RE: [cisco-ttl] VPN Client Problemi

From: Mehmet Kutup <kutupm_at_....>
Date: Fri Oct 14 2005 - 08:10:34 EEST


İpsec over TCP ve IPSec over NAT-T ile bu sorunu çözebilirsin. Version 7.x bunu çok güzel yapabiliyor. ASDM içinden Configuration>VPN> IKE > Global Parameters Mehmet

-----Original Message-----
From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On Behalf Of ali tadir Sent: Thursday, October 13, 2005 5:42 PM To: cisco-ttl@yahoogroups.com
Subject: [cisco-ttl] VPN Client Problemi

Herkese selam.

11 þubeli bir aðýn merkezinde PIX 506 kurduk. Þubelerin tamamý VPN Client yazýlýmý ile ADSL üzerinden merkeze baðlanýyor. Merkezdeki internet çýkýþý ise LL.

Sorunumuz ise tek kullanýcýlý þubelerin saatlarce baðlanýrken ayný þubedeki birden fazla kullanýcýnýn birinin baðlanmasý durumunda diðerinin kopmasý.

Konfigürasyon aþaðýdaki gibidir. Ýlgilenen arkadaþlara þimdiden teþekkür ederim.                 

:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxx encrypted
hostname pix
domain-name cisco.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name 10.8.1.2 VPN_Router
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq www
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq ftp
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq
smtp
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq
pop3
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq
domain
access-list inside_access_in permit udp 10.8.0.0 255.255.0.0 any eq
domain
access-list inside_access_in permit icmp 10.8.0.0 255.255.0.0 any echo
access-list inside_access_in permit tcp 10.8.0.0 255.255.0.0 any eq
https
access-list outside_access_in permit icmp any any echo-reply
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.1.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.2.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.3.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.4.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.5.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.6.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.7.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.8.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.9.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.10.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.11.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.12.0 255.255.255.0
access-list 101 permit ip 10.8.0.0 255.255.0.0 10.9.13.0 255.255.255.0
pager lines 24
logging on
logging console critical
logging monitor emergencies
logging buffered alerts
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x
ip address inside 10.8.1.1 255.255.0.0
ip audit info action alarm
ip audit attack action alarm

ip local pool magaza1 10.9.1.1-10.9.1.14
ip local pool magaza2 10.9.2.1-10.9.2.14
ip local pool magaza3 10.9.3.1-10.9.3.14
ip local pool magaza5 10.9.5.1-10.9.5.14
ip local pool magaza6 10.9.6.1-10.9.6.14
ip local pool magaza7 10.9.7.1-10.9.7.14
ip local pool magaza8 10.9.8.1-10.9.8.14
ip local pool magaza9 10.9.9.1-10.9.9.14
ip local pool magaza10 10.9.10.1-10.9.10.14
ip local pool magaza11 10.9.4.1-10.9.4.14
ip local pool magaza12 10.9.11.1-10.9.11.14
ip local pool magaza13 10.9.12.1-10.9.12.14
ip local pool magaza14 10.9.13.1-10.9.13.14 pdm location 10.8.0.0 255.255.0.0 inside pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list 101
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local

http server enable
http 10.8.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set vpntransform esp-des esp-md5-hmac
crypto dynamic-map vpndmap 10 set transform-set elet crypto map vpnmap 10 ipsec-isakmp dynamic elektrolet crypto map vpnmap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup group1 address-pool magaza1
vpngroup group1 dns-server 10.8.1.15
vpngroup group1 default-domain cisco.com vpngroup group1 split-tunnel 101
vpngroup group1 idle-time 1800
vpngroup group1 password ********
vpngroup group2 address-pool magaza2
vpngroup group2 dns-server 10.8.1.15
vpngroup group2 default-domain cisco.com vpngroup group2 split-tunnel 101
vpngroup group2 idle-time 1800
vpngroup group2 password ********
vpngroup group3 address-pool magaza3
vpngroup group3 dns-server 10.8.1.15
vpngroup group3 split-tunnel 101
vpngroup group3 idle-time 1800
vpngroup group3 password ********
vpngroup group4 address-pool magaza4
vpngroup group4 dns-server 10.8.1.15
vpngroup group4 split-tunnel 101
vpngroup group4 password ********
vpngroup group5 address-pool magaza5
vpngroup group5 dns-server 10.8.1.15
vpngroup group5 split-tunnel 101
vpngroup group5 idle-time 1800
vpngroup group5 password ********
vpngroup group6 address-pool magaza6
vpngroup group6 dns-server 10.8.1.15
vpngroup group6 split-tunnel 101
vpngroup group6 idle-time 1800
vpngroup group6 password ********
vpngroup group7 address-pool magaza7
vpngroup group7 dns-server 10.8.1.15
vpngroup group7 split-tunnel 101
vpngroup group7 idle-time 1800
vpngroup group7 password ********
vpngroup group8 address-pool magaza8
vpngroup group8 dns-server 10.8.1.15
vpngroup group8 split-tunnel 101
vpngroup group8 idle-time 1800
vpngroup group8 password ********
vpngroup group9 address-pool magaza9
vpngroup group9 dns-server 10.8.1.15
vpngroup group9 split-tunnel 101
vpngroup group9 idle-time 1800
vpngroup group9 password ********
vpngroup group10 address-pool magaza10
vpngroup group10 dns-server 10.8.1.15
vpngroup group10 split-tunnel 101
vpngroup group10 idle-time 1800
vpngroup group10 password ********
vpngroup group11 address-pool magaza11
vpngroup group11 dns-server 10.8.1.15
vpngroup group11 split-tunnel 101
vpngroup group11 idle-time 1800
vpngroup group11 password ********
telnet 10.8.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxxxxxxxxx
: end
pix(config)#                 

Yahoo! Music Unlimited
Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. Yahoo! Groups Links  

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links


<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Fri Oct 14 08:09:02 2005

This archive was generated by hypermail 2.1.8 : Fri Oct 14 2005 - 08:09:06 EEST