[cisco-ttl] Re: 1841 Router Adsl Nat ve Access List ile ilgili -Olamadi

From: cmesut <cmesut_at_....>
Date: Tue Apr 18 2006 - 11:55:06 EEST


Ahmet Bey cevap verip paylastiginiz icin oncelikkle tesekkurler

Malesef kacan kucuk birseyler varki yine olmadi.

interface FastEthernet0/0 once buraya uyguladim olmadi ip access-group 105 in

daha sonra kaldirip Dialer0 a uyguladim yine olmadi.HER TARAFTAN SMTP BAGLANTISI
YAPILIYOR. interface Dialer0
ip access-group 105 in

access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
access-list 105 deny   tcp any host 192.168.1.6 eq smtp
access-list 105 permit ip any any

AMAC: 1- SADECE VE SADECE 195.175.175.175 ipsi 192.168.1.6 mailservera smtp

yapabilsin.
2- 192.168.1.6  her turlu internete cikabilsin
3- 192.168.1.0 255.255.255.0 networkundeki tum client pcler her turlu
internete cikabilsin

   her turlu= dns ftp http ssh smtp telnet https msn , cisco vpn client

4- Karsilasilan diger bir sorun ise cisco vpn 4.x client baglaniyor ama hicbir sekilde remote da birsey

   ler pingleyip calistiramiyor(ornek remote desktop).1841-adsl router devreden cikartilip normal nat yapan

   zyxel adsl takilinca cisco-vpn client sorunsuz. Sorun ipsec-vnp pass through 1841-adsl ruterda yapilan natlamada.

   SDM de default bir rule var bunun icin ama yukaridaki cozumle ile birlikte nereye nasil uygulancak tam calistirilamadi.

   1841-adsl routarin tum config mailin en sonunda mevcut. Tam olarak hangi interface hangi access listlerin tam sirali uygulanacagi konusunda paylasimlariniz icin simdiden tesekkurler.  

Monday, April 17, 2006, 8:45:04 AM, you wrote:

>
Selam, eger bu access liste access-list 105 permit any any bunu kaldirirsan
hala disardan mail gelmeye devam edecek cunku. Access-list'te yasak koyan bir sey yok

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
access-list 105 deny ip any any

seklinde olur bu arada bu access-listi atadigin yerden sadece ilgili ip'den
smtp bilgileri gelir baska hic bir yerden hic bir baglanti gelmez.

Eger baska yerlerden de sadece smtp istekleri gelmesin ama baska baglantilar
gelsin istiyorsan

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
access-list 105 deny tcp any 192.168.1.6 eq smtp
access-list 105 permit ip any any

Selamlar,
Ahmet

-----Original Message-----
From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On Behalf
Of emre aksoy
Sent: Tuesday, April 18, 2006 2:02 AM
To: cisco-ttl@yahoogroups.com
Subject: Re: [cisco-ttl] 1841 Router Adsl Nat ve Access List ile ilgili   

access-list 105 permit ip any any
  bu k�s�m tum trafi�ine izin verir bunu kald�r.    

  interface FastEthernet0/0
!

ip access-group 105 in    

  inter dialer 0 da tan�mla    

  interface Dialer0
  ip access-group 105 in           

cmesut <cmesut@yahoo.com> wrote:
  Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan configte sadece ip adresi belirli bir mail serverin disardan (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access liste kacan bir sey var ki disardan baska mail serverlarda ulasabilmekte.

Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi calismalar.

!This is the running config of the router: 192.168.1.2
!---------------------------------------------------------------------------
-
!version 12.4

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!

hostname HnetRouter
!

boot-start-marker
boot-end-marker
!

security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/
!

no aaa new-model
!

resource policy
!

clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!

ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.201 192.168.1.254
!

ip dhcp pool sdm-pool1

   import all
   network 192.168.1.0 255.255.255.0
   dns-server 195.175.37.14 195.175.37.69    default-router 192.168.1.2
!
!

no ip bootp server

ip domain name yourdomain.com
ip name-server 195.175.37.14
ip name-server 195.175.37.69

!

username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
!
!
!

interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$ ip address 192.168.1.2 255.255.255.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!

interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!

interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!

interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
  pppoe-client dial-pool-number 1
!
!

interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ttnet
ppp chap password 123456
ppp pap sent-username user@ttnet password 123456
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!

ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25

!

logging trap debugging

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp access-list 105 permit ip any any

dialer-list 1 protocol ip permit
no cdp run
!

control-plane
!

banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!

line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!

scheduler allocate 4000 1000
end

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri
ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
tutulamazlar. 


    
---------------------------------
  YAHOO! GROUPS LINKS 

    
    Visit your group "cisco-ttl" on the web.
    
    To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
    
    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 

    
---------------------------------
  




[Non-text portions of this message have been removed]





--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri
ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
tutulamazlar. 
Yahoo! Groups Links










--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri
ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
tutulamazlar. 




SPONSORED LINKS 
Communication and networking 
Cisco systems inc 
Wireless communication and networking 


YAHOO! GROUPS LINKS 


�	 Visit your group "cisco-ttl" on the web.
 
�	 To unsubscribe from this group, send an email to:
 cisco-ttl-unsubscribe@yahoogroups.com
 
�	 Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.







--- In cisco-ttl@yahoogroups.com, "Ahmet TOMBAK" <ahmet.tombak@...> wrote:
>
> Selam, eger bu access liste access-list 105 permit any any bunu
kaldirirsan
> hala disardan mail gelmeye devam edecek cunku. Access-list'te yasak
koyan
> bir sey yok 
> 
> access-list 105 remark SDM_ACL Category=1
> access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
> access-list 105 deny ip any any
> 
> seklinde olur bu arada bu access-listi atadigin yerden sadece ilgili
ip'den
> smtp bilgileri gelir baska hic bir yerden hic bir baglanti gelmez. 
> 
> Eger baska yerlerden de sadece smtp istekleri gelmesin ama baska
baglantilar
> gelsin istiyorsan
> 
> access-list 105 remark SDM_ACL Category=1
> access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
> access-list 105 deny tcp any 192.168.1.6 eq smtp
> access-list 105 permit ip any any
> 
> Selamlar,
> Ahmet 
> 
> -----Original Message-----
> From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com]
On Behalf
> Of emre aksoy
> Sent: Tuesday, April 18, 2006 2:02 AM
> To: cisco-ttl@yahoogroups.com
> Subject: Re: [cisco-ttl] 1841 Router Adsl Nat ve Access List ile ilgili
> 
>   
> access-list 105 permit ip any any
>   bu k�s�m tum trafi�ine izin verir bunu kald�r.
>    
>   interface FastEthernet0/0
> !
> ip access-group 105 in
>    
>   inter dialer 0 da tan�mla 
>    
>   interface Dialer0
>   ip access-group 105 in
> 
>    
>    
>   
> 
> cmesut <cmesut@...> wrote:
>   Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan
> configte sadece ip adresi belirli bir mail serverin disardan
> (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq 
> smtp)
> icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25
> interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access
> liste kacan bir sey var ki disardan baska  mail serverlarda
ulasabilmekte.
> 
> Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi
calismalar.
> 
> !This is the running config of the router: 192.168.1.2
>

!---------------------------------------------------------------------------
> - > !version 12.4 > no service pad > service tcp-keepalives-in > service tcp-keepalives-out > service timestamps debug datetime msec localtime show-timezone > service timestamps log datetime msec localtime show-timezone > service password-encryption > service sequence-numbers > ! > hostname HnetRouter > ! > boot-start-marker > boot-end-marker > ! > security authentication failure rate 3 log > security passwords min-length 6 > logging buffered 51200 debugging > logging console critical > enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/ > ! > no aaa new-model > ! > resource policy > ! > clock timezone PCTime 2 > clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 > mmi polling-interval 60 > no mmi auto-configure > no mmi pvc > mmi snmp-timeout 180 > ip subnet-zero > no ip source-route > ip cef > ! > ! > ip tcp synwait-time 10 > no ip dhcp use vrf connected > ip dhcp excluded-address 192.168.1.1 192.168.1.99 > ip dhcp excluded-address 192.168.1.201 192.168.1.254 > ! > ip dhcp pool sdm-pool1 > import all > network 192.168.1.0 255.255.255.0 > dns-server 195.175.37.14 195.175.37.69 > default-router 192.168.1.2 > ! > ! > no ip bootp server > ip domain name yourdomain.com > ip name-server 195.175.37.14 > ip name-server 195.175.37.69 > ! > username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0 > ! > ! > ! > interface FastEthernet0/0 > description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$ > ip address 192.168.1.2 255.255.255.0 > ip access-group 105 in > no ip redirects > no ip unreachables > no ip proxy-arp > ip nat inside > ip route-cache flow > ip tcp adjust-mss 1412 > duplex auto > speed auto > no mop enabled > ! > interface FastEthernet0/1 > no ip address > no ip redirects > no ip unreachables > no ip proxy-arp > ip route-cache flow > shutdown > duplex auto > speed auto > no mop enabled > ! > interface ATM0/0/0 > no ip address > no ip redirects > no ip unreachables > no ip proxy-arp > ip route-cache flow > no atm ilmi-keepalive > dsl operating-mode auto > ! > interface ATM0/0/0.1 point-to-point > description $ES_WAN$$FW_OUTSIDE$ > pvc 8/35 > pppoe-client dial-pool-number 1 > ! > ! > interface Dialer0 > ip address negotiated > no ip redirects > no ip unreachables > no ip proxy-arp > ip mtu 1452 > ip nat outside > encapsulation ppp > ip route-cache flow > dialer pool 1 > dialer-group 1 > ppp authentication chap pap callin > ppp chap hostname user@ttnet > ppp chap password 123456 > ppp pap sent-username user@ttnet password 123456 > ! > ip classless > ip route 0.0.0.0 0.0.0.0 Dialer0 > ! > ip http server > ip http authentication local > ip http timeout-policy idle 5 life 86400 requests 10000 > > ip nat inside source list 1 interface Dialer0 overload > > ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25 > > ! > logging trap debugging > access-list 1 remark INSIDE_IF=FastEthernet0/0 > access-list 1 remark SDM_ACL Category=2 > access-list 1 permit 192.168.1.0 0.0.0.255 > > access-list 105 remark SDM_ACL Category=1 > access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp > access-list 105 permit ip any any > > dialer-list 1 protocol ip permit > no cdp run > ! > control-plane > ! > banner login ^CAuthorized access only! > Disconnect IMMEDIATELY if you are not an authorized user!^C > ! > line con 0 > login local > transport output telnet > line aux 0 > login local > transport output telnet > line vty 0 4 > privilege level 15 > login local > transport input telnet > line vty 5 15 > privilege level 15 > login local > transport input telnet > ! > scheduler allocate 4000 1000 > end > > > > > > > > -- > Cisco Teknik Tartisma Listesi (Cisco-ttl) > > Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk > kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da > bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. > > > > --------------------------------- > YAHOO! GROUPS LINKS > > > Visit your group "cisco-ttl" on the web. > > To unsubscribe from this group, send an email to: > cisco-ttl-unsubscribe@yahoogroups.com > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. > > > --------------------------------- > > > > > > [Non-text portions of this message have been removed] > > > > > > -- > Cisco Teknik Tartisma Listesi (Cisco-ttl) > > Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk > kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da > bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. > Yahoo! Groups Links > -- Cisco Teknik Tartisma Listesi (Cisco-ttl) Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/cisco-ttl/ <*> To unsubscribe from this group, send an email to: cisco-ttl-unsubscribe@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Received on Tue Apr 18 12:26:32 2006

This archive was generated by hypermail 2.1.8 : Tue Apr 18 2006 - 12:26:32 EEST