[cisco-ttl] Re: access-list sorunu

From: iambatman6883 (iambatman6883_at_yahoo.com)
Date: Thu Jan 22 2004 - 13:02:53 GMT

  • Next message: sustundag_at_secura.com.tr: "Recall: [cisco-ttl] CSIDS version 4.0 FrankenIDS"

    yada vpn i pixin onundeki edge routerda sonlandir sonra trafigi
    istedgin gibi ayikla router icin image upgrade gerekebilir
    yada vpn concentrator 3000 serisinden kullanip trafigi daha sonra
    firewalla yolla
    remote access icin once concentrator sonra router daha iyi cozum
    gozukuyor sit-to-site vpn ise pix-to-pix olabilir
    saygilarimla
    memo

    --- In cisco-ttl_at_yahoogroups.com, erkan erdem <erbugercetin_1_at_y...>
    wrote:
    > selam arkadaşlar ;
    > firewall üzerinde yaptığım bir konfigurasyonda remote access vpn
    ile network üme bağlanan kullanıcılar içerdeki her servera remote
    ile bağlanıp, her porta erişebiliyor.ama benim yaptığım
    konfigurasyonda ftp,http, telnet portlarına bağlanmalarını
    istemiştim. bu kısıtlamayı nasıl yapabilirim? konfşgurasyonum;
    > aaa-server partnerauth protocol radius
    > aaa-server partnerauth (inside) host 10.0.0.12 abcdef timeout 5
    > isakmp policy 8 encr 3des
    > isakmp policy 8 hash md5
    > isakmp policy 8 authentication pre-share
    > isakmp policy 8 group 2
    > isakmp key cisco11234 address 0.0.0.0 netmask 0.0.0.0
    > access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
    255.255.255.0
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq telnet
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq ftp
    > access-list 100 permit tcp 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0 eq http
    > nat (inside) 0 access-list 80
    > crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
    > crypto dynamic-map cisco 4 set transform-set strong-des
    > crypto map partner-map 20 ipsec-isakmp dynamic cisco
    > crypto map partner-map interface outside
    > crypto map partner-map client authentication partnerauth
    > ip local pool dealer 10.1.1.1-10.1.1.254
    > crypto map partner-map client configuration address initiate
    > vpngroup superteam address-pool dealer
    > vpngroup superteam dns-server 10.0.0.15
    > vpngroup superteam wins-server 10.0.0.15
    > vpngroup superteam default-domain erkel.com
    > vpngroup superteam split-tunnel 80
    > vpngroup superteam idle-time 1800
    >
    >
    >
    >
    >
    > ---------------------------------
    > Do you Yahoo!?
    > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

    Yahoo! Groups Links

    To visit your group on the web, go to:
     http://groups.yahoo.com/group/cisco-ttl/

    To unsubscribe from this group, send an email to:
     cisco-ttl-unsubscribe_at_yahoogroups.com

    Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Thu Jan 22 2004 - 17:03:32 GMT