[cisco-ttl] Re: access-list sorunu

From: iambatman6883 (iambatman6883_at_yahoo.com)
Date: Thu Jan 22 2004 - 12:27:39 GMT

  • Next message: iambatman6883: "[cisco-ttl] Re: access-list sorunu"

    selam,
    access-list pix de sadece interface e inbound olarak baglanabiliyor
    pix in inside interface ile serverlarin oldugu networkun arasina
    cift ethernet portlu router koyup access-listi o routerda
    tanimlayabilirsin birde tam hatirlamiyorum ama cisco secure acs de
    downloadable access-listler var belki onlar isine yarayabilir ayrica
    cisco sitesinde ornek configler var belki ordan birsey
    yakalayabilirsin
    kolay gelsin
    memo

    --- In cisco-ttl_at_yahoogroups.com, erkan erdem <erbugercetin_1_at_y...>
    wrote:
    > selam arkadaşlar ;
    > firewall üzerinde yaptığım bir konfigurasyonda remote access vpn
    ile network üme bağlanan kullanıcılar içerdeki her servera remote
    ile bağlanıp, her porta erişebiliyor.ama benim yaptığım
    konfigurasyonda ftp,http, telnet portlarına bağlanmalarını
    istemiştim. bu kısıtlamayı nasıl yapabilirim? konfşgurasyonum;
    > aaa-server partnerauth protocol radius
    > aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
    > isakmp policy 8 encr 3des
    > isakmp policy 8 hash md5
    > isakmp policy 8 authentication pre-share
    > isakmp policy 8 group 2
    > isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
    > access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
    255.255.255.0
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq telnet
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq ftp
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq http
    > nat (inside) 0 access-list 80
    > crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
    > crypto dynamic-map cisco 4 set transform-set strong-des
    > crypto map partner-map 20 ipsec-isakmp dynamic cisco
    > crypto map partner-map interface outside
    > crypto map partner-map client authentication partnerauth
    > ip local pool dealer 10.1.1.1-10.1.1.254
    > crypto map partner-map client configuration address initiate
    > vpngroup superteam address-pool dealer
    > vpngroup superteam dns-server 10.0.0.15
    > vpngroup superteam wins-server 10.0.0.15
    > vpngroup superteam default-domain erkel.com
    > vpngroup superteam split-tunnel 80
    > vpngroup superteam idle-time 1800
    >
    >
    >
    >
    >
    > ---------------------------------
    > Do you Yahoo!?
    > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

    Yahoo! Groups Links

    To visit your group on the web, go to:
     http://groups.yahoo.com/group/cisco-ttl/

    To unsubscribe from this group, send an email to:
     cisco-ttl-unsubscribe_at_yahoogroups.com

    Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Thu Jan 22 2004 - 16:29:46 GMT