Здравствуйте, Вопию к вашему коллективному разуму, уже с неделю страдаю :-( далее следует описание проблемы, так как оно было отправлено в support Cisco и Foundry, сразу скажу, что они мне не ответили, так как я не знаю CustomerSupportID, а человек который его знает(хозяин компании) - временно вне моей досягаемости. ---cut--- My primary task is to put one machine from our network under PIX515 protection. The following are the steps I've done with some comments: On our cisco2950: Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 04-Mar-03 02:14 by yenanh Image text-base: 0x80010000, data-base: 0x805A8000 I have configured the following interface. interface FastEthernet0/11 switchport access vlan 12 ######################## vlan 12 is for PIX access. switchport mode access no ip address ip access-group 100 in load-interval 30 no cdp enable On our Foundry BigIron SW: Version 07.7.01eT53 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Sep 23 2004 at 21:36:51 labeled as B2R07701e (2968660 bytes) from Primary foundry/B2R07701e.bin HW: BigIron 8000 Router, SYSIF version 21, Serial #: Non-exist I have configured the following vlan vlan 12 name PIX(inside) by port tagged ethe 5/2 ethe 5/8 ethe 5/11 untagged ethe 5/48 router-interface ve 12 and the following router interface: interface ve 12 ip access-group 100 in ip follow ve 3 no ip redirect in Pix 515 i have the following command: access-list 100 permit ip any host aaa.bbb.ccc.ddd now, once I set the above configuration, I have no access to the host. if I set "switchport access vlan 3",(on 2950) which is the default access vlan for all our hosts, it all works properly. How can I set this up properly? perhaps I am missing somethig from my snippets, but you can ask me to show you anything. Thank you very much. ---cut--- -- With best regards, Gregory Edigarov =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
participants (1)
-
Gregory Edigarov