Sei sulla pagina 1di 5

Dos redes VOIP

En

Todo se realiza en nivel de configuración (!)

R1

ip dhcp excluded-address 10.10.10.1 10.10.10.10


ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool DATA
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
ip dhcp pool VOICE
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
option 150 ip 10.10.20.1
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 1009480 address 189.210.125.54
!
crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac
!
crypto map R2_TO_R1 10 ipsec-isakmp
set peer 189.210.125.54
set transform-set VPNSET
match address 101
!
interface FastEthernet0/0
no ip address
Dos redes VOIP

duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/0.110
encapsulation dot1Q 110
ip address 10.10.20.1 255.255.255.0
!
interface FastEthernet0/1
ip address 177.17.17.1 255.255.255.0
crypto map R2_TO_R1
!
ip route 0.0.0.0 0.0.0.0 177.17.17.2
!
access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!

dial-peer voice 1 voip


destination-pattern 2001
session target ipv4:192.168.110.2
!
telephony-service
max-ephones 5
max-dn 5
ip source-address 10.10.20.1 port 2000
auto assign 1 to 5
!
ephone-dn 1
number 1001
!
ephone-dn 2
number 1002
!
ephone-dn 3
number 1003

ISP

interface FastEthernet0/0
ip address 189.210.125.49 255.255.255.0

!
Dos redes VOIP

interface FastEthernet0/1
ip address 177.17.17.2 255.255.255.0

R2

ip dhcp excluded-address 192.168.10.1 192.168.10.10


ip dhcp excluded-address 192.168.110.1 192.168.110.10
!
ip dhcp pool DATA
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
ip dhcp pool VOICE
network 192.168.110.0 255.255.255.0
default-router 192.168.110.2
option 150 ip 192.168.110.2
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 1009480 address 177.17.17.1
!
crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac
!
crypto map R1_TO_R2 10 ipsec-isakmp
set peer 177.17.17.1
set transform-set VPNSET
match address 101
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 2
ip address 192.168.10.2 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 102
ip address 192.168.110.2 255.255.255.0
!
interface FastEthernet0/1
ip address 189.210.125.54 255.255.255.0
crypto map R1_TO_R2
!
Dos redes VOIP

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1


!
access-list 101 permit ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
dial-peer voice 1 voip
destination-pattern 10..
session target ipv4:10.10.20.1
!
telephony-service
max-ephones 5
max-dn 5
ip source-address 192.168.110.2 port 2000
auto assign 1 to 5
create cnf-files
!
ephone-dn 1
number 2001
!
ephone-dn 2
number 2002

SWITCH 1

interface Range FastEthernet0/1-23


switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast

interface FastEthernet0/24
switchport mode trunk

interface Vlan10
ip address 10.10.10.2 255.255.255.0
!
ip default-gateway 10.10.10.1

SWITCH 2

interface Range FastEthernet0/1-23


switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast

interface FastEthernet0/24
switchport mode trunk
Dos redes VOIP

interface Vlan2
ip address 192.168.10.3 255.255.255.0
!
ip default-gateway 192.168.10.2

Para finalizar, revisar conexiones de los cables hacia las redes de forma adecuada, levantar las
interfaces con el NO SHUTDOWN, y darle un enrutamiento para las redes.

Para levantar la VPN solo necesitan generar trafico desde una interfaz de origen del router donde
se encuentren.

Ejemplo:

Desde el Router CME-VPN seria asi:

Router-LAN>en
Router-LAN#ping
Protocol [ip]:
Target IP address: 192.168.10.2 <----Interface destinoRepeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: yes <-----------Yes para generar trafico exendidoSource address or
interface: 10.10.10.1 <----- Interface origen del router donde se encuentranType of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!! <----- Ping Excitoso y VPN arribaSuccess rate is 100 percent (5/5), round-trip min/avg/max =
6/9/16 ms
Router-LAN#

Ahora verificamos que la VPN se encuentre en UP con el siguiente comando:

Router-LAN#sh crypto isakmp sa


IPv4 Crypto ISAKMP SA

dst src state conn-id slot status


189.210.125.54 177.17.17.1 QM_IDLE 1011 0 ACTIVE

IPv6 Crypto ISAKMP SA

Potrebbero piacerti anche