Re: [cisco-ttl] Oncelik

From: Serhat Uslay (serhat.uslay_at_zurich.com.au)
Date: Thu Dec 23 2004 - 21:41:24 GMT

  • Next message: ozkan karacayoglu: "Re: [cisco-ttl] Oncelik"

     Su anda ikiside Fasteth0 gozukuyor. Herhalde 172.30.40.50 olan
    interface'in Fasteth1 olmasi lazim.

    Bu ciktida bazi duzeltmeler yapilabilir.

    1) Sadece 3 host Fasteth1 e trafik gonderebilir..172.30.40.1,
    172.172.30.40.2 ve 172.30.40.10 (access list 2). Ama bunlardan sadece
    172.30.40.1, 172.30.40.2 adreslerini degistirerek 192.168.30.50 adresini
    alabilir. 172.30.40.3 nat listesinde olmasina ragmen access list 2 'de
    olmadigi icin silinebilir.
    yani
    access-list 1 permit 172.30.40.1
    access-list 1 permit 172.30.40.2
    access-list 1 permit 172.30.40.3 ( bunu silip 172.30.40.10 yapin eger
    bunun trafik yollamasini isterseniz.).
    NAT'den sonra route bakilir, default route olarak hersey 192.168.30.201 'a
    yollanir.

    Disardan gelen trafik (yani Fasteth0 192.168.30.40'a ) acl 3 ile test
    edilir.Hersey gececek gibi gozukuyor 172.30.40.0 disinda. Ama 172.30.40.0
    zaten obur tarafta o yuzden ACL 3 biraz fazla...

    Serhat

    Please respond to cisco-ttl_at_yahoogroups.com

    To: cisco-ttl_at_yahoogroups.com
    cc:
    Subject: [cisco-ttl] Oncelik

    Merhaba,
    Asagidaki ornek konfigde nat inside ve/veya outside tarafina gelen
    bir paketin access-listlerden hangi sirayla gececegi veya
    gecemeyecegi konusunda fikirleriniz nedir?

    !
    interface FastEthernet0
    ip address 192.168.30.40 255.255.255.0
    ip nat outside
    ip access-group 3 in
    half-duplex
    !
    interface FastEthernet0
    ip address 172.30.40.50 255.255.255.0
    ip nat inside
    ip access-group 2 in
    speed auto
    half-duplex
    !
    ip nat pool pool 192.168.30.50 192.168.30.50 prefix-length 24
    ip nat inside source list 1 pool pool overload
    ip classless
    !
    ip route 0.0.0.0 0.0.0.0 192.168.30.201
    !
    access-list 1 permit 172.30.40.1
    access-list 1 permit 172.30.40.2
    access-list 1 permit 172.30.40.3
    !
    access-list 2 permit 172.30.40.1
    access-list 2 permit 172.30.40.2
    access-list 2 permit 172.30.40.10
    !
    access-list 101 permit 172.30.40.1 0.0.0.255 any
    !
    access-list 102 permit 172.10.10.10 0.0.0.255 any
    !
    access-list 3 deny 172.30.40.0
    access-list 3 permit any
    !

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    ----
    This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
    To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.
    [Non-text portions of this message have been removed]
    ------------------------ Yahoo! Groups Sponsor --------------------~--> 
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~-> 
    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir. 
    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz. 
    Yahoo! Groups Links
    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/
    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com
    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     
    


    This archive was generated by hypermail 2.1.5 : Fri Dec 24 2004 - 08:09:29 GMT