RE: [cisco-ttl] PIX ve PAT

From: <sustundag_at_....>
Date: Wed Sep 20 2006 - 16:16:32 EEST


Merhaba

Ben daha cok cok port redirection yaptim ama hic sorun yasamadim.

Acaba sizing yapinizda pppo3 oldugu icin oluyor olabilir mi ?

Konfigurasyonunuz dogru gozukuyor.Bu konfigurasyonu uyguladiginizda butun kullanicinlarin mi internet erisimi kopuyor yoksa 192.168.1.10 dan mi disari http yapilamiyor.  

Bir de pppoe yi pixde degil de adsl modem de yapip oyle bir deneyebilir misiniz ?

ADSL modem de port fwdin yapip gelen http istedini iceriye 192.168.1.0 a yonlendirebilirsiniz    


From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On Behalf Of Halil Ergun Korkmaz Sent: 19 Eylül 2006 Salı 09:27
To: cisco-ttl@yahoogroups.com
Subject: Re: [cisco-ttl] PIX ve PAT  

Bunu yaptýðýmda internet eriþimim kopuyor, benim yazdýðýmda sizinkine benzer
þekilde aþaðýda,

static (inside,outside) tcp interface www akiman www netmask 255.255.255.255
0 0

acaba bu sorun Pix'in versiyonundan kaynaklanýyor olabilirmi ?

> Merhaba
> access-list outside_access_in permit tcp any host
x.x.x.x eq www
> static (inside,outside) tcp x.x.x.x www 192.168.1.10
www netmask
> 255.255.255.255 0 0
> access-group outside_access_in in interface outside
> þuna benzer config ile istediginizi yapabilirsiniz
.acmak istediginiz
> portlarý static ile eklerseniz çalýþmasý lazým.
>
>
> On 9/13/06, halilergun.korkmaz

<halilergun.korkmaz@yahoo.com <mailto:halilergun.korkmaz%40yahoo.com> > wrote:
>>
>> Merhabalar,
>>
>> PIX 515 ile PAT problemi yasiyorum. dis bacak PPPoE
ile ADSL
>> uzerinden IP aliyor ve disaridan iceriye bazi
portlara erisim vermem
>> gerekiyor ama bunu yapinca internet erisimini
kaybediyorum
>> konfugrasyonun PAT yapilmamis hali asagida
192.168.1.10 a http ve
>> 192.168.1.3'e sql erisimi vermek istiyorum
yardimlariniz icin
>> simdiden tesekkurler
>>
>>



>> PIX Version 6.2(2)
>> nameif ethernet0 outside security0
>> nameif ethernet1 inside
>> security100
>> nameif ethernet2 dmz security10
>> clock timezone EEST 2
>> clock summer-time EEDT recurring last Sun Mar 3:00
last Sun Oct
>> 4:00
>>
>> fixup protocol ftp 21
>> fixup protocol http 80
>> fixup protocol h323 h225 1720
>> fixup protocol h323 ras 1718-1719
>> fixup protocol ils 389
>> fixup protocol rsh 514
>> fixup protocol rtsp 554
>> fixup protocol smtp 25
>> fixup protocol sqlnet 1521
>> fixup protocol sip 5060
>> fixup protocol skinny 2000
>> names
>> name 192.168.1.0 Ic_Ag
>> name 192.168.1.10 akiman
>> name 213.153.207.34 yazilimgrb
>> name 192.168.1.3 DB_srv
>> access-list inside_access_in permit ip any
>> any
>> access-list outside_access_in permit icmp any any
echo-
>> reply
>> pager lines 24
>> logging on
>> logging timestamp
>> logging trap debugging
>> logging host inside DB_srv
>> interface ethernet0 auto
>> interface ethernet1 auto
>> interface ethernet2 auto
>> mtu outside 1500
>> mtu inside 1500
>> mtu dmz 1500
>> ip address outside pppoe setroute
>> ip address inside 192.168.1.5
>> 255.255.255.0
>> ip address dmz 10.0.0.1
>> 255.255.255.0
>> ip verify reverse-path interface
>> outside
>> ip audit info action alarm
>> ip audit attack action alarm
>> pdm location Ic_Ag 255.255.255.0
>> inside
>> pdm location 192.168.1.67 255.255.255.255
>> inside
>> pdm location DB_srv 255.255.25
>> pdm location akiman 255.255.255.255
>> inside
>> pdm location yazilimgrb 255.255.255.255
>> outside
>> pdm logging informational 100
>> pdm history enable
>> arp timeout 14400
>> global (outside) 1 interface
>> global (dmz) 1 interface
>> nat (inside) 1 Ic_Ag 255.255.255.0 0
>> 0
>> access-group outside_access_in in interface
>> outside
>> access-group inside_access_in in interface
>> inside
>> timeout xlate 3:00:00
>> timeout conn 1:00:00 half-closed 0:10:00 udp
0:02:00 rpc 0:10:00
>> h323 0:05:00
>> si
>>
>> p 0:30:00 sip_media 0:02:00
>> timeout uauth 0:05:00 absolute
>> aaa-server TACACS+ protocol
>> tacacs+
>> aaa-server RADIUS protocol radius
>> aaa-server LOCAL protocol local
>> http server enable
>> http DB_srv 255.255.255.255 inside
>> http Ic_Ag 255.255.255.0 inside
>> no snmp-server location
>> no snmp-server contact
>> snmp-server community public
>> no snmp-server enable traps
>> tftp-server inside 192.168.1.11 \
>> floodguard enable
>> sysopt noproxyarp outside
>> sysopt noproxyarp inside
>> sysopt noproxyarp dmz
>> no sysopt route dnat
>> telnet DB_srv 255.255.255.255 inside
>> telnet Ic_Ag 255.255.255.0 inside
>> telnet timeout 5
>> ssh timeout 5
>> vpdn group pppoe_group request dialout pppoe
>> vpdn group pppoe_group ppp authentication pap
>> terminal width 80
>>
>>
>>
>
>
> [Non-text portions of this message have been
removed]
>
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki
tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride
bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir
sekilde sorumlu
> tutulamazlar.
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
>


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com <http://mail.yahoo.com>  

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Wed Sep 20 17:42:49 2006

This archive was generated by hypermail 2.1.8 : Wed Sep 20 2006 - 17:43:02 EEST