Cisco Pix Firewall PPTP Konfigurasyonu
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

+ Konuyu Cevapla
Toplam 2 sonuçtan 1 ile 2 arasındakiler gösteriliyor.
Cisco Pix Firewall PPTP Konfigurasyonu

Selam. Pixe disaridan PPTP connection yapmaya calisiyorum. Disaridan windows clientlar authentication yapiyor (Cisco ACS ile domain ustunden yaptiriyorum) Vpn ipsini alip connect oluyorlar. Buraya kadar hicbir sorun yok. Ancak bu

  1. #1
    Oguzhan Kayhan Guest

    Standart Cisco Pix Firewall PPTP Konfigurasyonu

    Selam.
    Pixe disaridan PPTP connection yapmaya calisiyorum.
    Disaridan windows clientlar authentication yapiyor (Cisco ACS ile domain
    ustunden yaptiriyorum)
    Vpn ipsini alip connect oluyorlar.
    Buraya kadar hicbir sorun yok.
    Ancak bu asamadan sonra hicbir yere giremiyorlar..

    Loglarda da soyle bir hata aliyorum

    005-02-26 15:50:58 Cron.Error 192.168.10.1 %PIX-3-305005:
    No translation group found for icmp src outside:172.16.5.1 dst
    inside:192.168.10.8 (type 8, code 0)

    Config fileimi da gonderiyorm.Neyi atliyorum acaba?


    PIX Version 6.3(4)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 DMZ security50
    ..
    ..
    ..
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    ..
    ..
    ..
    ..
    access-list unsecure permit icmp any any
    access-list unsecure permit gre any any
    ccess-list unsecure permit tcp any host Test_External eq www
    access-list unsecure permit tcp any host Test_External eq https
    access-list unsecure permit tcp any host Mail_External eq smtp
    access-list unsecure permit tcp any host Mail_External eq https
    access-list unsecure permit tcp any host Web_External eq www
    access-list unsecure permit tcp any host Web_External eq https
    ..
    ..
    access-list DMZ permit icmp any any echo-reply
    access-list DMZ permit tcp any host Test_Internal eq www
    access-list DMZ permit tcp any host Web_Internal eq www
    access-list DMZ permit tcp any host Web_Internal eq https
    access-list DMZ permit tcp any host Test_Internal eq https
    access-list DMZ permit tcp any host 10.10.10.50 eq https
    access-list DMZ permit tcp any host 10.10.10.51 eq https
    access-list DMZ permit tcp any host 10.10.10.51 eq www
    access-list DMZ permit tcp any host 10.10.10.50 eq www
    access-list DMZ permit tcp any host 10.10.10.53 eq sqlnet
    ..
    ..
    ..
    logging on
    logging trap debugging
    logging facility 9
    logging host inside Ras_Internal
    no logging message 111005
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ip address outside 217.64.18.34 255.255.255.224
    ip address inside 192.168.10.1 255.255.255.0
    ip address DMZ 10.10.10.1 255.255.255.0
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside
    ip audit name ids attack action alarm drop reset
    ip audit info action alarm
    ip audit attack action alarm drop
    logging on
    logging trap debugging
    logging facility 9
    logging host inside Ras_Internal
    no logging message 111005
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ip address outside 217.64.18.34 255.255.255.224
    ip address inside 192.168.10.1 255.255.255.0
    ip address DMZ 10.10.10.1 255.255.255.0
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside
    ip audit name ids attack action alarm drop reset
    ip audit info action alarm
    ip audit attack action alarm drop
    static (inside,outside) Murat_External Murat_Internal netmask
    255.255.255.255 0 0
    static (inside,outside) Proxy_External Proxy_Internal netmask
    255.255.255.255 0 0
    static (inside,outside) Test_External Test_Internal netmask
    255.255.255.255 0 0
    ..
    ..
    ..
    ..
    access-group unsecure in interface outside
    access-group DMZ in interface DMZ
    outbound 1 deny 0.0.0.0 0.0.0.0 0 ip
    outbound 1 permit 192.168.10.8 255.255.255.255 0 ip
    outbound 1 permit 192.168.10.33 255.255.255.255 0 ip
    outbound 1 permit 192.168.10.5 255.255.255.255 0 ip
    outbound 1 permit Ras_Internal 255.255.255.255 0 ip
    ..
    ..
    ..
    ..
    apply (inside) 1 outgoing_src
    route outside 0.0.0.0 0.0.0.0 217.64.18.33 1
    route DMZ 192.1.1.0 255.255.255.0 10.10.10.5 1
    route inside 192.168.0.0 255.255.0.0 192.168.10.6 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:01:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa-server AuthInbound protocol radius
    aaa-server AuthInbound max-failed-attempts 3
    aaa-server AuthInbound deadtime 10
    aaa-server AuthInbound (inside) host 192.168.10.8 test timeout 5
    sysopt connection permit-pptp
    vpdn group 1 accept dialin pptp
    vpdn group 1 ppp authentication pap
    vpdn group 1 ppp authentication chap
    vpdn group 1 ppp authentication mschap
    vpdn group 1 ppp encryption mppe 40
    vpdn group 1 client configuration address local pptp-pool
    vpdn group 1 client configuration dns 192.168.10.8
    vpdn group 1 client configuration wins Proxy_Internal
    vpdn group 1 client authentication aaa AuthInbound
    vpdn group 1 pptp echo 60
    vpdn enable outside

  2. #2
    esat yasar caglayan Guest

    Standart pix vpn konfigürasyonu

    İyi çalışmalar

    yapı şu şekilde Adsl modem bridge olarak pix in PPPOE ile kavuşmuş durumda ? diğer bir noktadaki zyxel ile pix arasında VPN tünel kurdum Vpn tüneli kurulmuş durumda ben diğer taraftaki yani zyxel arkasındaki network e ping atabiliyorum fakat zyxel tarafındaki network benim bulunduğum network e ping atamıyor bunun nedeni ne olabilir ?

    ilginize teşekkürler iyi çalışmalar

+ Konuyu Cevapla

Bu Konuyu Paylaşın !

Bu Konuyu Paylaşın !

Yetkileriniz

  • Konu Acma Yetkiniz Yok
  • Cevap Yazma Yetkiniz Yok
  • Eklenti Yükleme Yetkiniz Yok
  • Mesajınızı Değiştirme Yetkiniz Yok