Re: [cisco-ttl] Re: ASA Remote Access

From: Ekrem CELIKEL <ekremcelikel_at_....>
Date: Mon Apr 10 2006 - 14:49:22 EEST


Selamlar,    

  Config ve verdiği hata aşağıdadır. İlginize teşekkürler

  access-list inside_nat0_outbound line 1 extended permit ip 192.168.20.0 255.255.255.0 192.168.50.0 255.255.255.0

      nat (inside) 0 access-list inside_nat0_outbound
      access-list EKREM_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
      ip local pool pool1 192.168.50.1-192.168.50.254 mask 255.255.255.0
      group-policy EKREM internal
      group-policy EKREM attributes
        split-tunnel-policy tunnelspecified
        split-tunnel-network-list value EKREM_splitTunnelAcl
        dns-server value 192.168.20.2
      tunnel-group EKREM type ipsec-ra
      tunnel-group EKREM general-attributes
        default-group-policy EKREM
        address-pool  pool1
      tunnel-group EKREM ipsec-attributes
        pre-shared-key *********
      isakmp policy 10 authen pre-share
      isakmp policy 10 encrypt 3des
      isakmp policy 10 hash sha
      isakmp policy 10 group 2
      isakmp policy 10 lifetime 86400
      access-list g.shdsl_cryptomap_dyn_20 extended permit ip 192.168.20.0 255.255.255.0  192.168.50.0 255.255.255.0 
      crypto dynamic-map g.shdsl_dyn_map 20 match address g.shdsl_cryptomap_dyn_20
      crypto dynamic-map g.shdsl_dyn_map 20 set transform-set ESP-3DES-SHA
      crypto dynamic-map g.shdsl_dyn_map 20 set security-association lifetime seconds 28800 kilobytes 4608000
      crypto map g.shdsl_map 65535 ipsec-isakmp dynamic g.shdsl_dyn_map
      crypto map g.shdsl_map interface g.shdsl
      sysopt connection permit-ipsec
  

Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.50.2/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface g.shdsl   

"serkan.ustundag" <sustundag@secura.com.tr> wrote:   Ekrem selam
ASA'da biraz konfigurasyon degisti.VPN group policy altinda split-tunnel-policy tunnelspecified komutu varmi? Ornek konfigurasyonu gonderiyorum sana.

group-policy mygroup attributes 
split-tunnel-policy tunnelspecified 
split-tunnel-network-list value mysplitTunnelAcl

access-list mysplitTunnelAcl standard permit 192.168.1.0 255.255.255.0

Ben bu sekilde baglanabiliyorum.Sen var olan konfigurasyonu gonderirsen yardimci oluruz.

Kolay gelsin

Serkan Ustundag

Secura Guvenlik Teknolojileri

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 


    
---------------------------------
  YAHOO! GROUPS LINKS 

    
    Visit your group "cisco-ttl" on the web.
    
    To unsubscribe from this group, send an email to:
 cisco-ttl-unsubscribe@yahoogroups.com
    
    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 

    
---------------------------------
  



		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1&cent;/min.
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

[Non-text portions of this message have been removed]





--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Mon Apr 10 14:51:44 2006

This archive was generated by hypermail 2.1.8 : Mon Apr 10 2006 - 14:51:44 EEST