankenIDS"
Previous message: iambatman6883: "[cisco-ttl] Re: access-list sorunu"
In reply to: erkan erdem: "[cisco-ttl] access-list sorunu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Jan 22 2004 - 17:03:32 GMT