Skip to content

Instantly share code, notes, and snippets.

@jjvillavicencio

jjvillavicencio/conf.txt

Created November 21, 2017 18:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jjvillavicencio/a02c8b54a1025430bb46528d4fb20bf1 to your computer and use it in GitHub Desktop.
Save jjvillavicencio/a02c8b54a1025430bb46528d4fb20bf1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
conf.txt
Router(config)#license boot module C2900 technology-package securityk9
Router#copy running-config startup-config
Router#reload
=== SWITCH 1 ==
vlan database
vlan 10
vlan 20
vlan 30
exit
configure terminal
interface fastEthernet 1/1
switchport mode access
switchport access vlan 10
exit
interface fastEthernet 1/2
switchport mode access
switchport access vlan 20
exit
interface fastEthernet 1/3
switchport mode access
switchport access vlan 30
exit
interface fastEthernet 1/0
switchport mode trunk
exit
interface fastEthernet 1/4
switchport mode trunk
exit
=== SWITCH 2 ==
vlan database
vlan 10
vlan 20
vlan 30
exit
configure terminal
interface fastEthernet 1/2
switchport mode access
switchport access vlan 10
exit
interface fastEthernet 1/3
switchport mode access
switchport access vlan 20
exit
interface fastEthernet 1/4
switchport mode access
switchport access vlan 30
exit
interface fastEthernet 1/1
switchport mode trunk
exit
==Router===
configure terminal
interface fastEthernet 1/0
no shutdown
exit
interface fastEthernet 1/0.10
encapsulation dot1Q 10
ip address 172.80.17.1 255.255.255.128
no shutdown
exit
interface fastEthernet 1/0.20
encapsulation dot1Q 20
ip address 172.80.14.1 255.255.254.0
no shutdown
exit
interface fastEthernet 1/0.30
encapsulation dot1Q 30
ip address 172.80.16.1 255.255.255.0
no shutdown
exit
show ip interface brief
== Router a Server ==
configure terminal
interface fastEthernet 0/0
ip address 172.80.8.4 255.255.252.0
no shutdown
exit
ip http server
ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0
exit
write
PC1> ping 172.80.8.4 -3 -P 6 -p 80
== Acces List R1 ===
configure terminal
access-list 101 deny ip host 172.80.8.3 any
access-list 101 deny tcp host 172.80.8.4 host 172.80.12.2 eq www
access-list 101 permit ip any any
access-list 101 permit tcp any any eq www
interfaceFastEthernet 0/0
ip access-group 101 in
exit
write
PC2> ping 172.80.8.4 -3 -P 6 -p 80
=== VPN ===
**Router 4**
crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 172.80.17.141 (Router 3)
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
access-list 101 permit ip 172.80.17.0 0.0.0.127 172.80.0.0 0.0.7.255 (Direccion red 1 y red 2)
crypto map CMAP 10 ipsec-isakmp
set peer 172.80.17.141 (Router 3)
match address 101
set transform-set TSET
exit
interface serial 0/0 (Interface a Router 2)
crypto map CMAP
exit
write
**Router 3**
crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 172.80.17.142 (Router 4)
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
access-list 101 permit ip 172.80.0.0 0.0.7.255 172.80.17.0 0.0.0.127 (Direccion red 1 y red 2)
crypto map CMAP 10 ipsec-isakmp
set peer 172.80.17.142 (Router 4)
match address 101
set transform-set TSET
exit
interface serial 0/1 (Interface a Router 4)
crypto map CMAP
exit
write
Los comandos para ver los paquetes enviados y recibidos y comprobar que fueron encriptados/desencriptados son:
show crypto isakmp sa
show crypto ipsec sa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment