YNT: [cisco-ttl] bir cisco pix sorusu

From: sustundag_at_secura.com.tr
Date: Fri Nov 05 2004 - 10:35:06 GMT

  • Next message: özgür: "Re: YNT: [cisco-ttl] bir cisco pix sorusu"

    ?
    Hayır gerekmiyor elbette ayni interface'de 2 ayri tunel olusturabilirsin
    sen karsida iki ayri checkpointte mi sonlandiriyorsun yoksa tek cp mi var
    aslinda access-listler dahil tum vpn configurasyonunu gonderirsen daha iyi yardimci olabiliriz

    ________________________________

    Kimden: YAVUZ TEMIZKAN [mailto:ytemizkan_at_inteltek.com.tr]
    GönderilmiÅY: Cum 05.11.2004 14:10
    Kime: cisco-ttl_at_yahoogroups.com
    Konu: [cisco-ttl] bir cisco pix sorusu

     

             Merhaba,
             
            Bir pix'te ayni interfaceden 2 ayri t?urabiliyor muyuz? cisco.com sayfasini check ettim ve ?k bir konf. buldum ve bunu fw'umuza uyguladim.
             
            crypto ipsec transform-set aaa esp-des esp-md5-hmac
            crypto ipsec transform-set bbb esp-des esp-md5-hmac
            crypto map bbbrules 10 ipsec-isakmp
            crypto map bbbrules 10 match address 101
            crypto map bbbrules 10 set pfs group2
            crypto map bbbrules 10 set peer xxx.xxx.xxx.xxx
            crypto map bbbrules 10 set transform-set aaa
            crypto map bbbrules 30 ipsec-isakmp
            crypto map bbbrules 30 match address 130
            crypto map bbbrules 30 set peer yyy.yyy.yyy.yyy
            crypto map bbbrules 30 set transform-set bbb
            crypto map bbbrules interface outside
             
            Ancak bu konf'u yaptiktan sonra 10 no'lu y?privilege'li vpn 硬ismaya devam etti ancak digerini 硬istiramadik. Dahasi makineyi restart ettigimizde bu sefer ilk vpn de down oldu. 2. vpn ile ilgili tanimlari silince d?..
            karsidaki cihaz Checkpoint bir FW. Ayni interfaceden t?urarken transform-set'lerin farkli mi olmasi gerekir?
             
            pix'in sh ver ç©«tisini da veriyorum:
             
            EApixAnkara# sh ver

            Cisco PIX Firewall Version 6.3(1)

            Cisco PIX Device Manager Version 3.0(1)

            

            Compiled on Wed 19-Mar-03 11:49 by morlee

            EApixAnkara up 42 mins 39 secs

            

            Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

            Flash E28F128J3 @ 0x300, 16MB

            BIOS Flash AM29F400B @ 0xfffd8000, 32KB

            Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5

            0: ethernet0: address is 000d.bd3c.035f, irq 10

            1: ethernet1: address is 000d.bd3c.0360, irq 11

            2: ethernet2: address is 0005.5d18.37dc, irq 11

            3: ethernet3: address is 0005.5d18.37dd, irq 10

            4: ethernet4: address is 0005.5d18.37de, irq 9

            5: ethernet5: address is 0005.5d18.37df, irq 5

            Licensed Features:

            Failover: Enabled

            VPN-DES: Enabled

            VPN-3DES-AES: Disabled

            Maximum Interfaces: 6

            Cut-through Proxy: Enabled

            Guards: Enabled

            URL-filtering: Enabled

            Inside Hosts: Unlimited

            Throughput: Unlimited

             IKE peers: Unlimited

             This PIX has an Unrestricted (UR) license.

             Serial Number: 807320295 (0x301ebae7)

            Configuration last modified by enable_15 at 12:53:09.597 Turkey Fri Nov 5 2004

             

             

             
             

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak iç©® cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta g?rebilirsiniz.

    Yahoo! Groups Sponsor
    ADVERTISEMENT
    click here <http://us.ard.yahoo.com/SIG=129hue9rk/M=315388.5543473.6613715.3001176/D=groups/S=1705004726:HM/EXP=1099742990/A=2372354/R=0/SIG=12id813k2/*https://www.orchardbank.com/hcs/hcsapplication?pf=PLApply&media=EMYHNL40F21004SS
            

    ________________________________

    Yahoo! Groups Links

    * To visit your group on the web, go to:
            http://groups.yahoo.com/group/cisco-ttl/
              
    * To unsubscribe from this group, send an email to:
            cisco-ttl-unsubscribe_at_yahoogroups.com <mailto:cisco-ttl-unsubscribe_at_yahoogroups.com?subject=Unsubscribe>
              
    * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> .

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    $9.95 domain names from Yahoo!. Register anything.
    http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     





    This archive was generated by hypermail 2.1.5 : Fri Nov 05 2004 - 14:50:43 GMT