Re: [cisco-ttl] PIX 506e Vpn Routing Sorunu

From: Sukru Atlandi <satlandi_at_....>
Date: Thu Jan 25 2007 - 22:23:21 CET


split-tunneling yapacaks&#305;n.

cisco.com da kaynak mevcut.

Kolay gelsin.

> Merhabalar,
>
>
>
> Pix 506e uzerinde disaridan Cisco VPN Client
> kullanarak locl areaya
> baglanilmasini saglamak icin bi konfiguration
> yaptim. Fekat nedenini
> bulamadigim bir sorun yuzunden sikintidayim.
>
> Cisco VPN Client ile kullanıcı adi ve sifre
> araciligi ile baglaniyorum. Ama
> ayni zamanda default gateway aliyor bilgisayarim.
> Aldigindan dolayida kendi
> baglantim kopuyor. Sadece locale erisebilir durumda
> oluyorum.
>
> Yani conftada goruldugu uzere 192.168.7.2 ip
> aliyosam vpnden default
> gateway.de 192.168.7.2 oluyor.Ve bi bilgisayarda iki
> gateway olamiyacagindan
> normal baglantim kopuyor ve butun paketleri
> 192.168.7.x den gondermeye
> calisiyor. Bu konuda dokumanda arastirdim ama bisey
> bulamadim. Lutfen
> troubleshooting arkadaslar J
>
>
>
> Conf asagidadir.
>
>
>
> Iyı Calismalar.
>
>
>
> Yucel BASOGLU
>
>
>
> PIX Version 6.3(5)
>
> interface ethernet0 auto
>
> interface ethernet1 auto
>
> nameif ethernet0 outside security0
>
> nameif ethernet1 inside security100
>
> enable password xxxxx encrypted
>
> passwd xxxxx.2KYOU encrypted
>
> hostname pixfirewall
>
> domain-name ciscopix.com
>
> fixup protocol dns maximum-length 512
>
> fixup protocol ftp 21
>
> fixup protocol h323 h225 1720
>
> fixup protocol h323 ras 1718-1719
>
> fixup protocol http 80
>
> fixup protocol rsh 514
>
> fixup protocol rtsp 554
>
> fixup protocol sip 5060
>
> fixup protocol sip udp 5060
>
> fixup protocol skinny 2000
>
> fixup protocol smtp 25
>
> fixup protocol sqlnet 1521
>
> fixup protocol tftp 69
>
> names
>
> name x.x.x.x Mail_Server
>
> name 192.168.7.0 vpnpool
>
> name 192.168.1.73 Selcuk
>
> access-list inside_access_in permit ip any any
>
> access-list inside_access_in permit icmp any any
> echo-reply
>
> access-list outside_access_in permit tcp any host
> x.x.x.x eq smtp
>
> access-list outside_access_in permit tcp any host
> x.x.x.x eq pop3
>
> access-list outside_access_in permit tcp any host
> x.x.x.x eq www
>
> access-list inside_nat0_outbound permit ip any
> vpnpool 255.255.255.0
>
> access-list outside_cryptomap_dyn_20 permit ip any
> vpnpool 255.255.255.0
>
> pager lines 24
>
> icmp permit any outside
>
> icmp permit any inside
>
> mtu outside 1500
>
> mtu inside 1500
>
> ip address outside y.y.y.y 255.255.255.248
>
> ip address inside 192.168.1.1 255.255.255.0
>
> ip audit info action alarm
>
> ip audit attack action alarm
>
> ip local pool vpnpool 192.168.7.1-192.168.7.254
>
> pdm location Mail_Server 255.255.255.255 inside
>
> pdm location vpnpool 255.255.255.0 outside
>
> pdm location 84.17.81.195 255.255.255.255 outside
>
> pdm location 85.108.253.150 255.255.255.255 outside
>
> pdm location 192.168.1.5 255.255.255.255 inside
>
> pdm location 85.100.34.254 255.255.255.255 outside
>
> pdm location 88.234.92.14 255.255.255.255 outside
>
> pdm location Selcuk 255.255.255.255 inside
>
> pdm logging informational 100
>
> pdm history enable
>
> arp timeout 14400
>
> global (outside) 1 interface
>
> nat (inside) 0 access-list inside_nat0_outbound
>
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
>
> static (inside,outside) tcp x.x.x.x smtp Mail_Server
> smtp netmask
> 255.255.255.255 0 0
>
> static (inside,outside) tcp x.x.x.x pop3 Mail_Server
> pop3 netmask
> 255.255.255.255 0 0
>
> static (inside,outside) tcp x.x.x.x www Mail_Server
> www netmask
> 255.255.255.255 0 0
>
> access-group outside_access_in in interface outside
>
> access-group inside_access_in in interface inside
>
> route outside 0.0.0.0 0.0.0.0 z.z.z.z 1
>
> timeout xlate 0:05:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
> rpc 0:10:00 h225
> 1:00:00
>
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00
> sip_media 0:02:00
>
> timeout sip-disconnect 0:02:00 sip-invite 0:03:00
>
> timeout uauth 0:05:00 absolute
>
> aaa-server TACACS+ protocol tacacs+
>
> aaa-server TACACS+ max-failed-attempts 3
>
> aaa-server TACACS+ deadtime 10
>
> aaa-server RADIUS protocol radius
>
> aaa-server RADIUS max-failed-attempts 3
>

=== message truncated ===  



Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/  

Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it now. Received on Sat Jan 27 14:51:34 2007

This archive was generated by hypermail 2.1.8 : Sat Jan 27 2007 - 14:51:34 CET