Forum
Fortigate 110c üzerinden iki çıkışım var biri adsl diğeri ise cisco 878 gshdsl modem. Remote desktop la server ıma erişmek istiyorum Ghdsl üzerinden. Adsl ile yönlendirme yaptığımda hiçbir sorun olmuyor ama cisco da olmuyor nedense. Conf. dosyasından yorum yaparsanız sevinirim. Tşkrler...
Using 3266 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xyz
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
no aaa new-model
clock timezone Athens 2
clock summer-time Athens date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-4025258949
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4025258949
revocation-check none
rsakeypair TP-self-signed-4025258949
!
!
crypto pki certificate chain TP-self-signed-4025258949
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
dot11 syslog
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username i privilege 15 password 0 j
!
!
archive
log config
hidekeys
!
!
controller DSL 0
mode atm
line-term cpe
line-mode 2-wire line-zero
dsl-mode shdsl symmetric annex B
line-rate auto
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description ---abc---
ip address 192.168.101.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname x ppp chap password y
ppp pap sent-username x password y
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.25.6.0 255.255.255.0 192.168.101.1 2
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static tcp 10.25.6.9 3389 interface Dialer0 3389
ip nat inside source static tcp 10.25.6.11 3390 interface Dialer0 3390
ip nat inside source static tcp 192.168.101.1 443 interface Dialer0 443
!
access-list 1 permit any
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 10.25.6.71
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 10.25.6.71
access-list 5 remark SDM_ACL Category=1
access-list 5 permit 10.25.6.1
access-list 6 remark SDM_ACL Category=1
access-list 6 permit 10.25.6.71
access-list 7 remark SDM_ACL Category=1
access-list 7 permit 10.25.6.71
access-list 8 remark SDM_ACL Category=1
access-list 8 permit 10.25.6.71
access-list 9 remark SDM_ACL Category=1
access-list 9 permit 10.25.6.71
access-list 101 permit ip 10.25.6.0 0.0.0.255 any
access-list 101 permit ip 192.168.101.0 0.0.0.255 any
access-list 102 permit ip 10.25.6.0 0.0.0.255 any
access-list 102 permit ip 192.168.101.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Merhaba;
Configlerle alakalı sıkıntı gözükmüyor NAT kuralı oluşturulmuş. Fortigate üzerinde de nat tanımlarını yaptınız mı?
Çözüm için iki farklı önerim olacak.
1.si Cisco 878 Router ı bridge mode da çalıştırabilirsiniz.
2. ise tüm trafiği fortigate üzerine yollayabilirsiniz. Böylece nat tarafını sadece fortigate üzerinden yapmanız yeterli olacatır.
ip nat inside source static 192.168.1.254 88.88.88.88
Burada 88.88.88.88 ip sine gelen tüm istekleri 192.168.1.1 iç bacağına yönlendirir.
Bridge mode a almayı nasıl yapabilirim? Sdm üzerinden yada console dan?
Encapsulation da bridge seçeneği olması lazım.