[cisco-ttl] vpn client bağlantı sorunu

From: esat yasar caglayan (eycaglayan2003_at_yahoo.com)
Date: Thu Mar 10 2005 - 15:58:51 EET

İyi çalışmalar

1760 Router üzerinde wic 2 fxs ve wic 1 adsl var ve merkez ile arasında voip oluyor adsl üzerinden ve şubedekiler checkpoint vpn client ı kullanarak merkeze bağlanmaya çalışıyor aradaki voip çalışıyor ama checkpoint vpn client programı connection kuramıyor bunun nedeni ne olabilir işin ilginç tarafı router ı çıkarıp alcatel adsl modemi taktığımız zaman merkez ile vpn kuruyor checkpoint vpn client programını kullanarak aşağıda şube tarafının konfigürasyonunu gönderiyorum

 

test#sh run

Building configuration...

Current configuration : 2935 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Bahreyn_TSKB

!

boot-start-marker

boot-end-marker

!

logging buffered 128000 debugging

enable secret 5 $1$xITE$PeCoPLNlNRFK1fKo9Lbnj/

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip inspect name fw tcp

ip inspect name fw udp

ip inspect name fw ftp

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback1

ip address 200.1.1.1 255.255.255.0

!

interface ATM0/0

no ip address

no ip mroute-cache

load-interval 60

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0/0

ip address 10.10.9.1 255.255.255.0

ip nat inside

ip inspect fw in

ip inspect fw out

speed auto

no cdp enable

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

load-interval 60

dialer pool 1

no cdp enable

ppp pap sent-username xxxx password xxxxx

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.10.9.5 3389 interface Dialer0 3389

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

!

access-list 1 permit 10.10.9.0 0.0.0.255

access-list 9 permit 212.174.52.71

access-list 9 permit 213.161.152.0 0.0.0.15

access-list 9 permit 213.161.155.20 0.0.0.3

access-list 9 permit 213.161.154.216 0.0.0.7

access-list 9 permit 212.58.24.96 0.0.0.31

access-list 101 permit tcp 213.161.154.216 0.0.0.7 any

access-list 101 permit tcp 213.161.155.20 0.0.0.3 any

access-list 101 permit tcp 213.161.152.0 0.0.0.15 any

access-list 101 permit icmp 213.161.154.216 0.0.0.7 any

access-list 101 permit icmp 213.161.155.20 0.0.0.3 any

access-list 101 permit icmp 213.161.152.0 0.0.0.15 any

access-list 101 permit tcp host 212.174.52.71 host 82.194.61.17 eq 3389

access-list 101 permit tcp host 212.174.52.71 host 82.194.61.17 eq telnet

access-list 101 permit tcp 212.58.24.96 0.0.0.31 host 82.194.61.17 eq 3389

access-list 101 permit tcp 212.58.24.96 0.0.0.31 host 82.194.61.17 eq telnet

access-list 101 permit udp host 213.161.152.2 host 82.194.61.17 eq isakmp

no cdp run

!

!

!

line con 0

line aux 0

password 7 xxxxxxxxxx

login

modem InOut

transport input all

speed 115200

flowcontrol hardware

line vty 0 4

access-class 9 in

exec-timeout 60 0

password 7 xxxxxxxxxxxxx

login

!

end

test#

 

test#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-K9O3SV8Y7-M), Version 12.3(13), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 10-Feb-05 08:03 by ssearch
Image text-base: 0x8000816C, data-base: 0x816FEBEC

ROM: System Bootstrap, Version 12.2(4r)XL, RELEASE SOFTWARE (fc1)
ROM: C1700 Software (C1700-K9O3SV8Y7-M), Version 12.3(13), RELEASE SOFTWARE (fc2)

Bahreyn_TSKB uptime is 6 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash:c1700-k9o3sv8y7-mz.123-13.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export_at_cisco.com.

cisco 1760 (MPC860P) processor (revision 0x200) with 86657K/11647K bytes of memory.
Processor board ID FOC06500XRS (3919138594), with hardware revision BB67
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
2 Voice FXS interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

                
---------------------------------
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site!

[Non-text portions of this message have been removed] 

--

Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir. 

Listede onerilen cozumlerin uygulanmasindaki tum sorumluluk kullaniciya aittir. Liste yoneticileri, liste uyeleri ya da bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.

Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe_at_yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

This archive was generated by hypermail 2.1.3 : Thu Mar 10 2005 - 15:59:01 EET