[cisco-ttl] PIX ve PAT

From: halilergun.korkmaz <halilergun.korkmaz_at_....>
Date: Wed Sep 13 2006 - 15:09:06 EEST


Merhabalar,

PIX 515 ile PAT problemi yasiyorum. dis bacak PPPoE ile ADSL uzerinden IP aliyor ve disaridan iceriye bazi portlara erisim vermem gerekiyor ama bunu yapinca internet erisimini kaybediyorum konfugrasyonun PAT yapilmamis hali asagida 192.168.1.10 a http ve 192.168.1.3'e sql erisimi vermek istiyorum yardimlariniz icin simdiden tesekkurler


PIX Version 6.2(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside 
security100                                   
nameif ethernet2 dmz security10                               
clock timezone EEST 2                     
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 
4:00                                                                 
   
fixup protocol ftp 21                     
fixup protocol http 80                      
fixup protocol h323 h225 1720                             
fixup protocol h323 ras 1718-1719                                 
fixup protocol ils 389                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                       
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol sip 5060                       
fixup protocol skinny 2000                          
names     
name 192.168.1.0 Ic_Ag                      
name 192.168.1.10 akiman                        
name 213.153.207.34 yazilimgrb                              
name 192.168.1.3 DB_srv                       
access-list inside_access_in permit ip any 
any                                              
access-list outside_access_in permit icmp any any echo-
reply                                                            
pager lines 24              
logging on        
logging timestamp                 
logging trap debugging                      
logging host inside DB_srv                          
interface ethernet0 auto                        
interface ethernet1 auto                        
interface ethernet2 auto                        
mtu outside 1500                
mtu inside 1500               
mtu dmz 1500            
ip address outside pppoe setroute                                 
ip address inside 192.168.1.5 
255.255.255.0                                           
ip address dmz 10.0.0.1 
255.255.255.0                                     
ip verify reverse-path interface 
outside                                        
ip audit info action alarm                          
ip audit attack action alarm                            
pdm location Ic_Ag 255.255.255.0 
inside                                       
pdm location 192.168.1.67 255.255.255.255 
inside                                                
pdm location DB_srv 255.255.25                            
pdm location akiman 255.255.255.255 
inside                                          
pdm location yazilimgrb 255.255.255.255 
outside                                               
pdm logging informational 100                             
pdm history enable                  
arp timeout 14400                 
global (outside) 1 interface                            
global (dmz) 1 interface                        
nat (inside) 1 Ic_Ag 255.255.255.0 0 
0                                      
access-group outside_access_in in interface 
outside                                                   
access-group inside_access_in in interface 
inside                                                 
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00
si                                                                   
             
p 0:30:00 sip_media 0:02:00                           
timeout uauth 0:05:00 absolute                              
aaa-server TACACS+ protocol 
tacacs+                                   
aaa-server RADIUS protocol radius                                 
aaa-server LOCAL protocol local                               
http server enable                  
http DB_srv 255.255.255.255 inside                                  
http Ic_Ag 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.1.11 \
floodguard enable
sysopt noproxyarp outside
sysopt noproxyarp inside
sysopt noproxyarp dmz
no sysopt route dnat
telnet DB_srv 255.255.255.255 inside
telnet Ic_Ag 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
vpdn group pppoe_group request dialout pppoe vpdn group pppoe_group ppp authentication pap terminal width 80
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links


<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/cisco-ttl/join (Yahoo! ID required)
<*> To change settings via email:
mailto:cisco-ttl-digest@yahoogroups.com mailto:cisco-ttl-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Mon Sep 18 10:53:44 2006

This archive was generated by hypermail 2.1.8 : Mon Sep 18 2006 - 10:53:44 EEST