Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2.- DESCRIPCIÓN.
El siguiente documento parte del requerimiento del cliente por la necesidad de conocer su plataforma
en operación. En este documento podremos encontrar de manera general y resumida lo referente a los
equipos en producción; descripción, inventario, direccionamiento, topología, accesos, entre otros.
3.- DIAGRAMA LÓGICO DE RED.
3.1.- Sección Primero de Mayo.
5
4.1.2 Helios.
Nota: Los dos Switch IE4010 suministrados para primero de Mayo tienen la misma
configuración, el Switch 1MAYO_SW1 es el que se encuentra en operación y el 1MAYO_SW2
queda como suministro y respaldo en caso de alguna falla operativa.
4.2.- Sección SE/ Elevadora.
4.2.1 Tuli.
Marca Modelo Descripción Unidad Cantidad
PCI/PCIe CON CORE i7 3.4GHz
Transduction TR-7190-RM-T Pieza 1
CPU Y WINDWS 10 PRO
Cisco CGR2010 security
Cisco CGR-2010-SEC/K9 Pieza 1
bundle w/SEC license PAK
TRANSFORMADOR DE
APC APTE10KW01 Pieza 1
AISLAMIENTO WW DE 10 KVA
4.2.2 Helios.
TRANSFORMADOR DE
APC APTE10KW01 Pieza 1
AISLAMIENTO WW DE 10 KVA
4.3.- Sección SE/ O&M.
4.3.1 Tuli.
TRANSFORMADOR DE
APC APTE10KW01 7S1841L00616 Pieza 1
AISLAMIENTO WW DE 10 KVA
Servidor de consola de 16
puertos Avocent ACS 8016 con
Avocent ACS8016MDAC-400 0520302628 Pieza 1
fuente de alimentación de CA
doble y módem incorporado
Fortivoive Enterprise-100E, 4X
Fortivoice FVE-100E FO100E5818000182 10/100/1000 ports, 1 X 500 Pieza 1
GB
FOC2307T1E3
Cisco CGS2520 front/rear
FOC2307T1E2 9
Cisco CGS-2520-24TC cabling w/2GE, 24-10/100 Pieza 4
FOC2307T1E4
copper
FOC2307T1FJ
TRANSFORMADOR DE
APC APTE10KW01 7S1841L00617 Pieza 1
AISLAMIENTO WW DE 10 KVA
Fortivoive Enterprise-100E, 4X
Fortivoice FVE-100E FO100E5818000177 10/100/1000 ports, 1 X 500 Pieza 1
GB
SEGMENTOS DE RED
NOMBRE VLAN ID SEGMENTO RED MÁSCARA UBICACIÓN
SEGMENTO
NOMBRE VLAN ID MÁSCARA UBICACIÓN
RED
PUERTO Gi 0/0 DEL SUBESTACION ELEVADORA
SWITCHES SEL ROUTER1_TULI Y 192.168.200.0 255.255.255.0 GABINETES
ROUTER2_TULI COMUNICACIONES DE TULI
COMUNICACIÓN PUERTO Gi 0/1 DEL SUBESTACION ELEVADORA
ROUTER BESTEL ROUTER1_TULI Y 10.85.66.0 255.255.255.240 GABINETES
MPLS ROUTER2_TULI COMUNICACIONES DE TULI
VLAN TELEFONIA SUBESTACION ELEVADORA
CENACE 10.73.250.216 255.255.255.248 GABINETES
25
(FORTIVOICE 20E) COMUNICACIONES DE TULI
SEGMENTO
NOMBRE VLAN ID MÁSCARA UBICACIÓN
RED
VLAN TELEFONIA SUBESTACION ELEVADORA
PÚBLICA 26 10.85.26.0 255.255.255.248 GABINETES
(FORTIVOICE 100E) COMUNICACIONES DE TULI
VLAN SUBESTACION ELEVADORA
ADMINISTRACION 885 10.85.85.0 255.255.255.0 GABINETES
EQUIPOS DE RED COMUNICACIONES DE TULI
PUERTO Gi 0/0/0 DEL SUBESTACION ELEVADORA
SEGMENTO PMEM
ROUTER1_TULI Y 172.31.30.217 255.255.255.248 GABINETES
TULI
ROUTER2_TULI COMUNICACIONES DE TULI
SEGMENTO SUBESTACION ELEVADORA
TELEFONOS O&M 15 10.85.15.0 255.255.255.0 GABINETES
TULI COMUNICACIONES DE TULI
5.2.2 Helios 13
SEGMENTO
NOMBRE VLAN ID MÁSCARA UBICACIÓN
RED
SUBESTACION ELEVADORA
PUERTO Gi 0/0 DEL
GABINETES
SWITCHES SEL ROUTER1_HELIOS Y 192.168.201.0 255.255.255.0
COMUNICACIONES DE
ROUTER2_HELIOS
HELIOS
SUBESTACION ELEVADORA
COMUNICACIÓN PUERTO Gi 0/1 DEL
GABINETES
ROUTER BESTEL ROUTER1_HELIOS Y 10.86.66.0 255.255.255.240
COMUNICACIONES DE
MPLS ROUTER2_HELIOS
HELIOS
SEGMENTO
NOMBRE VLAN ID MÁSCARA UBICACIÓN
RED
SUBESTACION ELEVADORA
VLAN TELEFONIA
GABINETES
CENACE 25 10.73.250.208 255.255.255.248
COMUNICACIONES DE
(FORTIVOICE 20E)
HELIOS
SUBESTACION ELEVADORA
VLAN TELEFONIA
GABINETES
PÚBLICA 26 10.86.26.0 255.255.255.248
COMUNICACIONES DE
(FORTIVOICE 100E)
HELIOS
SUBESTACION ELEVADORA
VLAN
GABINETES
ADMINISTRACION 885 10.86.86.0 255.255.255.0
COMUNICACIONES DE
EQUIPOS DE RED
HELIOS
SUBESTACION ELEVADORA 14
PUERTO Gi 0/0/0 DEL
SEGMENTO PMEM GABINETES
ROUTER1_HELIOS Y 172.31.30.208 255.255.255.248
HELIOS COMUNICACIONES DE
ROUTER2_HELIOS
HELIOS
SUBESTACION ELEVADORA
SEGMENTO
GABINETES
TELEFONOS O&M 15 10.86.15.0 255.255.255.0
COMUNICACIONES DE
HELIOS
HELIOS
5.3.- Sección O&M.
5.3.1 Tuli.
NOMBRE VLAN ID SEGMENTO RED MÁSCARA UBICACIÓN
default 1 N/A N/A
COMUNICACIONES DE TULI
EDIFICIO O&M GABINETES
User_Vlan 5 10.85.5.0 255.255.255.0
Server_Vlan 10 10.85.10.0 255.255.255.0
Phone_Vlan 15 10.85.15.0 255.255.255.0
Substation_Vlan 20 10.85.20.0 255.255.255.0
CENACE_TULI 25 10.73.250.216 255.255.255.248
TEL_PUB_TULI 26 10.85.26.0 255.255.255.248
Guest_Vlan 50 10.85.50.0 255.255.255.0
Security_Vlan 55 10.85.55.0 255.255.255.0
MGMT_Vlan_Tuli 885 10.85.85.0 255.255.255.0
5.3.2 Helios. 15
COMUNICACIONES HELIOS
EDIFICIO O&M GABINETES
User_Vlan 5 10.86.5.0 255.255.255.0
Server_Vlan 10 10.86.10.0 255.255.255.0
Phone_Vlan 15 10.86.15.0 255.255.255.0
Substation_Vlan 20 10.86.20.0 255.255.255.0
CENACE_TULI 25 10.73.250.208 255.255.255.248
TEL_PUB_TULI 26 10.86.26.0 255.255.255.248
Guest_Vlan 50 10.86.50.0 255.255.255.0
Security_Vlan 55 10.86.55.0 255.255.255.0
MGMT_Vlan_Tuli 886 10.86.86.0 255.255.255.0
6.- CREDENCIALES DE ACCESO.
6.2.1. Tuli
IP DE 16
EQUIPO NÚM. SERIE USUARIO CONTRASEÑA ENABLE CONSOLA
ADMINISTRACIÓN
FORTIVOICE
FO20E44P17000109 10.73.250.217 admin Tul1Zac2019 N/A N/A
20E
FORTIVOICE
FO100E5818000177 10.85.26.3 admin Tul1Zac2019 N/A N/A
100E
6.2.2. Helios.
IP DE
EQUIPO NÚM. SERIE USUARIO CONTRASEÑA ENABLE CONSOLA
ADMINISTRACIÓN
6.3.1. .Tuli.
IP DE
EQUIPO NÚM. SERIE USUARIO CONTRASEÑA ENABLE CONSOLA
ADMINISTRACIÓN
FOC23097ZP9
SW_CORE_TULI 10.85.85.254 N/A N/A TULI2018 TULI2018
FOC23097ZU7
6.3.2. Helios.
ENABL 18
EQUIPO NÚM. SERIE IP DE ADMINISTRACIÓN USUARIO CONTRASEÑA CONSOLA
E
H3l10s#Z4c$2019 HELIOS
ASAPRIMARIO JAD23090HDU 10.86.86.8 admin HELIOS2018
& 2018
H3l10s#Z4c$2019 HELIOS
ASASECUNSARIO JAD23090HDV 10.86.86.9 admin HELIOS2018
& 2018
HELIOS
SW_HELIOS_ISP FCW2304A0T2 10.86.86.6 N/A N/A HELIOS2018
2018
HELIOS
SW_HELIOS_DMZ FCW2304A0SF 10.86.86.7 N/A N/A HELIOS2018
2018
FOC2310X1GC HELIOS
SW_CORE_HELIOS 10.86.86.254 N/A N/A HELIOS2018
FOC2310X1G6 2018
FO100E5818000
FORTIVOICE 100E 10.86.15.1 admin H3l10sZ4c2019 N/A N/A
182
https://n127.meraki.com/HELI
Q2PD-MMJM- telecom.tulizac@gmai
AP CISCO MERAKI OS_OM/n/MUyCkb_b/login/da Tul1Z4c#%2019 N/A N/A
YXUM l.com
shboard_login
IP DE
EQUIPO NÚM. SERIE USUARIO CONTRASEÑA ENABLE CONSOLA
ADMINISTRACIÓN
7.1.1 Tuli.
UBICACI DIRECCIÓN
EQUIPO PUERTO CONECTADO HACIA
ÓN IP
1MAYO_S Puerto
GABINETE TULI
1MAYO_S Puerto GigabitEthernet1/2 al Puertos disponibles para conectar equipos red nueva gabinetes SEL
W1 Acceso 5 10.124.4.192/26
1MAYO_S Puerto
GigabitEthernet1/6 SW SICLE DE CFE (GarretCom Magnum 6K25)
W1 Acceso
1MAYO_S Puerto GigabitEthernet1/7 al Puertos disponibles para conectar equipos red anterior SICLE CFE
W1 Acceso 10 10.24.21.192/26
1MAYO_S Puerto
GigabitEthernet1/11 Puerto 3 Firewall PULLNET
W1 Acceso
1MAYO_S Puerto
GigabitEthernet1/12 Puerto de administración SW CISCO IE-4010 (192.168.255.1/29)
W1 Acceso
1MAYO_S Puerto GigabitEthernet1/13
Puertos con configuración de default, para recibir SFP´s
W1 Acceso al 28
7.1.2 Helios
UBICACI DIRECCIÓN
EQUIPO PUERTO CONECTADO HACIA
ÓN IP
1MAYO_S Puerto
GigabitEthernet1/1 SW SEL-2730M 10.124.4.193
W2 Acceso
1MAYO_S Puerto GigabitEthernet1/2 al Puertos disponibles para conectar equipos red nueva gabinetes SEL 20
GABINETE HELIOS SE PMY
W2 Acceso 5 10.124.4.192/26
1MAYO_S Puerto
GigabitEthernet1/6 SW SICLE DE CFE (GarretCom Magnum 6K25)
W2 Acceso
1MAYO_S Puerto GigabitEthernet1/7 al Puertos disponibles para conectar equipos red anterior SICLE CFE
W2 Acceso 10 10.24.21.192/26
1MAYO_S Puerto
GigabitEthernet1/11 Puerto 3 Firewall PULLNET
W2 Acceso
1MAYO_S Puerto
GigabitEthernet1/12 Puerto de administración SW CISCO IE-4010 (192.168.255.1/29)
W2 Acceso
1MAYO_S Puerto GigabitEthernet1/13
Puertos con configuración de default, para recibir SFP´s
W2 Acceso al 28
7.2.- Sección SE/ Elevadora.
7.2.1 Tuli.
21
ROUTER1_TULI 172.31.30.220/29 GigabitEthernet0/0/0 Gabinete RTU Tuli
GABINETES DE COMUNICACIONES TULI SW_TULI2 Puerto Acceso FastEthernet0/2 Router MPLS BESTEL TULI
SW_TULI2 Puerto Acceso VLAN GigabitEthernet0/2 Puerto para administrar equipos de red y
885 telefonía TULI
7.2.2 Helios.
COMUNICACIONES HELIOS
GABINETES DE RED TELEFONIA CENACE
SW_HELIOS2 Puerto Acceso VLAN 25 FastEthernet0/21 al 24
HELIOS
7.3.1 Tuli.
UBICACIÓN EQUIPO DIRECCIÓN IP PUERTO CONECTADO HACIA
SW_ISP_TULI Puerto Acceso VLAN 1 GigabitEthernet0/1 Puerto Gi 1/1 ASATULIPRI
COMUNICACIONES TULI
FirePower)
ASATULISEC 201.148.19.30/29 GigabitEthernet 1/1 SW_ISP_TULI Puerto Gi 0/2
ASATULISEC 10.85.85.9/24 GigabitEthernet 1/2 SW_CORE_TULI Puerto Gi 2/0/1
ASATULISEC 10.85.30.253/24 GigabitEthernet 1/3 SW_DMZ_TULI Puerto Gi 0/2
GigabitEthernet 1/4 Puerto GigabitEthernet 1/4 del
ASATULISEC 10.1.1.2/29
(FAILOVER) ASATULIPRI
GigabitEthernet 1/5 Puerto GigabitEthernet 1/5 del
ASATULISEC 172.27.1.2/29
(STATE FAILOVER) ASATULIPRI
Puerto MGMT (Acceso a
ASATULISEC 10.85.85.10/24 Modulo Cisco SW_CORE_TULI Puerto Gi 2/0/2 27
FirePower)
Puerto GigabitEthernet 1/1 del
SW_CORE_TULI Puerto Acceso VLAN 885 GigabitEthernet 1/0/1
ASATULIPRI
SW_CORE_TULI Puerto Acceso VLAN 885 GigabitEthernet 1/0/2 Puerto MGMT del ASATULPRI (FirePower)
GigabitEthernet 1/0/3 al
SW_CORE_TULI Puerto Acceso VLAN 885 Puertos disponibles VLAN MGMT 885
4
GigabitEthernet 1/0/5 al Puertos disponibles para usuario en Datos
SW_CORE_TULI Puerto Acceso
36 VLAN 5 y Voz VLAN 15
GigabitEthernet 1/0/37 Puertos disponibles para servidores VLAN
SW_CORE_TULI Puerto Acceso
al 45 10
GigabitEthernet 1/0/46 Puertos para puertos iLo servidores VLAN
SW_CORE_TULI Puerto Acceso
al 48 MGMT 885
GigabitEthernet 1/1/1 al Conexión de F.O. enlace primario a
SW_CORE_TULI Puertos Trunk
4 Elevadora
Puerto GigabitEthernet 1/1 del
SW_CORE_TULI Puerto Acceso VLAN 885 GigabitEthernet 2/0/1
ASAHELIOSSEC
UBICACIÓN EQUIPO DIRECCIÓN IP PUERTO CONECTADO HACIA
Puerto MGMT del ASATULISEC
SW_CORE_TULI Puerto Acceso VLAN 885 GigabitEthernet 2/0/2
(FirePower)
GigabitEthernet 2/0/3 al
SW_CORE_TULI Puerto Acceso VLAN 885 Puertos disponibles VLAN MGMT 885
4
GABINETES DE COMUNICACIONES TULI
(FirePower)
GigabitEthernet 1/0/3 al Puertos disponibles VLAN MGMT
SW_CORE_HELIOS Puerto Acceso VLAN 886
4 886
SW_CORE_HELIOS Puerto Acceso GigabitEthernet 1/0/5 Puerto de Prueba sobre VLAN 10
SW_CORE_HELIOS Puerto Acceso GigabitEthernet 1/0/6 Puerto de Prueba sobre VLAN 15
GigabitEthernet 1/0/7 al
SW_CORE_HELIOS Puerto Acceso Puerto de Prueba sobre VLAN 20
12
GigabitEthernet 1/0/13 Puertos disponibles para usuario en
SW_CORE_HELIOS Puerto Acceso
al 36 Datos VLAN 5 y Voz VLAN 15
GigabitEthernet 1/0/37 Puertos disponibles para servidores 30
SW_CORE_HELIOS Puerto Acceso
al 46 VLAN 10
GigabitEthernet 1/0/47 Puertos para puertos iLo servidores
SW_CORE_HELIOS Puerto Acceso
al 48 VLAN MGMT 886
GigabitEthernet 1/1/1 al Conexión de F.O. enlace primario a
SW_CORE_HELIOS Puertos Trunk
4 Elevadora
Puerto GigabitEthernet 1/1 del
SW_CORE_HELIOS Puerto Acceso VLAN 886 GigabitEthernet 2/0/1
ASAHELIOSSEC
Puerto MGMT del ASAHELIOSSEC
SW_CORE_HELIOS Puerto Acceso VLAN 886 GigabitEthernet 2/0/2
(FirePower)
GigabitEthernet 2/0/3 al Puertos disponibles VLAN MGMT
SW_CORE_HELIOS Puerto Acceso VLAN 886
4 886
GigabitEthernet 2/0/5 al
SW_CORE_HELIOS Puerto Acceso Puerto de Prueba sobre VLAN 20
12
GigabitEthernet 2/0/13 Puertos disponibles para usuario en
SW_CORE_HELIOS Puerto Acceso
al 36 Datos VLAN 5 y Voz VLAN 15
GigabitEthernet 2/0/37
SW_CORE_HELIOS Puerto Acceso Puertos en VLAN Default
al 42
UBICACIÓN EQUIPO DIRECCIÓN IP PUERTO CONECTADO HACIA
COMUNICACIONES TULI
SW_CORE_HELIOS Puerto Trunk GigabitEthernet 2/0/44 Puerto Gi 0/8 SW_ISP_HELIOS
SW_CORE_HELIOS Puerto Acceso GigabitEthernet 2/0/45 Puerto Gi 0/8 SW_DMZ_HELIOS
SW_CORE_HELIOS Puerto Acceso GigabitEthernet 2/0/46 Puerto 1 FortiVoice 100E VLAN 15
GABINETES DE
Los parámetros mostrados en esta memoria técnica son con los cuales se encuentra
funcionando óptimamente el sistema de comunicaciones de la S.E. TULI & HELIOS.
Username: admin
Password:
1MAYO_SW1#show run
Building configuration...
!
!
transceiver type all
!
lldp run
!
!
!
!
!
interface GigabitEthernet1/1
description "HACIA_SW_SEL_10.124.4.193"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/2
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5 34
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/3
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/4
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/5
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/6
description "HACIA_SW_SICLE"
spanning-tree portfast edge
!
interface GigabitEthernet1/7
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/8
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/9
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/10
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/11
description HACIA_FW_PULLNET
no switchport
ip address 10.255.255.2 255.255.255.252
! 35
interface GigabitEthernet1/12
switchport access vlan 200
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/13
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/14
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/15
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/16
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/17
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/18
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/19
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/20
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/21
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/22
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/23
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/24
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/25
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/26
description "PUERTOS_DISPONIBLES_PARA_SFPs" 36
!
interface GigabitEthernet1/27
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/28
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface Vlan1
description "DEFAULT_GATEWAY_RED_SICLE_ANTERIOR"
ip address 10.24.21.193 255.255.255.192
!
interface Vlan5
description "DEFAULT_GATEWAY_RED_SICLE_NUEVA"
ip address 10.124.4.254 255.255.255.192
!
interface Vlan200
description "VLAN_ADMINISTRACION_SWITCH_TEMPORAL"
ip address 192.168.255.1 255.255.255.248
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.255.255.1
ip route 10.24.0.0 255.255.0.0 10.255.255.1
ip route 10.124.0.0 255.255.0.0 10.255.255.1
ip route 172.12.0.0 255.255.0.0 10.255.255.1
ip route 172.18.0.0 255.255.0.0 10.255.255.1
!
!
!
!
!
no vstack
!
line con 0
line vty 0 4
exec-timeout 360 0
login local
transport input telnet
line vty 5 15
no login
transport input none
!
! 37
end
1MAYO_SW1#
8.1.2 SW_1°MAYO,02
1MAYO_SW2#show run
Building configuration...
!
!
transceiver type all
!
lldp run
!
!
!
!
!
interface GigabitEthernet1/1
description "HACIA_SW_SEL_10.124.4.193"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/2
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/3
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/4
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/5
description "RED_SICLE_NUEVA_10.124.4.192"
switchport access vlan 5
switchport mode access 39
spanning-tree portfast edge
!
interface GigabitEthernet1/6
description "HACIA_SW_SICLE"
spanning-tree portfast edge
!
interface GigabitEthernet1/7
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/8
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/9
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/10
description "RED_SICLE_ANTERIOR_10.24.21.192"
spanning-tree portfast edge
!
interface GigabitEthernet1/11
description HACIA_FW_PULLNET
no switchport
ip address 10.255.255.2 255.255.255.252
!
interface GigabitEthernet1/12
switchport access vlan 200
switchport mode access
spanning-tree portfast edge
!
interface GigabitEthernet1/13
description "PUERTOS_DISPONIBLES_PARA_SFPs"
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/14
description "PUERTOS_DISPONIBLES_PARA_SFPs"
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/15
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/16
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/17 40
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/18
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/19
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/20
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/21
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/22
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/23
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/24
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/25
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/26
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/27
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface GigabitEthernet1/28
description "PUERTOS_DISPONIBLES_PARA_SFPs"
!
interface Vlan1
description "DEFAULT_GATEWAY_RED_SICLE_ANTERIOR"
ip address 10.24.21.193 255.255.255.192
!
interface Vlan5
description "DEFAULT_GATEWAY_RED_SICLE_NUEVA"
ip address 10.124.4.254 255.255.255.192
!
interface Vlan200
description "VLAN_ADMINISTRACION_SWITCH_TEMPORAL"
ip address 192.168.255.1 255.255.255.248
!
ip forward-protocol nd
ip http server 41
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.255.255.1
ip route 10.24.0.0 255.255.0.0 10.255.255.1
ip route 10.124.0.0 255.255.0.0 10.255.255.1
ip route 172.12.0.0 255.255.0.0 10.255.255.1
ip route 172.18.0.0 255.255.0.0 10.255.255.1
!
!
!
!
!
no vstack
!
line con 0
line vty 0 4
exec-timeout 360 0
login local
transport input telnet
line vty 5 15
exec-timeout 0 0
no login
transport input none
!
!
end
1MAYO_SW2#
8.2.2 ROUTER2_TULI
Building configuration...
8.2.3 SERVICEMODULE_ROUTER1
ROUTER1_TULI#service-module gi 0/0/0 sess
ROUTER1_TULI#service-module gi 0/0/0 session
Trying 172.31.30.220, 2003 ... Open
SWITCH_R1_TULI>enable
SWITCH_R1_TULI#show run
Building configuration...
8.2.4 SERVICEMODULE_ROUTER2
ROUTER2_TULI#service-module gi 0/0/0 session
Trying 172.31.30.221, 2003 ... Open
SWITCH_R2_TULI>
SWITCH_R2_TULI>enable
SWITCH_R2_TULI#show run
Building configuration...
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
Replace <myuser> and <mypassword> with the username and password you want to
use. 68
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 3
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
no login
transport input all
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000 69
!
end
ROUTER1_HELIOS#
8.3.2 ROUTER2_HELIOS
Building configuration...
ROUTER2_HELIOS#
8.3.3 SERVICEMODULE_R1
ROUTER1_HELIOS#service-module gi 0/0/0 session
Trying 172.31.30.212, 2003 ... Open
SWITCH_R1_HELIOS>ena
SWITCH_R1_HELIOS#show run
Building configuration...
76
8.3.4 SERVICEMODULE_R2
ROUTER2_HELIOS#servi
ROUTER2_HELIOS#service-module gi 0/0/0 session
Trying 172.31.30.213, 2003 ... Open
SWITCH_R2_HELIOS>
SWITCH_R2_HELIOS>
SWITCH_R2_HELIOS>ENABLE
SWITCH_R2_HELIOS#show run
Building configuration...
SWITCH_R2_HELIOS#
8.3.5 SW_HELIOS1
Building configuration...
8.3.6 SW_HELIOS2
Building configuration...
8.4.1 ASATULIPRI
------------------ show running-config ------------------
: Saved
:
: Serial Number: JAD23090HCN
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
!
hostname ASATULIPRI
enable password <removed> pbkdf2
names
!
interface GigabitEthernet1/1
nameif outsidetuli
security-level 0
ip address 201.148.19.29 255.255.255.248 standby 201.148.19.30
!
interface GigabitEthernet1/2 89
nameif insidetuli
security-level 100
ip address 10.85.85.8 255.255.255.0 standby 10.85.85.9
!
interface GigabitEthernet1/3
nameif dmztuli
security-level 50
ip address 10.85.30.254 255.255.255.0 standby 10.85.30.253
!
interface GigabitEthernet1/4
description LAN Failover Interface
!
interface GigabitEthernet1/5
description STATE Failover Interface
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0 90
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network User_Vlan
subnet 10.85.5.0 255.255.255.0
object network INSIDE-TULI
subnet 192.168.254.0 255.255.255.248
object network Sever_Vlan
subnet 10.85.10.0 255.255.255.0
object network Phone_Vlan
subnet 10.85.15.0 255.255.255.0
object network Substation_Vlan
subnet 10.85.20.0 255.255.255.0
object network Security_Vlan
subnet 10.85.55.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Sever_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_2
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Sever_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
access-list OUTSIDE_TULI extended permit ip any any
access-list INSIDE_TULI extended deny ip object-group DM_INLINE_NETWORK_2 10.85.30.0
255.255.255.0
access-list INSIDE_TULI extended permit ip any any
access-list DMZ_TULI extended deny ip 10.85.30.0 255.255.255.0 object-group
DM_INLINE_NETWORK_1
access-list DMZ_TULI extended permit ip any any
pager lines 24
logging asdm informational
mtu outsidetuli 1500
mtu insidetuli 1500
mtu dmztuli 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
failover
failover lan unit primary 91
failover lan interface folink GigabitEthernet1/4
failover polltime unit msec 200 holdtime msec 800
failover key *****
failover link statelink GigabitEthernet1/5
failover interface ip folink 10.1.1.1 255.255.255.248 standby 10.1.1.2
failover interface ip statelink 172.27.1.1 255.255.255.248 standby 172.27.1.2
no monitor-interface inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any insidetuli
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
nat (insidetuli,outsidetuli) after-auto source dynamic any interface
nat (dmztuli,outsidetuli) after-auto source dynamic any interface
access-group OUTSIDE_TULI in interface outsidetuli
access-group INSIDE_TULI in interface insidetuli
access-group DMZ_TULI in interface dmztuli
route outsidetuli 0.0.0.0 0.0.0.0 201.148.19.25 1
route insidetuli 10.85.5.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.10.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.15.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.20.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.50.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.55.0 255.255.255.0 10.85.85.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_7
http 0.0.0.0 0.0.0.0 insidetuli
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck 92
ssh 0.0.0.0 0.0.0.0 insidetuli
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
8.4.2 ASATULISEC
: Saved
:
: Serial Number: JAD23090HD5
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
!
hostname ASATULISEC
enable password <removed> pbkdf2
names
!
interface GigabitEthernet1/1
nameif outsidetuli
security-level 0
ip address 201.148.19.29 255.255.255.248 standby 201.148.19.30
!
interface GigabitEthernet1/2
nameif insidetuli
security-level 100
ip address 10.85.85.8 255.255.255.0 standby 10.85.85.9
!
interface GigabitEthernet1/3
nameif dmztuli
security-level 50
ip address 10.85.30.254 255.255.255.0 standby 10.85.30.253
!
interface GigabitEthernet1/4 94
description LAN Failover Interface
!
interface GigabitEthernet1/5
description STATE Failover Interface
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0 95
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network User_Vlan
subnet 10.85.5.0 255.255.255.0
object network INSIDE-TULI
subnet 192.168.254.0 255.255.255.248
object network Sever_Vlan
subnet 10.85.10.0 255.255.255.0
object network Phone_Vlan
subnet 10.85.15.0 255.255.255.0
object network Substation_Vlan
subnet 10.85.20.0 255.255.255.0
object network Security_Vlan
subnet 10.85.55.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Sever_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_2
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Sever_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
access-list OUTSIDE_TULI extended permit ip any any
access-list INSIDE_TULI extended deny ip object-group DM_INLINE_NETWORK_2 10.85.30.0
255.255.255.0
access-list INSIDE_TULI extended permit ip any any
access-list DMZ_TULI extended deny ip 10.85.30.0 255.255.255.0 object-group
DM_INLINE_NETWORK_1
access-list DMZ_TULI extended permit ip any any
pager lines 24
logging asdm informational
mtu outsidetuli 1500
mtu insidetuli 1500
mtu dmztuli 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500 96
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet1/4
failover polltime unit msec 200 holdtime msec 800
failover key *****
failover link statelink GigabitEthernet1/5
failover interface ip folink 10.1.1.1 255.255.255.248 standby 10.1.1.2
failover interface ip statelink 172.27.1.1 255.255.255.248 standby 172.27.1.2
no monitor-interface inside
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any insidetuli
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
nat (insidetuli,outsidetuli) after-auto source dynamic any interface
nat (dmztuli,outsidetuli) after-auto source dynamic any interface
access-group OUTSIDE_TULI in interface outsidetuli
access-group INSIDE_TULI in interface insidetuli
access-group DMZ_TULI in interface dmztuli
route outsidetuli 0.0.0.0 0.0.0.0 201.148.19.25 1
route insidetuli 10.85.5.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.10.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.15.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.20.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.50.0 255.255.255.0 10.85.85.254 1
route insidetuli 10.85.55.0 255.255.255.0 10.85.85.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable 97
http 192.168.1.0 255.255.255.0 inside_7
http 0.0.0.0 0.0.0.0 insidetuli
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 insidetuli
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
Building configuration...
Building configuration...
8.4.5 SW_CORE_TULI
Building configuration...
8.4.6 SW_DMZ_TULI
Building configuration...
Building configuration...
8.4.8 SW_TULI1
Building configuration...
8.4.9 SW_TULI2
Building configuration...
8.5.1 ASAHELIOSPRI
: Saved
:
: Serial Number: JAD23090HDU
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
! 144
hostname ASAHELIOSPRI
enable password <removed> pbkdf2
names
!
interface GigabitEthernet1/1
nameif outsidehelios
security-level 0
ip address 201.148.19.45 255.255.255.248 standby 201.148.19.46
!
interface GigabitEthernet1/2
nameif insidehelios
security-level 100
ip address 10.86.86.8 255.255.255.0 standby 10.86.86.9
!
interface GigabitEthernet1/3
nameif dmzhelios
security-level 50
ip address 10.86.30.254 255.255.255.0 standby 10.86.30.253
!
interface GigabitEthernet1/4
description LAN Failover Interface
!
interface GigabitEthernet1/5
description STATE Failover Interface
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only 145
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
clock timezone MEX -6
clock summer-time MEX recurring 1 Sun Apr 2:00 last Sun Oct 2:00
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network User_Vlan
subnet 10.86.5.0 255.255.255.0
object network Server_Vlan
subnet 10.86.10.0 255.255.255.0
object network Phone_Vlan
subnet 10.86.15.0 255.255.255.0
object network Substation_Vlan
subnet 10.86.20.0 255.255.255.0
object network Security_Vlan
subnet 10.86.55.0 255.255.255.0
object network INSIDE-HELIOS
subnet 192.168.255.0 255.255.255.248
object-group network DM_INLINE_NETWORK_1
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan 146
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_2
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_3
network-object 10.86.30.0 255.255.255.0
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
access-list dmzhelios_access_in extended deny ip 10.86.30.0 255.255.255.0 object-group
DM_INLINE_NETWORK_2
access-list dmzhelios_access_in extended permit ip any any
access-list insidehelios_access_in extended deny ip object-group DM_INLINE_NETWORK_1
10.86.30.0 255.255.255.0
access-list insidehelios_access_in extended permit ip any any
access-list OUTSIDE_HELIOS extended permit ip object-group DM_INLINE_NETWORK_3 any
access-list OUTSIDE_HELIOS extended permit ip any any
access-list PRUEBA_FPOWER extended permit ip 10.86.86.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu outsidehelios 1500
mtu insidehelios 1500
mtu dmzhelios 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
failover
failover lan unit primary
failover lan interface folink GigabitEthernet1/4
failover polltime unit msec 200 holdtime msec 800
failover key *****
failover link statelink GigabitEthernet1/5
failover interface ip folink 10.1.2.1 255.255.255.248 standby 10.1.2.2
failover interface ip statelink 172.27.2.1 255.255.255.248 standby 172.27.2.2
no monitor-interface inside
icmp unreachable rate-limit 1 burst-size 1 147
icmp permit any insidehelios
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
nat (insidehelios,outsidehelios) after-auto source dynamic any interface
nat (dmzhelios,outsidehelios) after-auto source dynamic any interface
access-group OUTSIDE_HELIOS in interface outsidehelios
access-group insidehelios_access_in in interface insidehelios
access-group dmzhelios_access_in in interface dmzhelios
route outsidehelios 0.0.0.0 0.0.0.0 201.148.19.41 1
route insidehelios 10.86.5.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.10.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.15.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.20.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.50.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.55.0 255.255.255.0 10.86.86.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 0.0.0.0 0.0.0.0 insidehelios
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck 148
ssh 0.0.0.0 0.0.0.0 insidehelios
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
: Saved
:
: Serial Number: JAD23090HDV
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
!
hostname ASAHELIOSPRI
enable password <removed> pbkdf2
names
!
interface GigabitEthernet1/1
nameif outsidehelios
security-level 0
ip address 201.148.19.45 255.255.255.248 standby 201.148.19.46
! 150
interface GigabitEthernet1/2
nameif insidehelios
security-level 100
ip address 10.86.86.8 255.255.255.0 standby 10.86.86.9
!
interface GigabitEthernet1/3
nameif dmzhelios
security-level 50
ip address 10.86.30.254 255.255.255.0 standby 10.86.30.253
!
interface GigabitEthernet1/4
description LAN Failover Interface
!
interface GigabitEthernet1/5
description STATE Failover Interface
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive 151
clock timezone MEX -6
clock summer-time MEX recurring 1 Sun Apr 2:00 last Sun Oct 2:00
same-security-traffic permit inter-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network User_Vlan
subnet 10.86.5.0 255.255.255.0
object network Server_Vlan
subnet 10.86.10.0 255.255.255.0
object network Phone_Vlan
subnet 10.86.15.0 255.255.255.0
object network Substation_Vlan
subnet 10.86.20.0 255.255.255.0
object network Security_Vlan
subnet 10.86.55.0 255.255.255.0
object network INSIDE-HELIOS
subnet 192.168.255.0 255.255.255.248
object-group network DM_INLINE_NETWORK_1
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_2
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
object-group network DM_INLINE_NETWORK_3
network-object 10.86.30.0 255.255.255.0 152
network-object object Phone_Vlan
network-object object Security_Vlan
network-object object Server_Vlan
network-object object Substation_Vlan
network-object object User_Vlan
access-list dmzhelios_access_in extended deny ip 10.86.30.0 255.255.255.0 object-group
DM_INLINE_NETWORK_2
access-list dmzhelios_access_in extended permit ip any any
access-list insidehelios_access_in extended deny ip object-group DM_INLINE_NETWORK_1
10.86.30.0 255.255.255.0
access-list insidehelios_access_in extended permit ip any any
access-list OUTSIDE_HELIOS extended permit ip object-group DM_INLINE_NETWORK_3 any
access-list OUTSIDE_HELIOS extended permit ip any any
access-list PRUEBA_FPOWER extended permit ip 10.86.86.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu outsidehelios 1500
mtu insidehelios 1500
mtu dmzhelios 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet1/4
failover polltime unit msec 200 holdtime msec 800
failover key *****
failover link statelink GigabitEthernet1/5
failover interface ip folink 10.1.2.1 255.255.255.248 standby 10.1.2.2
failover interface ip statelink 172.27.2.1 255.255.255.248 standby 172.27.2.2
no monitor-interface inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any insidehelios
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
nat (insidehelios,outsidehelios) after-auto source dynamic any interface
nat (dmzhelios,outsidehelios) after-auto source dynamic any interface
access-group OUTSIDE_HELIOS in interface outsidehelios
access-group insidehelios_access_in in interface insidehelios 153
access-group dmzhelios_access_in in interface dmzhelios
route outsidehelios 0.0.0.0 0.0.0.0 201.148.19.41 1
route insidehelios 10.86.5.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.10.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.15.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.20.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.50.0 255.255.255.0 10.86.86.254 1
route insidehelios 10.86.55.0 255.255.255.0 10.86.86.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 0.0.0.0 0.0.0.0 insidehelios
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 insidehelios
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
8.5.3 ROUTER1_HELIOS
Building configuration...
8.5.4 ROUTER2_HELIOS
Building configuration...
Building configuration...
8.5.6 SW_HELIOS_DMZ
183
------------------ show running-config ------------------
Building configuration...
8.5.7 SW_HELIOS_ISP
186
Building configuration...
8.5.8 SW_HELIOS1
Building configuration...
8.5.9 SW_HELIOS2
Building configuration...
9.-TELEFONÍA
9.1.-configuración y extensiones Tuli.
SSID PASSWORD
GUEST_TULI Tul1W1f12019
HELIOS_OM WiFi Hel10sG3n2019
GUEST_HELIOS Hel10sW1f12019