[cisco-ttl] PIX-to-PIX VPN problemi

From: sumero <sumero_at_....>
Date: Fri Aug 19 2005 - 16:59:18 EEST


Selamlar herkeze,

Uc noktam da A noktasinda PIX525 B noktasinda PIX515 C noktasinda PIX506 var. A ile B arasinda VPN kurulu ve calisiyor ;). Simdi B ile C arasinda VPN kurmaya calisiyoruz. Soyle bir sorunla karsilasiyorum.B firewallunda sh cry ip sa girince C ile konfigre ettigim tunnelle ilgili herhangi birsey gormuyorum lakin, C'de ayni komutu yurutunce hersey geliyor. Tabi boyle olunca sh cry is sa 'da tunnelle ilgili bir sey bulamiyorum. Asagida gonderebildigim kadar conf. gonderdim. Gozden kacirdigim birsey mi var?

B noktasi



crypto ipsec transform-set A_POINT esp-des esp-md5-hmac crypto ipsec transform-set C_POINT esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address ACL_A_POINT
crypto map outside_map 20 set peer BLABLA
crypto map outside_map 20 set transform-set A_POINT
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address ACL_C_POINT
crypto map outside_map 60 set peer ALOALO
crypto map outside_map 60 set transform-set C_POINT
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address BLABLA netmask 255.255.255.255 no-xauth isakmp key ******** address ALOALO netmask 255.255.255.255 no-xauth isakmp identity address
isakmp policy 20 authentication pre-share isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

C Noktasi



crypto ipsec transform-set ALOALO esp-des esp-md5-hmac
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address ACL_B_POINT
crypto map outside_map 40 set peer PRONTOPRONTO
crypto map outside_map 40 set transform-set ALOALO
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address PRONTOPRONTO netmask 255.255.255.255 no-xauth
isakmp identity address
isakmp policy 20 authentication pre-share isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links


<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Fri Aug 19 17:01:06 2005

This archive was generated by hypermail 2.1.8 : Fri Aug 19 2005 - 17:01:08 EEST