Re: [cisco-ttl] PIX ve PAT

From: Halil Ergun Korkmaz <halilergun.korkmaz_at_....>
Date: Thu Sep 21 2006 - 08:42:22 EEST


Bunu yaptıŸımda tüm aŸ internete çıkamıyor , sizin gibi bende PPPoE den kaynaklandıŸını düŸünüyorum ADSL de denemeye gerek kalmadı Ÿimdilik VPN ile eriŸimi olayını çözdüm bir süre sonra G:HSDSL kullanılcak ozaman dediŸiniz gibi port forwarding'i G.HSDSL modem üzerinde yapacaŸım muhtemelen çözülecektir fakat benim akılma PIX'in versiyonundan kaynaklı gibi geliyor sizin port forwarding yaptıŸınız PIX'lerde versiyonlar 6.2.2. üzerimi ?    

Merhaba

Ben daha cok cok port redirection yaptim ama hic sorun yasamadim.

Acaba sizing yapinizda pppo3 oldugu icin oluyor olabilir mi ?

Konfigurasyonunuz dogru gozukuyor.Bu konfigurasyonu uyguladiginizda butun kullanicinlarin mi internet erisimi kopuyor yoksa 192.168.1.10 dan mi disari http yapilamiyor.

Bir de pppoe yi pixde degil de adsl modem de yapip oyle bir deneyebilir misiniz ?

ADSL modem de port fwdin yapip gelen http istedini iceriye 192.168.1.0 a yonlendirebilirsiniz


From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On Behalf Of Halil Ergun Korkmaz Sent: 19 Eylül 2006 Salı 09:27
To: cisco-ttl@yahoogroups.com
Subject: Re: [cisco-ttl] PIX ve PAT

Bunu yaptýðýmda internet eriþimim kopuyor, benim yazdýðýmda sizinkine benzer
þekilde aþaðýda,

static (inside,outside) tcp interface www akiman www netmask 255.255.255.255
0 0

acaba bu sorun Pix'in versiyonundan kaynaklanýyor olabilirmi ?

> Merhaba
> access-list outside_access_in permit tcp any host x.x.x.x eq www
> static (inside,outside) tcp x.x.x.x www 192.168.1.10 www netmask

> 255.255.255.255 0 0 
>   access-group outside_access_in in interface outside 
> þuna benzer   config ile istediginizi yapabilirsiniz 
.acmak istediginiz
>   portlarý static ile eklerseniz çalýþmasý lazým. 
> 
> 
> On   9/13/06, halilergun.korkmaz 

<halilergun.korkmaz@yahoo.com <mailto:halilergun.korkmaz%40yahoo.com> > wrote:
>>
>> Merhabalar,
>>
>> PIX 515 ile PAT problemi yasiyorum. dis bacak PPPoE
ile ADSL
>> uzerinden IP aliyor ve disaridan iceriye bazi
portlara erisim vermem
>> gerekiyor ama bunu yapinca internet erisimini
kaybediyorum
>> konfugrasyonun PAT yapilmamis hali asagida
192.168.1.10 a http ve
>> 192.168.1.3'e sql erisimi vermek istiyorum
yardimlariniz icin
>> simdiden tesekkurler
>>
>>


>> PIX Version 6.2(2)
>> nameif ethernet0 outside security0
>> nameif ethernet1 inside
>> security100
>> nameif ethernet2 dmz security10
>> clock timezone EEST 2
>> clock summer-time EEDT recurring last Sun Mar 3:00
last Sun Oct
>> 4:00
>>
>> fixup protocol ftp 21
>> fixup protocol http 80
>> fixup protocol h323 h225 1720
>> fixup protocol h323 ras 1718-1719
>> fixup protocol ils 389
>> fixup protocol rsh 514
>> fixup protocol rtsp 554
>> fixup protocol smtp 25
>> fixup protocol sqlnet 1521
>> fixup protocol sip 5060
>> fixup protocol skinny 2000
>> names
>> name 192.168.1.0 Ic_Ag
>> name 192.168.1.10 akiman
>> name 213.153.207.34 yazilimgrb
>> name 192.168.1.3 DB_srv
>> access-list inside_access_in permit ip any
>> any
>> access-list outside_access_in permit icmp any any
echo-
>> reply
>> pager lines 24
>> logging on
>> logging timestamp
>> logging trap debugging
>> logging host inside DB_srv
>> interface ethernet0 auto
>> interface ethernet1 auto
>> interface ethernet2 auto
>> mtu outside 1500
>> mtu inside 1500
>> mtu dmz 1500
>> ip address outside pppoe setroute
>> ip address inside 192.168.1.5
>> 255.255.255.0
>> ip address dmz 10.0.0.1
>> 255.255.255.0
>> ip verify reverse-path interface
>> outside
>> ip audit info action alarm
>> ip audit attack action alarm
>> pdm location Ic_Ag 255.255.255.0
>> inside
>> pdm location 192.168.1.67 255.255.255.255
>> inside
>> pdm location DB_srv 255.255.25
>> pdm location akiman 255.255.255.255
>> inside
>> pdm location yazilimgrb 255.255.255.255
>> outside
>> pdm logging informational 100
>> pdm history enable
>> arp timeout 14400
>> global (outside) 1 interface
>> global (dmz) 1 interface
>> nat (inside) 1 Ic_Ag 255.255.255.0 0
>> 0
>> access-group outside_access_in in interface
>> outside
>> access-group inside_access_in in interface
>> inside
>> timeout xlate 3:00:00
>> timeout conn 1:00:00 half-closed 0:10:00 udp
0:02:00 rpc 0:10:00
>> h323 0:05:00
>> si
>>
>> p 0:30:00 sip_media 0:02:00
>> timeout uauth 0:05:00 absolute
>> aaa-server TACACS+ protocol
>> tacacs+
>> aaa-server RADIUS protocol radius
>> aaa-server LOCAL protocol local
>> http server enable
>> http DB_srv 255.255.255.255 inside
>> http Ic_Ag 255.255.255.0 inside
>> no snmp-server location
>> no snmp-server contact
>> snmp-server community public
>> no snmp-server enable traps
>> tftp-server inside 192.168.1.11 \
>> floodguard enable
>> sysopt noproxyarp outside
>> sysopt noproxyarp inside
>> sysopt noproxyarp dmz
>> no sysopt route dnat
>> telnet DB_srv 255.255.255.255 inside
>> telnet Ic_Ag 255.255.255.0 inside
>> telnet timeout 5
>> ssh timeout 5
>> vpdn group pppoe_group request dialout pppoe
>> vpdn group pppoe_group ppp authentication pap
>> terminal width 80
>>
>>
>>
> 
>   
> [Non-text portions of this message have been 
removed]
>   
> 
> 
> 
> 
> -- 
> Cisco Teknik Tartisma   Listesi (Cisco-ttl) 
> 
> Bu listede onerilen degisikliklerin   uygulanmasindaki 
tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
>   tutulamazlar. 
> Yahoo! Groups Links 
> 
> 
> 
>   
> 
> 
> 
> 
> 
> 
> 
>   

__________________________________________________   
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com <http://mail.yahoo.com>

[Non-text portions of this message have been removed]

   #ygrp-mlmsg {	FONT-SIZE: small; FONT-FAMILY: arial,helvetica,clean,sans-serif}#ygrp-mlmsg TABLE {	}#ygrp-mlmsg SELECT {	FONT: 99% arial,helvetica,clean,sans-serif}INPUT {	FONT: 99% arial,helvetica,clean,sans-serif}TEXTAREA {	FONT: 99% arial,helvetica,clean,sans-serif}#ygrp-mlmsg PRE {	FONT: 100% monospace}CODE {	FONT: 100% monospace}#ygrp-mlmsg  {	LINE-HEIGHT: 1.22em}#ygrp-text {	FONT-FAMILY: Georgia}#ygrp-text P {	MARGIN: 0px 0px 1em}#ygrp-tpmsgs {	CLEAR: both; FONT-FAMILY: Arial}#ygrp-vitnav {	FONT-SIZE: 77%; MARGIN: 0px; PADDING-TOP: 10px; FONT-FAMILY: Verdana}#ygrp-vitnav A {	PADDING-RIGHT: 1px; PADDING-LEFT: 1px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px}#ygrp-actbar {	CLEAR: both; MARGIN: 25px 0px; COLOR: #666; WHITE-SPACE: nowrap; TEXT-ALIGN: right}#ygrp-actbar .left {	FLOAT: left; WHITE-SPACE: nowrap}..bld {	FONT-WEIGHT: bold}#ygrp-grft {	PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 15px; PADDING-TOP: 15px; FONT-FAMILY:
 Verdana}#ygrp-ft {	PADDING-RIGHT: 0px; BORDER-TOP: #666 1px solid; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 5px; PADDING-TOP: 5px; FONT-FAMILY: verdana}#ygrp-mlmsg #logo {	PADDING-BOTTOM: 10px}#ygrp-vital {	PADDING-RIGHT: 0px; PADDING-LEFT: 8px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 8px; PADDING-TOP: 2px; BACKGROUND-COLOR: #e0ecee}#ygrp-vital #vithd {	FONT-WEIGHT: bold; FONT-SIZE: 77%; TEXT-TRANSFORM: uppercase; COLOR: #333; FONT-FAMILY: Verdana}#ygrp-vital UL {	PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 2px 0px; PADDING-TOP: 0px}#ygrp-vital UL LI {	CLEAR: both; BORDER-RIGHT: #e0ecee 1px solid; BORDER-TOP: #e0ecee 1px solid; BORDER-LEFT: #e0ecee 1px solid; BORDER-BOTTOM: #e0ecee 1px solid; LIST-STYLE-TYPE: none}#ygrp-vital UL LI .ct {	PADDING-RIGHT: 0.5em; FONT-WEIGHT: bold; FLOAT: right; WIDTH: 2em; COLOR: #ff7900; TEXT-ALIGN: right}#ygrp-vital UL LI .cat {	FONT-WEIGHT: bold}#ygrp-vital A {	TEXT-DECORATION: none}#ygrp-vital A:hover {
	TEXT-DECORATION: underline}#ygrp-sponsor #hd {	FONT-SIZE: 77%; COLOR: #999}#ygrp-sponsor #ov {	PADDING-RIGHT: 13px; PADDING-LEFT: 13px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 6px; PADDING-TOP: 6px; BACKGROUND-COLOR: #e0ecee}#ygrp-sponsor #ov UL {	PADDING-RIGHT: 0px; PADDING-LEFT: 8px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px}#ygrp-sponsor #ov LI {	PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 77%; PADDING-BOTTOM: 6px; PADDING-TOP: 6px; LIST-STYLE-TYPE: square}#ygrp-sponsor #ov LI A {	FONT-SIZE: 130%; TEXT-DECORATION: none}#ygrp-sponsor #nc {	PADDING-RIGHT: 8px; PADDING-LEFT: 8px; MARGIN-BOTTOM: 20px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; BACKGROUND-COLOR: #eee}#ygrp-sponsor .ad {	PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 8px; PADDING-TOP: 8px}#ygrp-sponsor .ad #hd1 {	FONT-WEIGHT: bold; FONT-SIZE: 100%; COLOR: #628c2a; LINE-HEIGHT: 122%; FONT-FAMILY: Arial}#ygrp-sponsor .ad A {	TEXT-DECORATION: none}#ygrp-sponsor .ad A:hover {	TEXT-DECORATION:
 underline}#ygrp-sponsor .ad P {	MARGIN: 0px}o {	FONT-SIZE: 0px}..MsoNormal {	MARGIN: 0px}#ygrp-text TT {	FONT-SIZE: 120%}BLOCKQUOTE {	MARGIN: 0px 0px 0px 4px}..replbq {	}
 		
---------------------------------

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1/min.

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Thu Sep 21 11:43:00 2006

This archive was generated by hypermail 2.1.8 : Thu Sep 21 2006 - 11:43:13 EEST