Ccna 4

EXAMEN
___________________________________________________________
IPsec (enlace vpn)
LICENCIA = license boot module c900 technology-package securityk9
do wr
do reload
___________________________________________________________
FASE 1
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 3600
crypto isakmp key tour123 address 209.165.201.6(IP OTRO EXTREMO)
FASE 2
crypto ipsec transform-set VPN-SET-CONCE(NOMBRE OTRO RT) esp-aes 256 esp-sha-hmac
crypto ACL (trafico interesante)

access-list 110 permit ip 10.1.100.0 0.0.0.255(ORIGEN) 10.1.200.0
0.0.0.255(DESTINO)
ip access-list extended ACLNAT (PARA QUE SE HAGA EL NAT)

deny ip 10.1.200.0 0.0.0.255 10.1.100.0 0.0.0.255
permit ip 10.1.200.0 0.0.0.255 any
exit
ip nat inside source list ACLNAT interface s0/0/1 (sobrecarga pat)
Union Fase1 y 2
crypto map VPN-MAP-CONCE 10 ipsec-isakmp
description VPN conexion a CONCE
set peer 209.165.201.6 (IP OTRO EXTREMO)
set transform-set VPN-SET-CONCE
match address 110
interface serial 0/0/1

crypto map VPN-MaP-CONCE
___________________________________________________________
NAT
___________________________________________________________
(ESTATICO MISMA IP DIFERENTE PUERTO)
ip nat inside source static udp 10.1.250.10 53 209.165.200.6 53
ip nat inside source static tcp 10.1.250.20 21 209.165.200.6 21
(NO OLVIDAR) ip nat inside y outside en los puertos
(ESTATICO)
ip nat inside source static 10.1.250.10 209.165.200.6
int g0/0
ip nat inside
(POOL con ACL)

ip access-list standard ACLNAT
permit 10.1.10.0 0.0.0.255
permit 10.1.20.0 0.0.0.255
permit 10.1.100.0 0.0.0.255
ip nat pool POOLNAT 209.165.200.1 209.165.200.5 netmask 255.255.255.248
ip nat inside source list ACLNAT pool POOLNAT
___________________________________________________________
PPP (chap � pap)
___________________________________________________________
username ISP password cisco (DATOS DEL OTRO EXTREMO)
interface s0/0/1
encapsulation ppp
ppp authentication chap
exit
___________________________________________________________
OSPF cifrado (EJEMPLO)
___________________________________________________________
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
area 0 authentication message-digest
passive-interface g0/0
router-id 3.3.3.3
exit
int s0/0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf priotiry 0 (PRIORIDAD DEL PUERTO)
ip ospf network broadcast (SOLO SI HAY FRAME RELAY)
___________________________________________________________
FRAME RELAY
___________________________________________________________
int s0/0/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
frame-relay map ip 10.0.0.2 102 broadcast
frame-relay map ip 10.0.0.3 103 broadcast
frame-relay map ip 10.0.0.4 104 broadcast ietf
ip ospf network broadcast (PARA OSPF)
___________________________________________________________
SYSLOG
___________________________________________________________
Habilitar servicio en servidor
logging IP_servidor
___________________________________________________________
NTP
___________________________________________________________
(MANUAL)
clock set 18:55:00 December 12 2017
service timestamps log datetime msec
(SERVIDOR)
ntp server IP_server
service timestamps log datetime msec
___________________________________________________________
TUNNEL GRE
___________________________________________________________
interface Tunnel 0
ip address 10.10.10.1 255.255.255.252 (IP LOCAL DE TUNNEL GRE)
tunnel source Serial0/0/1 (SALIDA)
tunnel destination 209.165.201.6 (IP OTRO EXTREMO)
exit
___________________________________________________________
ACL (EJEMPLOS)
___________________________________________________________
(numerada estandar) denegar acceso a red
# access-list 10 deny 192.168.1.0 0.0.0.255
# access-list 10 permit any
#int f0/0
#ip access-group 10 in
(numerada extendida) denegar dns a red
#access-list 110 deny udp 192.168.1.0 0.0.0.255 0.0.0.0 255.255.255.255 eq
53
#access-list 110 permit ip any any
#int f0/0
#ip access-group 110 in
(nombrada estandar)
#ip access-list standar NEGAR_LAN_A
#deny 192.168.1.0 0.0.0.255
#permit any
#int f0/0
#ip access-group NEGAR_LAN_A in
(nombrada extendida)
#ip access-list extended NEGARDNS
#deny udp 192.168.10.10 0.0.0.0 any eq 53
#permit ip any any
#int f0/0
#ip access-group NEGARDNS in
___________________________________________________________

Ccna 4

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ccna 4

Caricato da

Copyright:

Formati disponibili

EXAMEN

crypto isakmp key tour123 address 209.165.201.6(IP OTRO EXTREMO)

crypto ACL (trafico interesante)

ip access-list extended ACLNAT (PARA QUE SE HAGA EL NAT)

interface serial 0/0/1

(POOL con ACL)

Potrebbero piacerti anche