Re: [cisco-ttl] PIX ve PAT

From: Halil Ergun Korkmaz <halilergun.korkmaz_at_....>
Date: Tue Sep 19 2006 - 09:27:02 EEST


Bunu yaptığımda internet erişimim kopuyor, benim yazdığımda sizinkine benzer
şekilde aşağıda,

static (inside,outside) tcp interface www akiman www netmask 255.255.255.255
0 0

acaba bu sorun Pix'in versiyonundan kaynaklanıyor olabilirmi ?

> Merhaba
> access-list outside_access_in permit tcp any host
x.x.x.x eq www
> static (inside,outside) tcp x.x.x.x www 192.168.1.10
www netmask
> 255.255.255.255 0 0
> access-group outside_access_in in interface outside
> şuna benzer config ile istediginizi yapabilirsiniz
.acmak istediginiz
> portları static ile eklerseniz çalışması lazım.
>
>
> On 9/13/06, halilergun.korkmaz

<halilergun.korkmaz@yahoo.com> wrote:
>>
>> Merhabalar,
>>
>> PIX 515 ile PAT problemi yasiyorum. dis bacak PPPoE
ile ADSL
>> uzerinden IP aliyor ve disaridan iceriye bazi
portlara erisim vermem
>> gerekiyor ama bunu yapinca internet erisimini
kaybediyorum
>> konfugrasyonun PAT yapilmamis hali asagida
192.168.1.10 a http ve
>> 192.168.1.3'e sql erisimi vermek istiyorum
yardimlariniz icin
>> simdiden tesekkurler
>>
>>



>> PIX Version 6.2(2)
>> nameif ethernet0 outside security0
>> nameif ethernet1 inside
>> security100
>> nameif ethernet2 dmz security10
>> clock timezone EEST 2
>> clock summer-time EEDT recurring last Sun Mar 3:00
last Sun Oct
>> 4:00
>>
>> fixup protocol ftp 21
>> fixup protocol http 80
>> fixup protocol h323 h225 1720
>> fixup protocol h323 ras 1718-1719
>> fixup protocol ils 389
>> fixup protocol rsh 514
>> fixup protocol rtsp 554
>> fixup protocol smtp 25
>> fixup protocol sqlnet 1521
>> fixup protocol sip 5060
>> fixup protocol skinny 2000
>> names
>> name 192.168.1.0 Ic_Ag
>> name 192.168.1.10 akiman
>> name 213.153.207.34 yazilimgrb
>> name 192.168.1.3 DB_srv
>> access-list inside_access_in permit ip any
>> any
>> access-list outside_access_in permit icmp any any
echo-
>> reply
>> pager lines 24
>> logging on
>> logging timestamp
>> logging trap debugging
>> logging host inside DB_srv
>> interface ethernet0 auto
>> interface ethernet1 auto
>> interface ethernet2 auto
>> mtu outside 1500
>> mtu inside 1500
>> mtu dmz 1500
>> ip address outside pppoe setroute
>> ip address inside 192.168.1.5
>> 255.255.255.0
>> ip address dmz 10.0.0.1
>> 255.255.255.0
>> ip verify reverse-path interface
>> outside
>> ip audit info action alarm
>> ip audit attack action alarm
>> pdm location Ic_Ag 255.255.255.0
>> inside
>> pdm location 192.168.1.67 255.255.255.255
>> inside
>> pdm location DB_srv 255.255.25
>> pdm location akiman 255.255.255.255
>> inside
>> pdm location yazilimgrb 255.255.255.255
>> outside
>> pdm logging informational 100
>> pdm history enable
>> arp timeout 14400
>> global (outside) 1 interface
>> global (dmz) 1 interface
>> nat (inside) 1 Ic_Ag 255.255.255.0 0
>> 0
>> access-group outside_access_in in interface
>> outside
>> access-group inside_access_in in interface
>> inside
>> timeout xlate 3:00:00
>> timeout conn 1:00:00 half-closed 0:10:00 udp
0:02:00 rpc 0:10:00
>> h323 0:05:00
>> si
>>
>> p 0:30:00 sip_media 0:02:00
>> timeout uauth 0:05:00 absolute
>> aaa-server TACACS+ protocol
>> tacacs+
>> aaa-server RADIUS protocol radius
>> aaa-server LOCAL protocol local
>> http server enable
>> http DB_srv 255.255.255.255 inside
>> http Ic_Ag 255.255.255.0 inside
>> no snmp-server location
>> no snmp-server contact
>> snmp-server community public
>> no snmp-server enable traps
>> tftp-server inside 192.168.1.11 \
>> floodguard enable
>> sysopt noproxyarp outside
>> sysopt noproxyarp inside
>> sysopt noproxyarp dmz
>> no sysopt route dnat
>> telnet DB_srv 255.255.255.255 inside
>> telnet Ic_Ag 255.255.255.0 inside
>> telnet timeout 5
>> ssh timeout 5
>> vpdn group pppoe_group request dialout pppoe
>> vpdn group pppoe_group ppp authentication pap
>> terminal width 80
>>
>>
>>
>
>
> [Non-text portions of this message have been
removed]
>
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki
tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride
bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir
sekilde sorumlu
> tutulamazlar.
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
>


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Tue Sep 19 16:53:30 2006

This archive was generated by hypermail 2.1.8 : Tue Sep 19 2006 - 16:53:44 EEST