Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
___________________________________________________________
IPsec (enlace vpn)
LICENCIA = license boot module c900 technology-package securityk9
do wr
do reload
___________________________________________________________
FASE 1
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 3600
FASE 2
crypto ipsec transform-set VPN-SET-CONCE(NOMBRE OTRO RT) esp-aes 256 esp-sha-hmac
Union Fase1 y 2
crypto map VPN-MAP-CONCE 10 ipsec-isakmp
description VPN conexion a CONCE
set peer 209.165.201.6 (IP OTRO EXTREMO)
set transform-set VPN-SET-CONCE
match address 110
___________________________________________________________
NAT
___________________________________________________________
(ESTATICO MISMA IP DIFERENTE PUERTO)
ip nat inside source static udp 10.1.250.10 53 209.165.200.6 53
ip nat inside source static tcp 10.1.250.20 21 209.165.200.6 21
(NO OLVIDAR) ip nat inside y outside en los puertos
(ESTATICO)
ip nat inside source static 10.1.250.10 209.165.200.6
int g0/0
ip nat inside
___________________________________________________________
OSPF cifrado (EJEMPLO)
___________________________________________________________
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
area 0 authentication message-digest
passive-interface g0/0
router-id 3.3.3.3
exit
int s0/0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf priotiry 0 (PRIORIDAD DEL PUERTO)
ip ospf network broadcast (SOLO SI HAY FRAME RELAY)
___________________________________________________________
FRAME RELAY
___________________________________________________________
int s0/0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
frame-relay map ip 10.0.0.2 102 broadcast
frame-relay map ip 10.0.0.3 103 broadcast
frame-relay map ip 10.0.0.4 104 broadcast ietf
ip ospf network broadcast (PARA OSPF)
___________________________________________________________
SYSLOG
___________________________________________________________
Habilitar servicio en servidor
logging IP_servidor
___________________________________________________________
NTP
___________________________________________________________
(MANUAL)
clock set 18:55:00 December 12 2017
service timestamps log datetime msec
(SERVIDOR)
ntp server IP_server
service timestamps log datetime msec
___________________________________________________________
TUNNEL GRE
___________________________________________________________
interface Tunnel 0
ip address 10.10.10.1 255.255.255.252 (IP LOCAL DE TUNNEL GRE)
tunnel source Serial0/0/1 (SALIDA)
tunnel destination 209.165.201.6 (IP OTRO EXTREMO)
exit
___________________________________________________________
ACL (EJEMPLOS)
___________________________________________________________
(numerada estandar) denegar acceso a red
# access-list 10 deny 192.168.1.0 0.0.0.255
# access-list 10 permit any
#int f0/0
#ip access-group 10 in
(numerada extendida) denegar dns a red
#access-list 110 deny udp 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255 eq
53
#access-list 110 permit ip any any
#int f0/0
#ip access-group 110 in
(nombrada estandar)
#ip access-list standar NEGAR_LAN_A
#deny 192.168.1.0 0.0.0.255
#permit any
#int f0/0
#ip access-group NEGAR_LAN_A in
(nombrada extendida)
#ip access-list extended NEGARDNS
#deny udp 192.168.10.10 0.0.0.0 any eq 53
#permit ip any any
#int f0/0
#ip access-group NEGARDNS in
___________________________________________________________