Re: [cisco-ttl] PIX ve PAT

From: Umit Akarsu <uakarsu_at_....>
Date: Mon Sep 18 2006 - 11:07:55 EEST


Merhaba
access-list outside_access_in permit tcp any host x.x.x.x eq www static (inside,outside) tcp x.x.x.x www 192.168.1.10 www netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside şuna benzer config ile istediginizi yapabilirsiniz .acmak istediginiz portları static ile eklerseniz çalışması lazım.

On 9/13/06, halilergun.korkmaz <halilergun.korkmaz@yahoo.com> wrote:
>
> Merhabalar,
>
> PIX 515 ile PAT problemi yasiyorum. dis bacak PPPoE ile ADSL
> uzerinden IP aliyor ve disaridan iceriye bazi portlara erisim vermem
> gerekiyor ama bunu yapinca internet erisimini kaybediyorum
> konfugrasyonun PAT yapilmamis hali asagida 192.168.1.10 a http ve
> 192.168.1.3'e sql erisimi vermek istiyorum yardimlariniz icin
> simdiden tesekkurler
>
> ----------------------------------------------------------
> PIX Version 6.2(2)
> nameif ethernet0 outside security0
> nameif ethernet1 inside
> security100
> nameif ethernet2 dmz security10
> clock timezone EEST 2
> clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct
> 4:00
>
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol ils 389
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> names
> name 192.168.1.0 Ic_Ag
> name 192.168.1.10 akiman
> name 213.153.207.34 yazilimgrb
> name 192.168.1.3 DB_srv
> access-list inside_access_in permit ip any
> any
> access-list outside_access_in permit icmp any any echo-
> reply
> pager lines 24
> logging on
> logging timestamp
> logging trap debugging
> logging host inside DB_srv
> interface ethernet0 auto
> interface ethernet1 auto
> interface ethernet2 auto
> mtu outside 1500
> mtu inside 1500
> mtu dmz 1500
> ip address outside pppoe setroute
> ip address inside 192.168.1.5
> 255.255.255.0
> ip address dmz 10.0.0.1
> 255.255.255.0
> ip verify reverse-path interface
> outside
> ip audit info action alarm
> ip audit attack action alarm
> pdm location Ic_Ag 255.255.255.0
> inside
> pdm location 192.168.1.67 255.255.255.255
> inside
> pdm location DB_srv 255.255.25
> pdm location akiman 255.255.255.255
> inside
> pdm location yazilimgrb 255.255.255.255
> outside
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> global (dmz) 1 interface
> nat (inside) 1 Ic_Ag 255.255.255.0 0
> 0
> access-group outside_access_in in interface
> outside
> access-group inside_access_in in interface
> inside
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00
> h323 0:05:00
> si
>
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol
> tacacs+
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> http server enable
> http DB_srv 255.255.255.255 inside
> http Ic_Ag 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> tftp-server inside 192.168.1.11 \
> floodguard enable
> sysopt noproxyarp outside
> sysopt noproxyarp inside
> sysopt noproxyarp dmz
> no sysopt route dnat
> telnet DB_srv 255.255.255.255 inside
> telnet Ic_Ag 255.255.255.0 inside
> telnet timeout 5
> ssh timeout 5
> vpdn group pppoe_group request dialout pppoe
> vpdn group pppoe_group ppp authentication pap
> terminal width 80
>
>
>

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Mon Sep 18 12:06:15 2006

This archive was generated by hypermail 2.1.8 : Mon Sep 18 2006 - 12:06:23 EEST