Benzer sorunlari daha net anlattigimizda sanirim daha paylasimci olabiliriz. Sorunun adi vpn-client problemi olunca; nat-traversalla ilgili sorunu anlamamakla birlikte en son msn-login olunamamasindan ve mtu degerlerinin dusuge cekilmesinden anladigim sorunun Ip mtu degerinin disable edilmesi ile pek guvenilir bir yol olmuyacagi. Anladigim kadariyla burda icice girmis bir kac tane sorun olmus. SSL'li trafik, msn-login gibi problemler icin , IP paketi bazli degerleri kontrollu girmenizin faydasi var. Gozuken suki karsi tarafta herhangi bir session'i baslattigimizda ve herhangi bir paket alis verisi olamadiginda sorunun kaynagi temelde payload' buyuklugunden kaynaklaniyor(mtu'da bir gariplik yoksa) kisaca (mtu-header) = mss ile ilgili sorunlu bir durum, ip mtu yaklasik 1400'ye ve ip tcp adjust-mss degerini dusuk bir degere cekip (1000 gibi) test edebilirsiniz sistemin calisip calismadigini onaylar, ardindan bu degerleri yukselterek daha dogru rakamlari bulabilirsiniz, bu
sorun sezgizel olarak XP-2003 internet problem yasamasi -vs- win2000 makinalerin herhangibi sorun yasamamasi gibi farkli ip stacklarin farkli varsayilan degerler konulmasiyla gun yuzune cikan problerden, ayni mantikta ios'da varsayilan olarak atanilan mtu degerlerinin degerlerin farkli ioslar uzerinde degisip degismiyeceginin bizim acimizdan bir garantisi yok. O yuzden varsayilan degerlerin yerine icerdeki hostlarla uyumlu degerler konulmasi daha saglikli olur.
kolay gelsin,
Serhat Aslan
cmesut <cmesut@yahoo.com> wrote: SADECE interface Dialer0 kismina NO ip mtu 1452
DEMENIZ YETERLI OLUYOR...
Msnlerde login olamiyordu.Onlarda cozuldu.Cisco Vpn Clientlarda
Cozumlendi....
HERKESIN DAHA NET PAYLASIMCI OLMASI DILEKLERIMLE.Umarim benzer sorun
yasayan arkadaslara yardimci olabilmisimdir.
Selamlarimla Herkese Iyi Calismalar ...
> interface Dialer0
> ip address negotiated
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip mtu 1452
> ip nat outside
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> ppp authentication chap pap callin
> ppp chap hostname user@ttnet
> ppp chap password 7 123456
> ppp pap sent-username user@ttnet password 7 123456
- In cisco-ttl@yahoogroups.com, "OZGUR KOSE" <okose@...> wrote:
>
> inbound tarafinda dogru esp 500 protokolüne izin verip deneyin...
>
>
> Özgür Köse
> IT Specialist
> System Management / Information Technology
> Tel :+90 212 335 6946
> Fax:+90 212 335 6947
> Dereboyu Sok. Sun Plaza
> No:24 Kat:17 34398
> Maslak - Istanbul
>
> -----Original Message-----
> From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com]On
Behalf Of cmesut
> Sent: Wednesday, March 14, 2007 9:00 AM
> To: cisco-ttl@yahoogroups.com
> Subject: [cisco-ttl] SDM 1841 Adsl Cisco Vpn Client IPSEC baglanti
problemi
>
>
>
> Merhaba asagida sdm ile yapdigimiz konfigde 1841 router adsl
> baglantisi sorunsuz bir sekilde calismakta...Cisco vpn client ile
> diger bolgelere baglandigimizda baglanti gerceklesiyor fakat hostlara
> ping ve remote desktop ile ulailamiyor. Ayni adsl linki standart
> ipsec-passthrough yapan bir adsl modem ile yapildiginda Cisco vpn
> clientlar sorunsuz bir sekilde vpn baglantisi yaptigi hostlara
> ulasmaktadir..
>
> Sorunun Nat ipsec passthrough problemi oldugunu tesbit edip sdm
> helplerindeki ve cisco helplerindeki gerekli access rullari uygulamama
> ragmen cozumlenemedi...Sanirim gozden kacan minik birseyler var...
> Basarili uygulayan arkadaslar varsa paylasmalarini rica edecegim..
>
> Tesekkurlerimle...
>
> Mevcut Calisan Sdm ile yapilmis konfig ...Eklenmesi gereken ?
>
> !This is the running config of the router: 10.10.10.1
> !----------------------------------------------------------
> !version 12.3
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname 1841Router
> !
> boot-start-marker
> boot-end-marker
> !
> security authentication failure rate 3 log
> security passwords min-length 6
> logging buffered 51200 debugging
> logging console critical
> enable secret 5 123456
> !
> username admin privilege 15 secret 5 123456
> clock timezone PCTime 2
> clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
> mmi polling-interval 60
> no mmi auto-configure
> no mmi pvc
> mmi snmp-timeout 180
> no aaa new-model
> ip subnet-zero
> no ip source-route
> ip cef
> !
> !
> ip tcp synwait-time 10
> ip dhcp excluded-address 10.10.10.1 10.10.10.49
> !
> ip dhcp pool sdm-pool1
> import all
> network 10.10.10.0 255.255.255.0
> dns-server 195.175.39.39 195.175.39.40
> default-router 10.10.10.1
> !
> !
> no ip bootp server
> ip domain name yourdomain.com
> ip name-server 195.175.39.39
> ip name-server 195.175.39.40
> no ftp-server write-enable
> !
> !
> !
> !
> interface FastEthernet0/0
> description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
> ip address 10.10.10.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip route-cache flow
> ip tcp adjust-mss 1452
> duplex auto
> speed auto
> no cdp enable
> no mop enabled
> !
> interface FastEthernet0/1
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> shutdown
> duplex auto
> speed auto
> no cdp enable
> no mop enabled
> !
> interface ATM0/0/0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> no atm ilmi-keepalive
> dsl operating-mode auto
> !
> interface ATM0/0/0.1 point-to-point
> description $ES_WAN$$FW_OUTSIDE$
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface ATM0/1/0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> shutdown
> no atm ilmi-keepalive
> dsl operating-mode auto
> !
> interface Dialer0
> ip address negotiated
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip mtu 1452
> ip nat outside
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> ppp authentication chap pap callin
> ppp chap hostname user@ttnet
> ppp chap password 7 123456
> ppp pap sent-username user@ttnet password 7 123456
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> ip http server
> ip http authentication local
> ip http timeout-policy idle 600 life 86400 requests 10000
> ip nat inside source list 1 interface Dialer0 overload
>
> !
> !
> logging trap debugging
> access-list 1 remark INSIDE_IF=FastEthernet0/0
> access-list 1 remark SDM_ACL Category=2
> access-list 1 permit 10.10.10.0 0.0.0.255
> dialer-list 1 protocol ip permit
> no cdp run
> !
> control-plane
> !
> banner login ^CAuthorized access only!
> Disconnect IMMEDIATELY if you are not an authorized user!^C
> !
> line con 0
> login local
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> privilege level 15
> login local
> transport input telnet
> line vty 5 15
> privilege level 15
> login local
> transport input telnet
> !
> scheduler allocate 4000 1000
> end
>
>
>
>
>
>
> This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. This message contains confidential information and
is intended only for the individual named. If you are not the named
addressee you should not disseminate, distribute or copy this e-mail.
>
>
>
> [Non-text portions of this message have been removed]
>
Be a PS3 game guru.
Get your game face on with the latest PS3 news and previews at Yahoo! Games.
[Non-text portions of this message have been removed]
Received on Fri Mar 16 18:30:10 2007