RE: [cisco-ttl] cisco878 de vpn problemi

From: Vedat YILMAZ <vyilmaz_at_....>
Date: Fri Nov 03 2006 - 17:49:40 EET

 

DNS ile alakali olmamali. sonucta ip adreslerini giriyorum. DNS ile bir isi yok VPN tarafinda sanirim..


From: Azmi Ozgur [mailto:aozgur@adu.edu.tr] Sent: Fri 11/3/2006 4:22 PM
To: Vedat YILMAZ
Subject: Fw: [cisco-ttl] cisco878 de vpn problemi

Vedat hocam merhaba Telekom DNS leri degistirdi haberiniz yok sanirim , Birde bu dns ip lerini kullanarak deneyin bakalim...

TÜRK TELEKOM DNS DEGISIKLIGI
Türk Telekom'un kullandigi DNS IP'leri, yapilan çalisma sonucunda Türkiye genelinde iki IP olacak sekilde planlanmistir.

Bu IP numaralari asagida belirtilen;
195.175.39.39
195.175.39.40

IP numaralaridir ve su an aktif olarak, lokasyondan bagimsiz bir sekilde çalismaktadirlar.

Daha önceden kullanilan IP ler ise 1 Kasim 2006 tarihinde

kullanimdan kaldirilacaklardir.

http://www.turktelekom.com.tr/webtech/default.asp?sayfa_id=82

> Merhabalar,
>
> config dosyam ekteki gibidir.
>
> karsi taraftaki zyxel modem ile site to site vpn baglantisi
> gerceklestirmek istiyorum. SDM den olusturdugum vpn i test ettigimde
> hepsine success diyor ancak down durumunda. karsi aga ulasamiyorum. eksik
> yaptigim birsey mi var acaba..
>
> ----------
>
> !This is the running config of the router: 192.168.0.96
> !----------------------------------------------------------------------------
> !version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname cisco878
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 51200 debugging
> logging console critical
> enable secret 5 ***
> !
> no aaa new-model
> !
> resource policy
> !
> clock timezone PCTime 2
> clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
> ip subnet-zero
> no ip source-route
> ip cef
> !
> !
> ip tcp synwait-time 10
> no ip bootp server
> ip domain name garanti-iplik.com.tr
> ip name-server 212.156.4.1
> ip name-server 212.156.4.2
> ip name-server 212.156.4.4
> ip name-server 212.156.4.20
> ip name-server 88.247.88.139
> ip ssh time-out 60
> ip ssh authentication-retries 2
> !
> !
> crypto pki trustpoint TP-self-signed-2410176744
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-2410176744
> revocation-check none
> rsakeypair TP-self-signed-2410176744
> !
> !
> crypto pki certificate chain TP-self-signed-2410176744
> certificate self-signed 01
> 30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
> 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
> 69666963 6174652D 32343130 31373637 3434301E 170D3036 30353233 31353030
> 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
> 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34313031
> 37363734 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
> 8100E404 CDD00640 5FEF1297 E0F46F1B 3CAC0A25 A6D27147 B9774467 741BEC52
> 24A24E92 6B37E9DE F90CE34B 1A1DF948 C6353D28 B6DB5DC7 CE956EBC 8A080554
> BF8EE637 F4A647A3 45750A4C 2EE8FD01 29ADAA47 B4D0BD53 DAEE63A0 1CB54D70
> EB051AE0 6549DDD7 B744AF59 738CDC1A 319AED5C 12480E35 047AA1F9 FCFEED33
> C8B70203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
> 551D1104 21301F82 1D636973 636F3837 382E6761 72616E74 692D6970 6C696B2E
> 636F6D2E 7472301F 0603551D 23041830 16801448 1EF7CCD1 D7F2876A 8070A9C8
> E287754C 42F5EB30 1D060355 1D0E0416 0414481E F7CCD1D7 F2876A80 70A9C8E2
> 87754C42 F5EB300D 06092A86 4886F70D 01010405 00038181 00A0C7EC 4D98C160
> DCB6CDF6 F083B975 50B0AB97 C52E042C AAEA8747 7073F50D D15F662C 44D245DE
> 91EB2351 9254C9A6 D2F3B3D1 B32592D7 1B7DC193 78433C45 832D6832 8F79D9A3
> D9F523DD D63A7516 7CA5055E 7E44E3A0 31CEEC2C E067AACC 5F966E59 1FDC9E5B
> 89EA8D82 81024D5D B84D6DD7 06BB6A24 ACF5E230 609A1D24 A8
> quit
> username *** privilege 15 secret 5 ***
> !
> !
> controller DSL 0
> mode atm
> line-term cpe
> line-mode 2-wire line-zero
> dsl-mode shdsl symmetric annex B
> line-rate auto
> !
> !
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> crypto isakmp key *** address 85.99.234.60
> !
> !
> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
> crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
> !
> crypto map SDM_CMAP_1 1 ipsec-isakmp
> description Tunnel to85.99.234.60
> set peer 85.99.234.60
> set transform-set ESP-3DES-SHA
> match address 100
> !
> crypto map SDM_CMAP_2 1 ipsec-isakmp
> description Tunnel to85.99.234.60
> set peer 85.99.234.60
> set transform-set ESP-3DES-SHA1
> match address 101
> !
> !
> !
> interface BRI0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> encapsulation hdlc
> ip route-cache flow
> shutdown
> !
> interface ATM0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> no atm ilmi-keepalive
> !
> interface ATM0.1 point-to-point
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> pvc 8/35
> encapsulation aal5snap
> protocol ppp dialer
> dialer pool-member 1
> !
> !
> interface FastEthernet0
> !
> interface FastEthernet1
> !
> interface FastEthernet2
> !
> interface FastEthernet3
> !
> interface Vlan1
> description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
> ip address 192.168.0.96 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> ip route-cache flow
> ip tcp adjust-mss 1452
> !
> interface Dialer0
> ip address 88.247.88.78 255.0.0.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip virtual-reassembly
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username *** password 7 ***
> crypto map SDM_CMAP_2
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip http server
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 5 life 86400 requests 10000
> ip nat pool garanti 192.168.0.10 192.168.2.255 netmask 255.255.0.0
> ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
> ip nat inside source static 192.168.0.75 88.248.153.136
> ip nat inside source static tcp 192.168.0.100 21 88.248.153.137 21
> extendable
> ip nat inside source static tcp 192.168.0.100 23 88.248.153.137 23
> extendable
> ip nat inside source static tcp 192.168.0.100 80 88.248.153.137 80
> extendable
> ip nat inside source static tcp 192.168.0.100 81 88.248.153.137 81
> extendable
> ip nat inside source static 192.168.0.33 88.248.153.142
> ip nat inside source static tcp 192.168.0.110 5060 88.248.153.143 5060
> extendable
> !
> ip access-list standard garanti
> remark xx
> remark SDM_ACL Category=2
> permit 192.168.0.0 0.0.0.255
> !
> logging trap debugging
> access-list 1 remark SDM_ACL Category=2
> access-list 1 permit 192.168.5.0 0.0.0.255
> access-list 100 remark SDM_ACL Category=4
> access-list 100 remark IPSec Rule
> access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
> access-list 101 remark SDM_ACL Category=4
> access-list 101 remark IPSec Rule
> access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
> access-list 102 remark SDM_ACL Category=2
> access-list 102 remark IPSec Rule
> access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
> access-list 102 permit ip 192.168.0.0 0.0.0.255 any
> dialer-list 1 protocol ip permit
> no cdp run
> route-map SDM_RMAP_1 permit 1
> match ip address 102
> !
> !
> control-plane
> !
> banner login ^CAuthorized access only!
> Disconnect IMMEDIATELY if you are not an authorized user!^C
> !
> line con 0
> login local
> no modem enable
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> privilege level 15
> login local
> transport input telnet ssh
> !
> scheduler max-task-time 5000
> scheduler allocate 4000 1000
> scheduler interval 500
> end
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya
> da
> bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
> tutulamazlar.
> Yahoo! Groups Links
>
>
>
>



IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof.

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest@yahoogroups.com 
    mailto:cisco-ttl-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Sat Nov 4 14:02:24 2006

This archive was generated by hypermail 2.1.8 : Sat Nov 04 2006 - 14:02:35 EET