Scribd Logo
Upload

Welcome to Scribd!

  • Laboratorio VPN

    Uploaded by

    acidburd
    22 views1 page

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views1 page

    Laboratorio VPN

    Uploaded by

    acidburd

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Laboratorio de VPN por acceso remoto CCNA Security, 11 de Agosto 2011

    aaa new-model ! aaa authentication login USERAUTH local (1) (1a) aaa authorization network GRUPOAUTH local (2) ! username remoto pass 0 remoto (1a) ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 (Diffie Hellman) ! crypto isakmp client configuration group VENTAS key V3nta$ pool VPN_VENTAS netmask 255.255.255.0 acl 102 (opcional: ACL para split tunneling) ! crypto isakmp client configuration group PROVEEDORES key Proveedor3$ pool VPN_PROVEEDORES netmask 255.255.255.0 acl 103 (opcional: ACL para split tunneling) ! crypto ipsec transform-set TRANSFORMA esp-3des esp-sha-hmac (4) ! crypto dynamic-map REMOTO 10 (3) set transform-set TRANSFORMA (4) reverse-route ! crypto map TUNEL client authentication list USERAUTH (1) crypto map TUNEL isakmp authorization list GRUPOAUTH (2) crypto map TUNEL client configuration address respond (ID para IPSec) crypto map TUNEL 10 ipsec-isakmp dynamic REMOTO (3)(5) ! interface FastEthernet0/0 description INSIDE ip address 192.168.0.1 255.255.255.0 ip nat inside ip access-group 101 out (permisos usuarios VPN) ! interface FastEthernet0/1 description OUTSIDE ip address 200.0.0.2 255.255.255.252 ip nat outside crypto map TUNEL (5) ! ip nat inside source list 100 interface FastEthernet0/1 overload ! ip nat inside source static tcp 192.168.0.10 80 200.0.0.1 80 (port forwarding) ! access-list 100 deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.1.255 (NAT exemption) access-list 100 permit ip 192.168.0.0 0.0.0.255 any (NAT para el resto del trfico) access-list 101 remark Permisos usuarios VPN access-list 101 deny tcp 10.0.1.0 0.0.0.255 host 192.168.0.10 eq 80 (Proveedores no acceden al intranet server) access-list 101 permit ip 10.0.0.0.0 0.0.1.255 any (Proveedores acceden al resto de la red) access-list 102 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255 (ACL para Split-tunnel) access-list 103 permit ip 10.0.1.0 0.0.0.255 192.168.0.0 0.0.0.255 (ACL para Split-tunnel) ! ip local pool VPN_VENTAS 10.0.0.1 10.0.0.1.254 ip local pool VPN_PROVEEDORES 10.0.1.1 10.0.0.254 ! ip route 0.0.0.0 0.0.0.0 200.0.0.1 (ruta por defecto) ! Gateway #sh crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 200.0.0.1 190.11.42.66 QM_IDLE 2018 0 ACTIVE 200.0.0.1 190.138.95.43 QM_IDLE 2020 0 ACTIVE Gateway#sh ip local pool VPN_VENTAS Pool Begin VPN_VENTAS 10.0.0.1 Available addresses: 10.0.0.1 ---resumido--Inuse addresses: 10.0.0.100 IKE Addr IDB 10.0.0.101 IKE Addr IDB ---resumido--End 10.0.0.254 Free 91 In use 7 Blocked 0

    You might also like