Configuración de Wan Protocolo GRE

hostname RT-WAN.
CCS
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.151-4.M8.bin
boot-end-marker
logging buffered 40000
logging console informational
aaa new-model
aaa authentication login default local
aaa authentication login EZVPN local
aaa authentication login SSLVPN local
aaa authorization exec default local
aaa authorization network EZVPN local
aaa session-id common
clock timezone VEN -4 0
dot11 syslog
ip source-route
!
ip cef
ip inspect name CBAC-RULE http
ip inspect name CBAC-RULE https
ip inspect name CBAC-RULE dns
ip inspect name CBAC-RULE telnet
ip inspect name CBAC-RULE ssh
ip inspect name CBAC-RULE icmp
ip inspect name CBAC-RULE ntp
ip inspect name CBAC-RULE pop3
ip inspect name CBAC-RULE smtp
ip inspect name CBAC-RULE imap
ip inspect name CBAC-RULE imaps
ip inspect name CBAC-RULE imap3
ip inspect name CBAC-RULE bootpc
ip inspect name CBAC-RULE bootps
no ip domain lookup
ip domain name Propa.local
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-2087663039

enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2087663039
revocation-check none
rsakeypair TP-self-signed-2087663039
crypto pki certificate chain TP-self-signed-2087663039
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303837 36363330 3339301E 170D3136 30323138 31383439
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383736
36333033 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B5CA 7D61C520 C23A93B6 0AD22181 19B72B9D D354FA48 E269D548 25C5EAA2
F089643B 7288B8BC DF742382 03F39662 91570EAF AF9EDC65 93420904 B679A330
E43A483D 21F7CE28 5CDDF288 F9976D1D F7B16FB4 3AF162CF DC82446B FB8DC306
CA9E8A6B E47C4FC6 73430FC7 553CF9DC 4052F5B0 16CEF5D4 F856BA60 9B96CF26
6F4B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17526F75 7465722D 4343532E 63696E65 782E636F 6D2E7665
301F0603 551D2304 18301680 14B52A07 28D37DC1 72BB2FD4 A6FE4E70 4541F957
6A301D06 03551D0E 04160414 B52A0728 D37DC172 BB2FD4A6 FE4E7045 41F9576A
300D0609 2A864886 F70D0101 04050003 81810085 4D1D456F 477C240B 579FC877
3983F4CF 17C5F376 805EEF60 99002FA8 E823729D F76543EF BB3B2572 2CE9654E
3F89772D A495129A AF16126A 53C04306 67CA08B6 875352FF D8A88F7F 751C4566
F1D550E8 A5961FC4 4DF0FF63 280FE57C DF935F93 2C0B70B3 11536189 33500511
E3FEC009 ACF5DF7B 8E77A012 3654E0C0 1BD054
quit
!
!
license udi pid CISCO2811 sn FTX1221A36Z
archive
log config
hidekeys
no spanning-tree vlan 1216
vtp mode transparent
username enavas privilege 15 secret 5 $1$XauM$W1e1kTHPQae6qBdA1Jr2q.
username EZVPN secret 5 $1$gBcD$sTBWbigEeLWmPE5/RJypt.
username gmarquez privilege 15 secret 5 $1$qbHa$MKHnK05UMyCD1yDSDceDH1
username jrodriguez privilege 15 secret 5 $1$02yP$2vjlfYxWFx3YD.bjbQ23u0
redundancy
vlan 582
name CANTV-Metro
ip ssh authentication-retries 2
ip ssh version 2
class-map match-all Prueba
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key C1n3xCc$ address 190.202.75.2 no-xauth
crypto isakmp key C1n3xCc$ address 10.100.255.12
crypto isakmp key C1n3xCc$ address 0.0.0.0 0.0.0.0

!
crypto isakmp client configuration group EZVPN
key C1n3xCc$
acl EZVPN
save-password
crypto ipsec transform-set VPN-Set esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-SHA256 esp-aes esp-sha256-hmac
mode transport
crypto ipsec profile Tunnel-Profile
set transform-set ESP-AES-SHA256
crypto dynamic-map EZVPN 1
set transform-set VPN-Set
crypto map VPN-Cinex client authentication list EZVPN
crypto map VPN-Cinex isakmp authorization list EZVPN
crypto map VPN-Cinex client configuration address respond
crypto map VPN-Cinex 65535 ipsec-isakmp dynamic EZVPN
interface Loopback1
ip address 169.254.0.1 255.255.255.255
interface Tunnel1
description Tunnel Primario WAN Movistar | Puento Fijo - Las Virtudes
bandwidth 2048
ip address 10.100.254.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
delay 5
tunnel source 10.100.255.1
tunnel destination 10.100.255.10
tunnel protection ipsec profile Tunnel-Profile
interface Tunnel2
description Tunnel Primario WAN Movistar | Merida - Alto Prado
bandwidth 2048
ip address 10.100.254.5 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel3
description Tunnel Primario WAN Movistar | Maracaibo - Doral
bandwidth 2048
ip address 10.100.254.9 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel4
description Tunnel Primario WAN Movistar | Maracaibo - Galerias
bandwidth 2048
ip address 10.100.254.13 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel5
description Tunnel Primario WAN Movistar | Cumana - Marina Plaza
bandwidth 2048
ip address 10.100.254.17 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel6
description Tunnel Primario WAN Movistar | Barinas - Cima Plaza
bandwidth 2048
ip address 10.100.254.21 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel7
description Tunnel Primario WAN Movistar | San Cristobal - Pirineos
bandwidth 2048
ip address 10.100.254.25 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel8
description Tunnel Primario WAN Movistar | Puerto la Cruz - Plaza Mayor
bandwidth 2048
ip address 10.100.254.29 255.255.255.252
ip mtu 1400
delay 5

interface Tunnel9
description Tunnel Primario WAN Movistar | Valera - Valera Plaza
bandwidth 2048
ip address 10.100.254.33 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel10
description Tunnel Primario WAN Movistar | Maracaibo - Costa Mall
bandwidth 2048
ip address 10.100.254.37 255.255.255.252
ip mtu 1400
delay 5
interface Tunnel12
description Tunnel Backup Internet CANTV | Merida - Alto Prado
bandwidth 1024
ip address 10.100.253.5 255.255.255.252

ip mtu 1400
delay 10
interface Tunnel13
description Tunnel Backup Internet Movistar | Maracaibo - Doral
bandwidth 1024
ip address 10.100.253.9 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel14
description Tunnel Backup Internet CANTV | Maracaibo - Galerias
bandwidth 1024
ip address 10.100.253.13 255.255.255.252
ip mtu 1400
delay 10
!
interface Tunnel15
description Tunnel Backup Interent CANTV | Cumana - Marina Plaza
bandwidth 1024
ip address 10.100.253.17 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel16
description Tunnel Backup Internet CANTV | Barinas - Cima Plaza
bandwidth 1024
ip address 10.100.253.21 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel17
description Tunnel Backup Internet CANTV | San Cristobal - Pirineos
bandwidth 1024
ip address 10.100.253.25 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel18
description Tunnel Backup Internet CANTV | Puerto la Cruz - Plaza Mayor
bandwidth 1024
ip address 10.100.253.29 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel19
description Tunnel Backup Internet CANTV | Valera - Valera Plaza
bandwidth 1024
ip address 10.100.253.33 255.255.255.252
ip mtu 1400
delay 10
interface Tunnel20
description Tunnel Backup Internet CANTV | Maracaibo - Costa Mall
bandwidth 1024
ip address 10.100.253.37 255.255.255.252
ip mtu 1400
delay 10
interface FastEthernet0/0
description Conexion DMZ-ASA
ip address 10.255.255.2 255.255.255.252
duplex full
speed 100
interface FastEthernet0/1
no ip address
duplex full
speed 100
interface FastEthernet0/1.1216
description WAN Movsitar 20048kbps - PROPA 9007
encapsulation dot1Q 1216
ip address 10.100.255.1 255.255.255.0
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000

!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
interface Dot11Radio0/2/0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface FastEthernet0/1/0
description Internet MetroEthernet CANTV 1024kbps
switchport mode trunk
no ip address
no ip address
no ip address
no ip address
interface Vlan1
no ip address
shutdown
!
interface Vlan582
description Internet MetroEthernet CANTV 1024kbps
ip address 200.11.142.250 255.255.255.252
ip access-group Outside in
no ip redirects
ip nbar protocol-discovery
ip inspect CBAC-RULE out
crypto map VPN-Cinex
router eigrp 100
distribute-list route-map Distribute-List out
network 10.100.253.0 0.0.0.255
network 10.100.254.0 0.0.0.255
network 169.254.0.1 0.0.0.0
redistribute static route-map EIGRP
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip flow-top-talkers
top 20
sort-by bytes
ip route 0.0.0.0 0.0.0.0 200.11.142.249
ip route 10.0.0.0 255.255.255.0 10.255.255.1

ip route 58.218.198.154 255.255.255.255 Null0
ip route 190.202.75.2 255.255.255.255 200.11.142.249 name Frame-Relay-Pto-Fijo-Las-Virtudes
ip route 190.202.75.6 255.255.255.255 200.11.142.249 name Maracaibo-Doral-Plaza
ip route 190.202.77.102 255.255.255.255 200.11.142.249 name Barinas-Plaza
ip route 190.202.77.162 255.255.255.255 200.11.142.249 name Maracaibo-Galerias-Plaza
ip route 190.202.77.174 255.255.255.255 200.11.142.249 name Puerto-Plaza-Mayor
ip route 190.202.79.226 255.255.255.255 200.11.142.249 name San-Cristobal-Pirineo
ip route 201.249.69.74 255.255.255.255 200.11.142.249 name Maracaibo-Doral-Plaza
ip route 201.249.69.102 255.255.255.255 200.11.142.249 name San-Cristobal-Pirineo
ip route 201.249.69.106 255.255.255.255 200.11.142.249 name Valera-Plaza
ip route 201.249.73.228 255.255.255.255 200.11.142.249 name Maracaibo-Costa-Mall
ip route 202.249.69.82 255.255.255.255 200.11.142.249 name Metro-Pto-Fijo-Las-Virtudes
ip access-list extended Distribute-List
permit ip 10.0.0.0 0.0.0.255 any
permit ip host 169.254.0.1 any
ip access-list extended EIGRP
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended EZVPN
permit ip 10.0.0.0 0.0.0.255 172.20.31.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 172.20.34.0 0.0.0.255
ip access-list extended Outside
permit icmp any any
remark ***** Anti-Spoofing RFC5735 *****
deny ip 200.11.149.144 0.0.0.7 any log
deny ip 190.202.42.24 0.0.0.7 any log
deny ip 0.0.0.0 0.255.255.255 any
permit ip 10.0.0.0 0.255.255.255 any
deny ip 14.0.0.0 0.255.255.255 any

deny ip 24.0.0.0 0.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 128.0.0.0 0.0.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 191.255.0.0 0.0.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.88.99.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 223.255.255.0 0.0.0.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
remark ***** Deny Fragments *****
deny icmp any 200.11.149.144 0.0.0.7 fragments
deny tcp any 200.11.149.144 0.0.0.7 fragments
deny udp any 200.11.149.144 0.0.0.7 fragments
deny icmp any 190.202.42.24 0.0.0.7 fragments
deny tcp any 190.202.42.24 0.0.0.7 fragments
deny udp any 190.202.42.24 0.0.0.7 fragments
remark *** EZVPN-CCS ***
permit udp any host 190.202.41.142 eq tftp
permit udp any host 190.202.41.142 eq ntp
permit udp any host 190.202.41.142 eq isakmp
permit udp any host 190.202.41.142 eq non500-isakmp

permit esp any host 190.202.41.142
remark *** Site-to-Site-VPN-CCS ***
permit udp any host 200.11.142.250 eq tftp
permit udp any host 200.11.142.250 eq ntp
permit udp any host 200.11.142.250 eq isakmp
permit udp any host 200.11.142.250 eq non500-isakmp
permit esp any host 200.11.142.250
remark *** Permit SSH ***
permit tcp any host 190.202.41.142 eq 22
permit tcp any host 200.11.142.250 eq 22
remark ***** Permit NAT Pool *****
permit ip any host 190.202.42.25
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 160 permit tcp host 192.168.2.2 eq www any
route-map Distribute-List permit 10
match ip address Distribute-List
route-map EIGRP permit 10
match ip address EIGRP
snmp-server community propacine RW
!
control-plane
line con 0
line aux 0
line vty 0 4
logging synchronous
transport input ssh
line vty 5 15
logging synchronous
transport input ssh
scheduler allocate 20000 1000
ntp authentication-key 1 md5 00221A1E0A5E1F35002D595A00160B04312A 7
ntp master 1
end

Configuración de Wan Protocolo GRE

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Configuración de Wan Protocolo GRE

Cargado por

Copyright:

Formatos disponibles

hostname RT-WAN.

boot system flash c2800nm-advsecurityk9-mz.151-4.M8.bin

logging buffered 40000

logging console informational

aaa authentication login default local

aaa authentication login EZVPN local

aaa authentication login SSLVPN local

aaa authorization exec default local

aaa authorization network EZVPN local

aaa session-id common

clock timezone VEN -4 0

ip inspect name CBAC-RULE http

ip inspect name CBAC-RULE https

ip inspect name CBAC-RULE dns

ip inspect name CBAC-RULE telnet

ip inspect name CBAC-RULE ssh

ip inspect name CBAC-RULE icmp

ip inspect name CBAC-RULE ntp

ip inspect name CBAC-RULE pop3

ip inspect name CBAC-RULE smtp

ip inspect name CBAC-RULE imap

ip inspect name CBAC-RULE imaps

ip inspect name CBAC-RULE imap3

ip inspect name CBAC-RULE bootpc

ip inspect name CBAC-RULE bootps

ip domain name Propa.local

multilink bundle-name authenticated

crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-2087663039

crypto pki certificate chain TP-self-signed-2087663039

3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 32303837 36363330 3339301E 170D3136 30323138 31383439

35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383736

36333033 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100B5CA 7D61C520 C23A93B6 0AD22181 19B72B9D D354FA48 E269D548 25C5EAA2

F089643B 7288B8BC DF742382 03F39662 91570EAF AF9EDC65 93420904 B679A330

E43A483D 21F7CE28 5CDDF288 F9976D1D F7B16FB4 3AF162CF DC82446B FB8DC306

CA9E8A6B E47C4FC6 73430FC7 553CF9DC 4052F5B0 16CEF5D4 F856BA60 9B96CF26

6F4B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

551D1104 1B301982 17526F75 7465722D 4343532E 63696E65 782E636F 6D2E7665

301F0603 551D2304 18301680 14B52A07 28D37DC1 72BB2FD4 A6FE4E70 4541F957

6A301D06 03551D0E 04160414 B52A0728 D37DC172 BB2FD4A6 FE4E7045 41F9576A

300D0609 2A864886 F70D0101 04050003 81810085 4D1D456F 477C240B 579FC877

3983F4CF 17C5F376 805EEF60 99002FA8 E823729D F76543EF BB3B2572 2CE9654E

3F89772D A495129A AF16126A 53C04306 67CA08B6 875352FF D8A88F7F 751C4566

F1D550E8 A5961FC4 4DF0FF63 280FE57C DF935F93 2C0B70B3 11536189 33500511

E3FEC009 ACF5DF7B 8E77A012 3654E0C0 1BD054

license udi pid CISCO2811 sn FTX1221A36Z

no spanning-tree vlan 1216

vtp mode transparent

username enavas privilege 15 secret 5 $1$XauM$W1e1kTHPQae6qBdA1Jr2q.

username EZVPN secret 5 $1$gBcD$sTBWbigEeLWmPE5/RJypt.

username gmarquez privilege 15 secret 5 $1$qbHa$MKHnK05UMyCD1yDSDceDH1

username jrodriguez privilege 15 secret 5 $1$02yP$2vjlfYxWFx3YD.bjbQ23u0

class-map match-all Prueba

crypto isakmp policy 10

crypto isakmp key C1n3xCc$ address 190.202.75.2 no-xauth

crypto isakmp key C1n3xCc$ address 190.202.75.6 no-xauth

crypto isakmp key C1n3xCc$ address 190.202.77.162 no-xauth

crypto isakmp key C1n3xCc$ address 190.202.79.226 no-xauth

crypto isakmp key C1n3xCc$ address 190.202.77.174 no-xauth

crypto isakmp key C1n3xCc$ address 190.202.77.102 no-xauth