|
|
RE: [cisco-ttl] PIX 506e Vpn Routing Sorunu
From: Barış YAHŞİ <barisyahsi_at_....>
Date: Fri Jan 26 2007 - 09:23:57 CET
Bildiğim kadarıyla Vpngroup vpngoupname split-tunnel access-listno Kolay Gelsin
-----Original Message-----
Merhabalar, Pix 506e uzerinde disaridan Cisco VPN Client kullanarak locl areaya baglanilmasini saglamak icin bi konfiguration yaptim. Fekat nedenini bulamadigim bir sorun yuzunden sikintidayim. Cisco VPN Client ile kullanıcı adi ve sifre araciligi ile baglaniyorum. Ama ayni zamanda default gateway aliyor bilgisayarim. Aldigindan dolayida kendi baglantim kopuyor. Sadece locale erisebilir durumda oluyorum. Yani conftada goruldugu uzere 192.168.7.2 ip aliyosam vpnden default gateway.de 192.168.7.2 oluyor.Ve bi bilgisayarda iki gateway olamiyacagindan normal baglantim kopuyor ve butun paketleri 192.168.7.x den gondermeye calisiyor. Bu konuda dokumanda arastirdim ama bisey bulamadim. Lutfen troubleshooting arkadaslar J Conf asagidadir. Iyı Calismalar. Yucel BASOGLU PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxxxx encrypted passwd xxxxx.2KYOU encrypted hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name x.x.x.x Mail_Server name 192.168.7.0 vpnpool name 192.168.1.73 Selcuk access-list inside_access_in permit ip any any access-list inside_access_in permit icmp any any echo-reply access-list outside_access_in permit tcp any host x.x.x.x eq smtp access-list outside_access_in permit tcp any host x.x.x.x eq pop3 access-list outside_access_in permit tcp any host x.x.x.x eq www access-list inside_nat0_outbound permit ip any vpnpool 255.255.255.0 access-list outside_cryptomap_dyn_20 permit ip any vpnpool 255.255.255.0 pager lines 24 icmp permit any outside icmp permit any inside mtu outside 1500 mtu inside 1500 ip address outside y.y.y.y 255.255.255.248 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool vpnpool 192.168.7.1-192.168.7.254 pdm location Mail_Server 255.255.255.255 inside pdm location vpnpool 255.255.255.0 outside pdm location 84.17.81.195 255.255.255.255 outside pdm location 85.108.253.150 255.255.255.255 outside pdm location 192.168.1.5 255.255.255.255 inside pdm location 85.100.34.254 255.255.255.255 outside pdm location 88.234.92.14 255.255.255.255 outside pdm location Selcuk 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp x.x.x.x smtp Mail_Server smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.x.x pop3 Mail_Server pop3 netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.x.x www Mail_Server www netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 z.z.z.z 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 85.108.253.150 255.255.255.255 outside http 85.100.34.254 255.255.255.255 outside http 88.234.92.14 255.255.255.255 outside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup vpn-group address-pool vpnpool vpngroup vpn-group dns-server 213.144.97.12 213.144.97.13 vpngroup vpn-group idle-time 1800 vpngroup vpn-group password ******** telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:2497c3fcf886d0c6e865cf9e409ef94b : end [OK] [Non-text portions of this message have been removed]
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.
Yahoo! Groups Links
http://groups.yahoo.com/group/cisco-ttl/
Individual Email | Traditional
http://groups.yahoo.com/group/cisco-ttl/join
(Yahoo! ID required)
mailto:cisco-ttl-digest@yahoogroups.com
mailto:cisco-ttl-fullfeatured@yahoogroups.com
cisco-ttl-unsubscribe@yahoogroups.com
http://docs.yahoo.com/info/terms/
-----------------------------------------------------------------------------
Uyari: Bu mesaj ve ekleri kisiye özel olup, gizli bilgiler içerebilir.
Yetkili alicilardan biri degilseniz, bu mesajin ve eklerinin içeriginde
yer alan bilgilerin kullanilmasi, açiklanmasi, kopyalanmasi ve bunlara
göre islem yapilmasi yasak olup; derhal göndericiyi uyararak mesaji
silmeniz gerekmektedir. Reform Bilgisayar, bu mesaj ve eklerinin
içeriginden dolayi hiçbir sorumluluk kabul etmez. Bu mesaj bilinen tüm
bilgisayar virüslerine karsi taranmis olsa da, gönderici virüs içermedigini
garanti etmez ve dogabilecek zararlardan sorumluluk kabul etmez.
Disclaimer: This message and its attachments are for private use only and
they may contain confidential information. If you are not one of the
authorized recipients, you are notified that using, disclosing, copying, or
taking any action in reliance on the contents of this information is strictly
prohibited, and you should delete this message and inform the sender immediately.
Reform Bilgisayar does not accept any liability for the content of this message
and its attachments. Although this message has been scanned for all known computer
viruses, the sender does not guarantee that no viruses are present in this message
and does not accept responsibility for any loss or damage which may arise from the
use of this message.
-----------------------------------------------------------------------------------------
[Non-text portions of this message have been removed]
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.
Yahoo! Groups Links
Received on Sat Jan 27 14:51:21 2007
This archive was generated by hypermail 2.1.8 : Sat Jan 27 2007 - 14:51:21 CET |