Re: [cisco-ttl] PIX-to-PIX VPN problemi

From: cenk tasdan <cenktasdan_at_....>
Date: Mon Aug 22 2005 - 09:21:42 EEST


Merhabalar,

Route edilen ic IP bloklari birbirini kapsiyor mu? Yani ACL_C_POINT ile ACL_A_POINT ile belirttiginiz access-list'lerdeki networklerin birbirini kapsamamasi gerekiyor.

Gonderebilirseniz, debug sonuclari da faydali olabilir yorum yapmak icin.

Bu sayfada oldukca faydali bazi troubleshooting metdolari mevcut oradan da yardim alabilirsiniz.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

Iyi calismalar,

> Selamlar herkeze,
>
> Uc noktam da A noktasinda PIX525 B noktasinda PIX515
> C noktasinda
> PIX506 var. A ile B arasinda VPN kurulu ve calisiyor
> ;). Simdi B ile C
> arasinda VPN kurmaya calisiyoruz. Soyle bir sorunla
> karsilasiyorum.B
> firewallunda sh cry ip sa girince C ile konfigre
> ettigim tunnelle
> ilgili herhangi birsey gormuyorum lakin, C'de ayni
> komutu yurutunce
> hersey geliyor. Tabi boyle olunca sh cry is sa 'da
> tunnelle ilgili bir
> sey bulamiyorum. Asagida gonderebildigim kadar conf.
> gonderdim. Gozden
> kacirdigim birsey mi var?
>
> B noktasi
> --------------------
> crypto ipsec transform-set A_POINT esp-des
> esp-md5-hmac
> crypto ipsec transform-set C_POINT esp-des
> esp-md5-hmac
> crypto map outside_map 20 ipsec-isakmp
> crypto map outside_map 20 match address ACL_A_POINT
> crypto map outside_map 20 set peer BLABLA
> crypto map outside_map 20 set transform-set A_POINT
> crypto map outside_map 60 ipsec-isakmp
> crypto map outside_map 60 match address ACL_C_POINT
> crypto map outside_map 60 set peer ALOALO
> crypto map outside_map 60 set transform-set C_POINT
> crypto map outside_map interface outside
> isakmp enable outside
> isakmp key ******** address BLABLA netmask
> 255.255.255.255 no-xauth
> isakmp key ******** address ALOALO netmask
> 255.255.255.255 no-xauth
> isakmp identity address
> isakmp policy 20 authentication pre-share
> isakmp policy 20 encryption des
> isakmp policy 20 hash md5
> isakmp policy 20 group 2
> isakmp policy 20 lifetime 86400
>
>
> C Noktasi
> ---------------
> crypto ipsec transform-set ALOALO esp-des
> esp-md5-hmac
> crypto map outside_map 40 ipsec-isakmp
> crypto map outside_map 40 match address ACL_B_POINT
> crypto map outside_map 40 set peer PRONTOPRONTO
> crypto map outside_map 40 set transform-set ALOALO
> crypto map outside_map interface outside
> isakmp enable outside
> isakmp key ******** address PRONTOPRONTO netmask
> 255.255.255.255
> no-xauth
> isakmp identity address
> isakmp policy 20 authentication pre-share
> isakmp policy 20 encryption des
> isakmp policy 20 hash md5
> isakmp policy 20 group 2
> isakmp policy 20 lifetime 86400
>
>
>
>
> ------------------------ Yahoo! Groups Sponsor
> --------------------~-->
> <font face=arial size=-1><a

>
href="http://us.ard.yahoo.com/SIG=12hn8gqu7/M=362131.6882499.7825260.1510227/D=groups/S=1705004726:TM/Y=YAHOO/EXP=1124467262/A=2889191/R=0/SIG=10r90krvo/*http://www.thebeehive.org
> ">Get Bzzzy! (real tools to help you find a job)
> Welcome to the Sweet Life - brought to you by One
> Economy</a>.</font>

>

--------------------------------------------------------------------~->

>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki
> tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride
> bulunan liste uyeleri ya da
> bu uyelerin calistigi kuruluslar herhangi bir
> sekilde sorumlu tutulamazlar.
> Yahoo! Groups Links
>
>
> cisco-ttl-unsubscribe@yahoogroups.com
>
>
>
>
>
                

Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs  
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Wed Sep 7 12:56:38 2005

This archive was generated by hypermail 2.1.8 : Wed Sep 07 2005 - 12:56:41 EEST