[cisco-ttl] access-list sorunu

From: erkan erdem (erbugercetin_1_at_yahoo.com)
Date: Tue Jan 20 2004 - 08:03:09 GMT

  • Next message: onur kasap: "RE: [cisco-ttl] pix vpn sorunu"

    selam arkadaşlar ;
    firewall üzerinde yaptığım bir konfigurasyonda remote access vpn ile network üme bağlanan kullanıcılar içerdeki her servera remote ile bağlanıp, her porta erişebiliyor.ama benim yaptığım konfigurasyonda ftp,http, telnet portlarına bağlanmalarını istemiştim. bu kısıtlamayı nasıl yapabilirim? konfşgurasyonum;
    aaa-server partnerauth protocol radius
    aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
    isakmp policy 8 encr 3des
    isakmp policy 8 hash md5
    isakmp policy 8 authentication pre-share
    isakmp policy 8 group 2
    isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
    access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0
    access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq telnet
    access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ftp
    access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 eq http
    nat (inside) 0 access-list 80
    crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
    crypto dynamic-map cisco 4 set transform-set strong-des
    crypto map partner-map 20 ipsec-isakmp dynamic cisco
    crypto map partner-map interface outside
    crypto map partner-map client authentication partnerauth
    ip local pool dealer 10.1.1.1-10.1.1.254
    crypto map partner-map client configuration address initiate
    vpngroup superteam address-pool dealer
    vpngroup superteam dns-server 10.0.0.15
    vpngroup superteam wins-server 10.0.0.15
    vpngroup superteam default-domain erkel.com
    vpngroup superteam split-tunnel 80
    vpngroup superteam idle-time 1800

    ---------------------------------
    Do you Yahoo!?
    Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes



    This archive was generated by hypermail 2.1.5 : Tue Jan 20 2004 - 12:03:50 GMT