Sistem ve Network Notlarım

Router#sh run
Building configuration…

Current configuration : 817 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip routing
no ip cef
!
!        
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 8/35
  encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
no shut
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
no ip address
no ip route-cache
bridge-group 1
!
ip classless
!
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee
!
line con 0
no modem enable
line aux 0
line vty 0 4
login   
!
scheduler max-task-time 5000
end

ip nat inside source static 10.1.1.11 88.88.88.88

Buradaki örnekte 10.1.1.11 ip adresini 88.88.88.88 public ip sini natladık.

ip nat inside source static tcp 192.194.196.89 3389 interface Dialer0 3389

Burada da port yönlendirme komutunu yazıyorum.

Asa üzerinde yaptığım internet konfigürasyonu yazıyorum.

Ethernet0/0 WAN Bacağı

Ethernet0/1-0/6 LAN

Ethernet0/7 DMZ Zone da. Bridge Mode da çalışan ADSL Modem ayarları yapıldı.

ASA Version 7.2(3)
!
hostname ciscoasa
domain-name muratguclu.com
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group Test
ip address pppoe
!
interface Vlan3
nameif dmz
security-level 50
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 3
!
ftp mode passive
dns server-group DefaultDNS
domain-name muratguclu.com
access-list inside_access_out extended permit ip 192.168.1.0 255.255.255.0 any log
pager lines 24
logging enable
logging asdm informational
mtu inside 1452
mtu outside 1452
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_out out interface inside
route outside 0.0.0.0 0.0.0.0 192.168.20.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group Test request dialout pppoe
vpdn group Test localname xxxxx@biri.com.tr
vpdn group Test ppp authentication pap
vpdn username xxxx@biri.com.tr password xxxxxxx
dhcpd auto_config outside
!
dhcpd address 192.168.1.10-192.168.1.254 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e27f5f671727e761f250ab5379027c0e
: end

ciscoasa(config)# config factory-default

Based on the inside IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
WARNING: DHCPD bindings cleared on interface ‘inside’, address pool removed
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for “outside” set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for “inside” set to 100 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: global (outside) 1 interface
INFO: outside interface address added to PAT pool
Executing command: nat (inside) 1 0 0
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.1.2-192.168.1.254 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed

ciscoasa(config)# reload noconfirm

Bugün Juniper SSG-5  kurulum makalesini yayınladım. Şu anda Transparent Mode için makale hazırlıyorum ve daha sonra VPN makalelerine geçeceğim.

GFI ‘ ın Mailsecurity makalesini bugün yayınladım. SMTP Gateway Mode daki kurulumu anlattım ve normal kurulum ile aralarındaki  farklılıkları anlatmaya çalıştım.

Geçen Cuma Juniper ‘ ın JN0-400 kodlu sınavına girdim ve geçtim. Kolay bir sınavdı, simulasyon yoktu. Geçme notu 80. 90 dakikaka süre veriyorlar ve çok yeterli bir süre. Fast Tracking Program daki materyellerle çalıştım.

Merhaba,

Uzun zamandır blog la ilgilenemedim. Bugün Trend Micro’ nun Worry-Free Business Security Advanced makalesini yayınladım. Juniper SSG Firewall ‘um gelir gelmez, Juniper makalelerine de bağlayacağım.  Kapsamlı bir seri yazmayı düşünüyorum. Şimdilik görüşmek üzere.

Juniper’ in yaptığı duyuruda, 29 Ocak tarihinde Deep Inspection sertifikasının süresi sona erdi. Kullanıcıların bir keze mahsus manuel olarak Deep Inspection sertifikasını güncellemeleri gerekecek. Güncellemedikleri takdirde Deep Inspection Update lerini alamayacaklar. Juniper üzerinden kontrol ettiğimizde sertifikanın 2010 yılında expire olacağı yazmakta fakat server tarafındaki sertifikanın süresi bitmiş. ScreenOS 5.4.0r9 (ocak sonu olarak planlanmıştı) ve ScreenOS 6.0.0r4 versiyonlarda sertifika otomatik olarak yayınlanması planlanmış.

Etkilenen Platformlar:

ScreenOS 5.x
SSG Series
ScreenOS 6.x
NetScreen Firewall/VPN

Knowledge Base:

http://kb.juniper.net/KB10239

Juniper Ex-Serisi yeni swtich lerini dün itibari ile web sitesinde tanıttı. EX 3200 ve EX 4200 serisi switch ler Mart 2008 de satışa sunulacak. EX 3200 serisi  USD $4,000 den başlayacak . EX 4200 sersi ise $6,000 den başlayacak(Yurt dışı fiyatları). EX 8200 serisi ise 2008 ortalarına doğru satışı olacak. Switch ler üzerinde JUNOS^TM software koşturulacak.  Demo için:

http://www.juniper.net/index.html