|
|
Re: [cisco-ttl] 878 Router - pix 515 vpn
From: Halil Ergun Korkmaz <halilergun.korkmaz_at_....>
Date: Tue Aug 22 2006 - 15:22:59 EEST
878 router'imde vpn configure ettim ama bir turlu baglanamiyorum. Firewall enabled durumda ama uzerindeki vpn test secenegini kullaniyorum problem gozukmuyo ama cisco vpn client ile baglanamiyorum yardim ederseniz cok sevinirim. Konfigurasyon asagidaki gibi
!This is the running config of the router: 10.10.10.1
enable secret 5 ******************** ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common ! resource policy ! clock timezone PCTime 2 clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 no ip source-route ip cef ! ! ip inspect log drop-pkt ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip inspect name SDM_HIGH appfw SDM_HIGH ip inspect name SDM_HIGH icmp ip inspect name SDM_HIGH dns ip inspect name SDM_HIGH esmtp ip inspect name SDM_HIGH https ip inspect name SDM_HIGH imap reset ip inspect name SDM_HIGH pop3 reset ip inspect name SDM_HIGH tcp ip inspect name SDM_HIGH udp ip tcp synwait-time 10 no ip bootp server ip domain name yourdomain.com ip name-server 212.58.3.2 ip ssh time-out 60 ip ssh authentication-retries 2 ! appfw policy-name SDM_HIGH application im aol service default action reset alarm service text-chat action reset alarm server deny name login.oscar.aol.com server deny name toc.oscar.aol.com server deny name oam-d09a.blue.aol.com audit-trail on application im msn service default action reset alarm service text-chat action reset alarm server deny name messenger.hotmail.com server deny name gateway.messenger.hotmail.com server deny name webmessenger.msn.com audit-trail on application http strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm service text-chat action reset alarm server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on ! ! username ****** privilege 15 secret 5 **********************
! ppp pap sent-username *********** password 7 ******************crypto map clientmap ! ip local pool ippool 10.1.1.200 10.1.1.201 ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.1.1.0 255.255.255.0 Vlan1 ! ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.10.10.0 0.0.0.255 access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit 10.10.10.0 0.0.0.255 access-list 2 deny any access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 10.10.10.200 0.0.0.1 any access-list 101 permit ip 10.1.1.200 0.0.0.1 any access-list 101 permit udp any any eq non500-isakmp access-list 101 permit udp any any eq isakmp access-list 101 permit esp any any access-list 101 permit ahp any any access-list 101 deny ip 10.10.10.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 102 remark SDM_ACL Category=2 access-list 102 deny ip any 10.10.10.200 0.0.0.1 access-list 102 deny ip any 10.1.1.200 0.0.0.1 access-list 102 permit ip 10.10.10.0 0.0.0.255 any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 permit ip 10.1.1.200 0.0.0.1 any access-list 103 permit udp host 212.58.3.2 eq domain any access-list 103 permit ip 10.10.10.200 0.0.0.1 any access-list 103 permit ahp any any access-list 103 permit esp any any access-list 103 permit udp any any eq isakmp access-list 103 permit udp any any eq non500-isakmp access-list 103 deny ip 10.10.10.0 0.0.0.255 any access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 172.16.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip host 0.0.0.0 any access-list 103 deny ip any any log access-list 104 remark VTY Access-class list access-list 104 remark SDM_ACL Category=1 access-list 104 permit ip 10.10.10.0 0.0.0.255 any access-list 104 deny ip any any dialer-list 1 protocol ip permit no cdp run ! ! route-map SDM_RMAP_1 permit 1 match ip address 102 ! ! control-plane ! banner login ^CCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 access-class 104 in privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end
Merhabalar, Cisco 878 router ile G.HSDSL üzerinden internete cikiyorum ve uzerinde firewall enabled durumda arkasinda pix 515 firewall var vpn remote access konfigure etmek istiyorum nerden baslayabilirim ? boyle bir uygulama yapan varsa ve paylasirsa cok sevinirm simdiden herkese cok tesekkur ederim saygilarimla, Halil Ergun KORKMAZ
#ygrp-mlmsg { FONT-SIZE: small; FONT-FAMILY: arial,helvetica,clean,sans-serif}#ygrp-mlmsg TABLE { }#ygrp-mlmsg SELECT { FONT: 99% arial,helvetica,clean,sans-serif}INPUT { FONT: 99% arial,helvetica,clean,sans-serif}TEXTAREA { FONT: 99% arial,helvetica,clean,sans-serif}#ygrp-mlmsg PRE { FONT: 100% monospace}CODE { FONT: 100% monospace}#ygrp-mlmsg { LINE-HEIGHT: 1.22em}#ygrp-text { FONT-FAMILY: Georgia}#ygrp-text P { MARGIN: 0px 0px 1em}#ygrp-tpmsgs { CLEAR: both; FONT-FAMILY: Arial}#ygrp-vitnav { FONT-SIZE: 77%; MARGIN: 0px; PADDING-TOP: 10px; FONT-FAMILY: Verdana}#ygrp-vitnav A { PADDING-RIGHT: 1px; PADDING-LEFT: 1px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px}#ygrp-actbar { CLEAR: both; MARGIN: 25px 0px; COLOR: #666; WHITE-SPACE: nowrap; TEXT-ALIGN: right}#ygrp-actbar .left { FLOAT: left; WHITE-SPACE: nowrap}..bld { FONT-WEIGHT: bold}#ygrp-grft { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 15px; PADDING-TOP: 15px; FONT-FAMILY:
Verdana}#ygrp-ft { PADDING-RIGHT: 0px; BORDER-TOP: #666 1px solid; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 5px; PADDING-TOP: 5px; FONT-FAMILY: verdana}#ygrp-mlmsg #logo { PADDING-BOTTOM: 10px}#ygrp-vital { PADDING-RIGHT: 0px; PADDING-LEFT: 8px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 8px; PADDING-TOP: 2px; BACKGROUND-COLOR: #e0ecee}#ygrp-vital #vithd { FONT-WEIGHT: bold; FONT-SIZE: 77%; TEXT-TRANSFORM: uppercase; COLOR: #333; FONT-FAMILY: Verdana}#ygrp-vital UL { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 2px 0px; PADDING-TOP: 0px}#ygrp-vital UL LI { CLEAR: both; BORDER-RIGHT: #e0ecee 1px solid; BORDER-TOP: #e0ecee 1px solid; BORDER-LEFT: #e0ecee 1px solid; BORDER-BOTTOM: #e0ecee 1px solid; LIST-STYLE-TYPE: none}#ygrp-vital UL LI .ct { PADDING-RIGHT: 0.5em; FONT-WEIGHT: bold; FLOAT: right; WIDTH: 2em; COLOR: #ff7900; TEXT-ALIGN: right}#ygrp-vital UL LI .cat { FONT-WEIGHT: bold}#ygrp-vital A { TEXT-DECORATION: none}#ygrp-vital A:hover {
TEXT-DECORATION: underline}#ygrp-sponsor #hd { FONT-SIZE: 77%; COLOR: #999}#ygrp-sponsor #ov { PADDING-RIGHT: 13px; PADDING-LEFT: 13px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 6px; PADDING-TOP: 6px; BACKGROUND-COLOR: #e0ecee}#ygrp-sponsor #ov UL { PADDING-RIGHT: 0px; PADDING-LEFT: 8px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px}#ygrp-sponsor #ov LI { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 6px; PADDING-TOP: 6px; LIST-STYLE-TYPE: square}#ygrp-sponsor #ov LI A { FONT-SIZE: 130%; TEXT-DECORATION: none}#ygrp-sponsor #nc { PADDING-RIGHT: 8px; PADDING-LEFT: 8px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; BACKGROUND-COLOR: #eee}#ygrp-sponsor .ad { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 8px; PADDING-TOP: 8px}#ygrp-sponsor .ad #hd1 { FONT-WEIGHT: bold; FONT-SIZE: 100%; COLOR: #628c2a; LINE-HEIGHT: 122%; FONT-FAMILY: Arial}#ygrp-sponsor .ad A { TEXT-DECORATION: none}#ygrp-sponsor .ad A:hover { TEXT-DECORATION:
underline}#ygrp-sponsor .ad P { MARGIN: 0px}o { FONT-SIZE: 0px}..MsoNormal { MARGIN: 0px}#ygrp-text TT { FONT-SIZE: 120%}BLOCKQUOTE { MARGIN: 0px 0px 0px 4px}..replbq { }
---------------------------------
Stay in the know. Pulse on the new Yahoo.com. Check it out. [Non-text portions of this message have been removed]
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Wed Aug 23 12:46:59 2006
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:47:10 EEST |