RE: [cisco-ttl] pix vpn sorunu

From: Hakan Tagmac (htagmac) (htagmac_at_cisco.com)
Date: Wed Jan 28 2004 - 15:27:43 GMT

  • Next message: Hakan Tagmac (htagmac): "RE: _[cisco-ttl]_port_sýnýrlama"

    Asagidaki komut ile de nat bypass edilebilir,

    Iyi calismalar,

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/ipsecint.htm#1057446

    Using NAT Traversal
    Network Address Translation (NAT) and Port Address Translation (PAT) are implemented in many networks where IPSec is also used, but the a number of incompatibilities that prevent IPSec packets from successfully traversing a NAT device.

    PIX Firewall Version 6.3 provides a feature called "Nat Traversal," as described by Version 2 and Version 3 of the draft IETF standard, UDP Encapsulation of IPsec Packets," which is available at the following URL:

    http://www.ietf.org/html.charters/ipsec-charter.html

    NAT Traversal allows ESP packets to pass through one or more NAT devices. This feature is disabled by default.

    --------------------------------------------------------------------------------
     Note NAT Traversal is supported for both dynamic and static crypto maps.

    --------------------------------------------------------------------------------

    To enable NAT traversal, enter the following command:

    isakmp nat-traversal [natkeepalive]

    Valid values for natkeepalive are 10 to 3600 seconds; the default is 20 seconds.

    -----Original Message-----
    From: onur kasap [mailto:kasap_onur_at_yahoo.com]
    Sent: 28 January 2004 17:47
    To: cisco-ttl_at_yahoogroups.com
    Subject: RE: [cisco-ttl] pix vpn sorunu

    Serkan, Hakan tagmac hocam ve diger ilgilenen
    arkadaslar yardimlariniz icin cok tesekkur ederim.
     internet e dial-up baglaninca tunel de kuruluyor
    makinelere de ulasabiliyorum.
    VPN client i kullanacak olanlar internet e dial-up
    baglanacaklari icin sorun halledilmis gorunuyor.
     
    Ama diger turlu yani NAT'a ugrayinca, udp
    encapsulation'i enable yaptigim halde ulasamiyorum
    hala.

    tesekkurler iyi calismalar

    --- sustundag_at_secura.com.tr wrote:
    > Ok bastan beri suphelendigim sorun bu sanırım
    > NAT Traversal sorunu yani PIX'e gelene kadar
    > client'lar NAT'a ugruyorlarsa tunel kurulur ama hic
    > trafik gecmez
    > Bu yuzden UDP veya TCP encapsulation kullanman
    > lazım
    > Bunun icin VPN Client'da transportation tab'ında
    > UDP veya TCP encasulation'u enable yapman lazım O
    > zaman sorunun duzelecegini dusunuyorum
    >
    > Bir de client'i dial-up la gelmesini saglayabilirsin
    > sorun bundan mı anlamak icin.O zaman Nat
    > Traversal'a ugramaz sende daha emin olursun sorunun
    > nedeni hakkında
    >
    >
    >

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free web site building tool. Try it!
    http://webhosting.yahoo.com/ps/sb/

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak iin cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gnderebilirsiniz.

    Yahoo! Groups Links

    To visit your group on the web, go to:
     http://groups.yahoo.com/group/cisco-ttl/

    To unsubscribe from this group, send an email to:
     cisco-ttl-unsubscribe_at_yahoogroups.com

    Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak iin cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gnderebilirsiniz.

    Yahoo! Groups Links

    To visit your group on the web, go to:
     http://groups.yahoo.com/group/cisco-ttl/

    To unsubscribe from this group, send an email to:
     cisco-ttl-unsubscribe_at_yahoogroups.com

    Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Wed Jan 28 2004 - 19:31:19 GMT