[cisco-ttl] cisco vpn firewall router configuration

From: Gokhan BELER <gokhan.beler_at_....>
Date: Thu Feb 09 2006 - 10:04:20 EET


Selam arkadaşlar
Grubunuzun yeni üyesiyim. router ve firewall ile ilgili bazı sorularım olacak. Yardımcı olursanız çok sevinirim.Zira network konularında yeni sayılırım.

A network devices:
PIX 515 Cisco PIX Firewall Version 6.3(3) cisco 2500 IOS 12.3(5c) router (iç network için, firewall arkasında) cisco 1841 router (internet tarafı )
B network devices:
Pix 515E Cisco PIX Security Appliance Software Version 7.0(1) cisco 1720 IOS 12.0(3) T router (iç network için, firewall arkasında) cisco 1841 router (internet tarafı)

Şirketimiz iki farklı bölgede kurulu network sahip. A network 10.0.0.0/8 ve B network 192.168.0.0/16 ve A ve B network de router 'lar leased line ile bağlı. 2 network içinde dışardan ulaşıabilsin diye cisco vpn client kurulu.Tabi client konfigurasyonu 2 network için ayrı ayrı yapılmakta. Tek bir network'den bağlanıp diğer network'e ulaşılamıyor.

  1. A network 'ne dışardan VPN ile bağlandığımda A networkdeki makinalara bağlanabiliyorum. Fakat B network'deki makinalara bağlanamıyorum.Bu durum tam tersi içinde gecerli. Router ve firewall nasıl konfigure ederim?
  2. A network'de iken B network'deki router ve firewall cihazlarına telnet ile ulaşamıyorum.

Bu durumları nasıl çözebilirim?

teşekkürler.

A network deki cisco 2500 router konfigurasyonu: Using 3113 out of 32762 bytes
!

version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!

hostname network A
!

boot-start-marker
boot-end-marker
!

enable secret 5 $1$.UEq$WXt0xKWTmJGat0sSJRAjB0 enable password domates
!

no aaa new-model
ip subnet-zero
ip cef
no ip domain lookup
!
!
!
!

interface Ethernet0
 description connected to EthernetLAN
 ip address 10.0.0.2 255.255.0.0
 ip route-cache flow
!

interface Serial0
 description connected to Internet
 ip address 172.24.1.99 255.255.255.248
 ip access-group 2 in
 no fair-queue
!

interface Serial1
 ip address negotiated
 encapsulation ppp
 shutdown
 dialer in-band
 dialer idle-timeout 1800
 dialer string usr
 dialer-group 1
 no peer default ip address
 pulse-time 1
!

router rip
 version 2
 network 10.0.0.0
 network 172.24.0.0
 no auto-summary
!

no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.0.0 255.255.0.0 Serial0
!
!

access-list 100 permit ip host [firewall ip] any
access-list 100 permit ip host [global ip] any
access-list 100 permit ip any any
access-list 100 deny   udp any any eq netbios-ss


access-list 105 permit tcp any any

dialer-list 1 protocol ip permit
!

route-map pbr2 permit 10
 match ip address 100
!

route-map pbr permit 10
 match ip address 10
 set ip next-hop x.x.x.x
!

snmp-server community public RO
snmp-server enable traps tty
banner motd ^Cwelcome^C
!

line con 0
 exec-timeout 0 0
 password
 login
line aux 0
line vty 0
 exec-timeout 1 0
 password
 login
 transport preferred telnet
 transport input all
 transport output none
 stopbits 1
line vty 1 4
 exec-timeout 1 0
 password
 login
 transport preferred telnet
 transport input all
 transport output none
!
!

end
 B network deki cisco 1720 router konfigurasyonu: version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!

hostname B network
!

enable secret 5
enable password
!

username xyz
memory-size iomem 15
ip subnet-zero
no ip domain-lookup
!
!
!
!

interface FastEthernet0
 description connected to EthernetLAN
 ip address 192.168.0.2 255.255.0.0
 speed auto
!

interface Serial0
 description connected to Internet
 ip address 172.24.1.97 255.255.255.248
 ip access-group 2 in
 no fair-queue
!

interface Serial1
 physical-layer async
 ip address negotiated
 encapsulation ppp
 no ip route-cache
 shutdown
 dialer in-band
 dialer idle-timeout 1800
 dialer string usr
 dialer-group 1
 async dynamic routing
 async mode interactive
 no peer default ip address

 ppp pap sent-username abcd@abcd password 7 9999999999999999

!

router rip
 version 2
 network 172.24.0.0
 network 192.168.0.0
  no auto-summary
!

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.0.0.0 255.0.0.0 Serial0
no ip http server
!
access-list 100 deny   udp any any eq snmp
access-list 100 deny   udp any any eq snmptrap
access-list 100 permit ip any any
access-list 100 permit icmp any any
dialer-list 1 protocol ip permit

snmp-server community public RO
!

line con 0
 exec-timeout 0 0
 password
 login
line 2
 exec-timeout 0 0
 script dialer usr
 modem InOut
 modem autoconfigure discovery
 autocommand ppp
 transport preferred telnet
 transport input all
 stopbits 1
 speed 19200
 flowcontrol hardware
line aux 0
line vty 0 4
 password
 login
!

end

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Thu Feb 9 11:50:48 2006

This archive was generated by hypermail 2.1.8 : Thu Feb 09 2006 - 11:50:48 EET