Re: YNT: [cisco-ttl] bir cisco pix sorusu

From: özgür (tan_dr_at_yahoo.com)
Date: Fri Nov 05 2004 - 11:06:28 GMT

  • Next message: YAVUZ TEMIZKAN: "RE: [cisco-ttl] bir cisco pix sorusu"

    Hocam ben 506 ile 4 tane site to site yaotim herhangi
    bisorun yok.Yanliz wizard ile yaparken invatit peer
    adres hatasi veriyor ama ask=linda bu bi hata deil
    sanirim pdm ile ilgili cunku hatasa verse duzgur
    calisiyor zaten komut satirindan yaparsan hic bir hata
    vermiyo
    --- sustundag_at_secura.com.tr wrote:

    > ?
    > Hayır gerekmiyor elbette ayni interface'de 2 ayri
    > tunel olusturabilirsin
    > sen karsida iki ayri checkpointte mi
    > sonlandiriyorsun yoksa tek cp mi var
    > aslinda access-listler dahil tum vpn
    > configurasyonunu gonderirsen daha iyi yardimci
    > olabiliriz
    >
    > ________________________________
    >
    > Kimden: YAVUZ TEMIZKAN
    > [mailto:ytemizkan_at_inteltek.com.tr]
    > GönderilmiÅY: Cum 05.11.2004 14:10
    > Kime: cisco-ttl_at_yahoogroups.com
    > Konu: [cisco-ttl] bir cisco pix sorusu
    >
    >
    >
    >
    > Merhaba,
    >
    > Bir pix'te ayni interfaceden 2 ayri t?urabiliyor
    > muyuz? cisco.com sayfasini check ettim ve ?k bir
    > konf. buldum ve bunu fw'umuza uyguladim.
    >
    > crypto ipsec transform-set aaa esp-des esp-md5-hmac
    > crypto ipsec transform-set bbb esp-des esp-md5-hmac
    > crypto map bbbrules 10 ipsec-isakmp
    > crypto map bbbrules 10 match address 101
    > crypto map bbbrules 10 set pfs group2
    > crypto map bbbrules 10 set peer xxx.xxx.xxx.xxx
    > crypto map bbbrules 10 set transform-set aaa
    > crypto map bbbrules 30 ipsec-isakmp
    > crypto map bbbrules 30 match address 130
    > crypto map bbbrules 30 set peer yyy.yyy.yyy.yyy
    > crypto map bbbrules 30 set transform-set bbb
    > crypto map bbbrules interface outside
    >
    > Ancak bu konf'u yaptiktan sonra 10 no'lu
    > y?privilege'li vpn 硬ismaya devam etti ancak
    > digerini 硬istiramadik. Dahasi makineyi restart
    > ettigimizde bu sefer ilk vpn de down oldu. 2. vpn
    > ile ilgili tanimlari silince d?..
    > karsidaki cihaz Checkpoint bir FW. Ayni
    > interfaceden t?urarken transform-set'lerin farkli mi
    > olmasi gerekir?
    >
    > pix'in sh ver ç©«tisini da veriyorum:
    >
    > EApixAnkara# sh ver
    >
    > Cisco PIX Firewall Version 6.3(1)
    >
    > Cisco PIX Device Manager Version 3.0(1)
    >
    >
    >
    > Compiled on Wed 19-Mar-03 11:49 by morlee
    >
    > EApixAnkara up 42 mins 39 secs
    >
    >
    >
    > Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433
    > MHz
    >
    > Flash E28F128J3 @ 0x300, 16MB
    >
    > BIOS Flash AM29F400B @ 0xfffd8000, 32KB
    >
    > Encryption hardware device : IRE2141 with 2048KB,
    > HW:1.0, CGXROM:1.9, FW:6.5
    >
    > 0: ethernet0: address is 000d.bd3c.035f, irq 10
    >
    > 1: ethernet1: address is 000d.bd3c.0360, irq 11
    >
    > 2: ethernet2: address is 0005.5d18.37dc, irq 11
    >
    > 3: ethernet3: address is 0005.5d18.37dd, irq 10
    >
    > 4: ethernet4: address is 0005.5d18.37de, irq 9
    >
    > 5: ethernet5: address is 0005.5d18.37df, irq 5
    >
    > Licensed Features:
    >
    > Failover: Enabled
    >
    > VPN-DES: Enabled
    >
    > VPN-3DES-AES: Disabled
    >
    > Maximum Interfaces: 6
    >
    > Cut-through Proxy: Enabled
    >
    > Guards: Enabled
    >
    > URL-filtering: Enabled
    >
    > Inside Hosts: Unlimited
    >
    > Throughput: Unlimited
    >
    > IKE peers: Unlimited
    >
    > This PIX has an Unrestricted (UR) license.
    >
    > Serial Number: 807320295 (0x301ebae7)
    >
    > Configuration last modified by enable_15 at
    > 12:53:09.597 Turkey Fri Nov 5 2004
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > Bu listenin Cisco Systems ile herhangi bir
    > baglantisi bulunmamaktadir.
    >
    > Listeden cikmak iç©®
    > cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    > e-posta g?rebilirsiniz.
    >
    >
    >
    > Yahoo! Groups Sponsor
    > ADVERTISEMENT
    > click here
    >
    <http://us.ard.yahoo.com/SIG=129hue9rk/M=315388.5543473.6613715.3001176/D=groups/S=1705004726:HM/EXP=1099742990/A=2372354/R=0/SIG=12id813k2/*https://www.orchardbank.com/hcs/hcsapplication?pf=PLApply&media=EMYHNL40F21004SS
    >
    >
    >
    > ________________________________
    >
    > Yahoo! Groups Links
    >
    >
    > * To visit your group on the web, go to:
    > http://groups.yahoo.com/group/cisco-ttl/
    >
    > * To unsubscribe from this group, send an email to:
    > cisco-ttl-unsubscribe_at_yahoogroups.com
    >
    <mailto:cisco-ttl-unsubscribe_at_yahoogroups.com?subject=Unsubscribe>
    >
    >
    > * Your use of Yahoo! Groups is subject to the Yahoo!
    > Terms of Service <http://docs.yahoo.com/info/terms/>
    > .
    >
    >
    >

    > ATTACHMENT part 2 application/ms-tnef
    name=winmail.dat

                    
    __________________________________
    Do you Yahoo!?
    Check out the new Yahoo! Front Page.
    www.yahoo.com
     

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     



    This archive was generated by hypermail 2.1.5 : Fri Nov 05 2004 - 15:07:11 GMT