[cisco-ttl] firewall/IDS oneri

From: Ozgur Erdogan (egroupsbox_at_yahoo.com)
Date: Wed Nov 24 2004 - 09:25:49 GMT

  • Next message: Ali KAPTAN: "RE: [cisco-ttl] firewall/IDS oneri"

    Merhaba herkese
     
    bir adsl router modem arkasinda sirketin erisimi icin isa server makine var. yakin zamanda web server ve email server devreye alinacak. web server ve email server icin hatlarin birbirinin yedegi olmasi icin baska bir adsl uzerinden cikarilmasi isteniyor.
     
    web server ve email server onunde ids ve firewall icin bir yapi gerekiyor.
     
    bu kullanimda iki adsl hatti icin nasil bir kullanim yapilmasi daha iyi olur?
     
    ids icin snort mu onerirsiniz yada donanim firewall olarak pix, checkpoint, netscreen yada openbsd tabanli i-bekci (www.i-bekci.com) nasil olur?
     
    tesekkurler ve kolay gelsin..
     
     
     
     
    Iki adsl hattindan birinde web server ve email server, digerinde internet access server olacagi bir internet cikisi yapisinin onundeki firewall, ids, router yapilandirmasi icin onerilere ihtiyacim var.
    ornegin: router
                      firewall

    emre aksoy <enisaksoy2000_at_yahoo.com> wrote:

    eigrp ile bu sorunu cözebilirsin.igrp unequal loadbalancing desteklemiyor.

    ege iyioglu wrote:Selamlar
    32 mb ramli bir 1721 router imiz var.
    halihazirda 1 mbit leased line baglanti uzerinden isp ye baglanip internete cikiyoruz.
    buna ilaveten bir adet ethernet interface daha ekleyip ona da 8mbit bir wireless baglanti baglamayi ve igrp veya eigrp ile bunlari load sharing uzerinden calistirmayi hedefliyoruz. sizce calisir mi yoksa ram i arttirmak veya router i degistirmek gerekir mi dersiniz?

    run ve ver ciktilarini gonderiyorum:

    ------- sh run --------
    Building configuration...

    Current configuration : 1230 bytes
    !
    ! No configuration change since last restart
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname #####
    !
    logging buffered 16380 debugging
    no logging console
    enable password #####
    !
    username ##### callback-dialstring ##### password 0 ##### ip subnet-zero ! !
    ! ! chat-script callback ABORT ERROR ABORT BUSY "" "ATDT\T" TIMEOUT 30
    "CONNECT" \c modemcap entry usrmodem:MSC=&FS0=1&C1&D3&H1&R2&B1
    !
    !
    !
    interface FastEthernet0
    ip address 212.x.x.x 255.255.255.240
    speed auto
    !
    interface Serial0
    description #####
    bandwidth 1024
    ip address 212.x.x.x 255.255.255.252
    no ip route-cache
    no ip mroute-cache
    !
    interface Async5
    ip address 192.168.x.x 255.255.255.0
    encapsulation ppp
    async default routing
    async mode interactive
    ppp callback accept
    ppp authentication pap
    !
    ip classless
    ip classless
    no ip http server
    ip pim bidir-enable
    !
    !
    !
    !
    line con 0
    line aux 0
    script callback callback
    login local
    modem InOut
    modem autoconfigure type usrmodem
    transport input all
    autoselect during-login
    speed 300
    flowcontrol hardware
    line vty 0 4
    password #####
    login
    !
    no scheduler allocate
    end

    --------- sh ver -----------

    Cisco Internetwork Operating System Software
    IOS (tm) C1700 Software (C1700-SY-M), Version 12.2(8)YJ, EARLY DEPLOYMENT
    RELEAS E SOFTWARE (fc1) Synched to technology version 12.2(8.5)T TAC
    Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems,
    Inc. Compiled Fri 21-Jun-02 15:38 by ealyon Image text-base: 0x80008124,
    data-base: 0x80B64A38

    ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
    ROM: C1700 Software (C1700-SY-M), Version 12.2(8)YJ, EARLY DEPLOYMENT
    RELEASE SO FTWARE (fc1)

    bilfenrtr uptime is 1 day, 2 hours, 31 minutes
    System returned to ROM by power-on
    System restarted at 16:27:54 UTC Fri Nov 5 2004
    System image file is "flash:c1700-sy-mz.122-8.YJ.bin"

    cisco 1721 (MPC860P) processor (revision 0x100) with 29492K/3276K bytes of
    memor y. Processor board ID FOC06330050 (1457551649), with hardware revision
    0000 MPC860P processor: part number 5, mask 2 Bridging software. X.25
    software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 1
    Serial(sync/async) network interface(s) 32K bytes of non-volatile
    configuration memory. 16384K bytes of processor board System flash
    (Read/Write)

    Configuration register is 0x2102

    saygilar
    ege

    [Non-text portions of this message have been removed]

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

    Yahoo! Groups Sponsor
    Get unlimited calls to

    U.S./Canada

    ---------------------------------
    Yahoo! Groups Links

    To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

    To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe_at_yahoogroups.com

    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

    ---------------------------------
    Do you Yahoo!?
    Discover all that’s new in My Yahoo!

    [Non-text portions of this message have been removed]

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

                    
    ---------------------------------
    Do you Yahoo!?
     Meet the all-new My Yahoo! – Try it today!

    [Non-text portions of this message have been removed]

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    $9.95 domain names from Yahoo!. Register anything.
    http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     



    This archive was generated by hypermail 2.1.5 : Wed Nov 24 2004 - 13:26:42 GMT