[cisco-ttl] ipsec vpn ve static nat problemi

From: envyilmaz <e.yilmaz_at_....>
Date: Wed Nov 01 2006 - 15:08:30 EET


Merhaba arkadaslar

aralarinda ipsec vpn tunnel kurulu iki networkum var. iki lokasyonda da aynı cihaz uzerinde vpn ve nat calisiyor. lokasyon 1 de smtp ksunucum var ve cisco uzerinden port 25 static nat ile icerideki servera yonlenmis. lokasyon 1 deki cisco konf asagida

controller DSL 0/0
 mode atm
 line-term cpe
 line-mode 2-wire line-zero
 dsl-mode shdsl symmetric annex B
 line-rate 1024
!
!

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 28800

crypto isakmp key ******** address 213.74.245.126
!

crypto ipsec security-association lifetime seconds 28800
!

crypto ipsec transform-set IPSecTransfomSet esp-3des esp-sha-hmac
!

crypto map VPN 1 ipsec-isakmp
 set peer 213.74.245.126
 set transform-set IPSecTransfomSet
 set pfs group2
 match address 103
!
!
!
!

interface ATM0/0
 ip address 213.74.245.90 255.255.255.252  ip nat outside
 ip virtual-reassembly
 no atm ilmi-keepalive
 crypto map VPN
 pvc 0/35logo
  protocol ip 213.74.245.89
  encapsulation aal5snap
 !
!

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
!
!

ip route 0.0.0.0 0.0.0.0 213.74.245.89
!
!

ip nat inside source route-map RM1 interface ATM0/0 overload ip nat inside source static tcp 192.168.1.4 25 195.33.240.58 25 extendable
!

access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

route-map RM1 permit 1
 match ip address 100

sorunum

ip nat inside source static tcp 192.168.1.4 25 195.33.240.58 25

komutunu girdigimde 192.168.3.0 networkundeki hicbir cihazın 192.168.1.4 ip li serverin 25 portuna erisememesi

Yardimlariniz icin tesekkurler.

Enver

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Thu Nov 2 15:40:24 2006

This archive was generated by hypermail 2.1.8 : Thu Nov 02 2006 - 15:40:33 EET