Re: [cisco-ttl] pix nat problemi

From: Bahadır <bgirtten_at_....>
Date: Wed Oct 19 2005 - 12:16:09 EEST


Selam,  

PDM uzerinden yapacaksan Dynamic NAT Rule olarak eklemen gerekir. (Add Translation rule penceresinde alttaki secenek). Burada bir "pool" secmen gerekiyor. Manage Pools'a tıkladıgında mevcut olanlar karsına geliyor ("Manage Global Address Pools" Penceresi).  

Eger outside bacagına at bir pool listede yok ise "Add"'e tıkladıktan sonra gelen pencerede interface olarak "outside" secmeli, bir tane pool ID vermeli, alttaki secenekler içinden de "PAT using IP address of the interface" secmelisin. Daha sonra ilk ekrana dönüp Dynamic NAT tanımın için "Address Pool" kısmında yarattıgın bu Pool ID'yi kullanacaksın.    

Komutla yaparım dersen PAT tanımı yapmak cok daha kolay:    



nat (inside) 1 0 0 (İçerdeki her adresi "1" nolu NAT pooluna ekledin) global (outside) 1 interface (1 nolu pooldakiler outside interface'in adresini kullanacaklar)        

Bahadır
birisi birisi <biriben@yahoo.com> wrote:

merabalar, pix'te anlamadigim bi nokta var, pdm ile conf ediyorum lakin benden local ip'leri cevirecegi bi dis ip istiyo, tamam anladim nat yapcakta, e ben adsl kullaniyorum ip herdaim degisiyo, adsl modemi brige moda aldim wan ip yi pix aliyo, pix acaba sunu yapamiyomu, natta benim bi ip araligi veya ip belirmeme gerek kalmadan, direk outside uzerinden nat yapamiyomu kendi, burda sikintim var yardimlariniz icin tesekkurler

ali

oguz# sh run            
: Saved       
: 
PIX Version 6.3(5)                  
interface ethernet0 auto                        
interface ethernet1 100full                           
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                   
enable password 8Ry2YjIyt7RRXU24 encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                 
hostname oguz             
domain-name ciscopix.com                        
fixup protocol dns maximum-length 512                                     
fixup protocol ftp 21                     
fixup protocol h323 h225 1720                             
fixup protocol h323 ras 1718-1719                                 
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                       
fixup protocol sip 5060                       
fixup protocol sip udp                    
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names     
pager lines 24              
mtu outside 1500                
mtu inside 1500               
ip address outside pppoe setroute                                 
ip address inside 192.168.1.1 255.255.255.0                                           
ip audit info action alarm                          
ip audit attack action alarm                            
pdm logging informational 100                             
pdm history enable                  
arp timeout 14400                 
global (outside) 1 interface                            
global (inside) 1 interface                           
nat (inside) 0 0.0.0.0 0.0.0.0 0 0                                  
timeout xlate 0:05:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00                                                    
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00                                                               
timeout sip-disconnect 0:02:00 sip-invite 0:03:00                                                 
timeout uauth 0:05:00 absolute                              
aaa-server TACACS+ protocol tacacs+                                   
aaa-server TACACS+ max-failed-attempts 3                                        
aaa-server TACACS+ deadtime 10                              
aaa-server RADIUS protocol radius                                 
aaa-server RADIUS max-failed-attempts 3                                       
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname xxxx@ttnet
vpdn group pppoe_group ppp authentication pap
vpdn username xxx@ttnet password ********* dhcpd address 192.168.1.2-192.168.1.129 inside dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:347f2ae64ee330305bd783664164f9a6 : end
oguz#             

Yahoo! Music Unlimited - Access over 1 million songs. Try it free.

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 



SPONSORED LINKS 
Communication and networking Cisco systems inc Wireless communication and networking 

---------------------------------
YAHOO! GROUPS LINKS 


    Visit your group "cisco-ttl" on the web.
  
    To unsubscribe from this group, send an email to:
 cisco-ttl-unsubscribe@yahoogroups.com
  
    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 


---------------------------------



		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.

[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~--> 
Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life.
http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/26EolB/TM
--------------------------------------------------------------------~-> 

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links


<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Wed Oct 19 12:53:52 2005

This archive was generated by hypermail 2.1.8 : Wed Oct 19 2005 - 12:53:56 EEST