Scribd
Upload
86 views4 pages

Comandos Packet Tracer

The document describes the configuration of IPsec VPNs between two routers to encrypt traffic between their subnets. It includes: 1) The creation of IKEv1 security associations between the routers using pre-shared keys for authentication. 2) IPSec transform sets and crypto maps are configured to apply AES encryption and SHA authentication to traffic matching an access list permitting traffic between the subnets. 3) The crypto maps are applied to interfaces on each router to establish the IPsec tunnels.

Uploaded by

Remigio Alvino Pillco Pillajo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
86 views4 pages

Comandos Packet Tracer

The document describes the configuration of IPsec VPNs between two routers to encrypt traffic between their subnets. It includes: 1) The creation of IKEv1 security associations between the routers using pre-shared keys for authentication. 2) IPSec transform sets and crypto maps are configured to apply AES encryption and SHA authentication to traffic matching an access list permitting traffic between the subnets. 3) The crypto maps are applied to interfaces on each router to establish the IPsec tunnels.

Uploaded by

Remigio Alvino Pillco Pillajo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

LEVANTAMOS INTERFACES

interface fastethernet0/0
ip address 10.0.0.1 255.0.0.0
no shutdwon
exit
interface fastethernet0/1
ip address 10.0.0.1 255.0.0.0
no shutdwon

RIP ENTRE ROUTERS


router rip
network 192.168.10.0
network 10.0.0.0
exit
-----------------------------------
IPSEC
POLITICA DE SEGURIDAD ROUTER 1
crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 10.0.0.2
crypto ipsec transform-set tset esp-aes esp-sha-hmac
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
crypto map cmap 10 ipsec-isakmp
set peer 10.0.0.2
match address 101
set transform-set tset
exit
interface fa0/1
crypto map cmap
do wr

POLITICA DE SEGURIDAD ROUTER 2


crypto isakmp policy 10
authentication pre-share
hash sha
encryption aes 256
group 2
lifetime 86400
exit
crypto isakmp key toor address 10.0.0.1
crypto ipsec transform-set tset esp-aes esp-sha-hmac
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
crypto map cmap 10 ipsec-isakmp
set peer 10.0.0.1
match address 101
set transform-set tset
exit
interface fa0/1
crypto map cmap
do wr
-----------------------------------
VER PAQUETES ENCRIPTADOS
en
show crypto isakmp sa

-------------------------------------------
ELVIS COMANDOS

FRAME RELAY

******R1*******
en
conf t
int s1/0
ip add 10.0.0.1 255.255.255.0
enc fr
fr map ip 10.0.0.2 102 broadcast
fr map ip 10.0.0.3 103 broadcast
fr map ip 10.0.0.4 104 broadcast
**fr map ip 10.0.0.5 105 broadcast**
frame-relay lmi-type ansi
ip ospf network broadcast
no sh
do copy ru s

*******R2*******
en
conf t
int s1/0
ip add 10.0.0.2 255.255.255.0
enc fr
frame-relay map ip 10.0.0.1 201 bro
frame-relay map ip 10.0.0.3 203 bro
frame-relay map ip 10.0.0.4 204 bro
**fr map ip 10.0.0.5 205 broadcast**
frame-relay lmi-type ansi
ip ospf net broadcast
no sh
do copy ru s

********R3*******
en
conf t
int s1/0
ip add 10.0.0.3 255.255.255.0
enc fr
frame-relay map ip 10.0.0.1 301 bro
frame-relay map ip 10.0.0.2 302 bro
frame-relay map ip 10.0.0.4 304 bro
**fr map ip 10.0.0.5 305 broadcast**
frame-relay lmi-type ansi
ip ospf net broadcast
no sh
do copy ru s

********R4*******
en
conf t
int s1/0
ip add 10.0.0.4 255.255.255.0
enc fr
frame-relay map ip 10.0.0.1 401 bro
frame-relay map ip 10.0.0.2 402 bro
frame-relay map ip 10.0.0.3 403 bro
fr map ip 10.0.0.5 405 broadcast
frame-relay lmi-type ansi
ip ospf net broadcast
no sh
do copy ru s

********R5*******
en
conf t
int s1/0
ip add 10.0.0.5 255.255.255.0
enc fr
frame-relay map ip 10.0.0.1 501 bro
frame-relay map ip 10.0.0.2 502 bro
frame-relay map ip 10.0.0.3 503 bro
frame-relay map ip 10.0.0.4 504 bro
frame-relay lmi-type ansi
ip ospf net broadcast
no sh
do copy ru s

***configuramos las redes lan en cada router**

***configuramos enrutamiento dinamico ospf en cada router*


-----------------------------------------------
CONFIGURACION OSPF
**R1**
en
conf t
router ospf 1
net 192.168.1.0 0.0.0.255 area 1
net 10.0.0.1 0.0.0.255 area 1
do copy run st

**R2**
en
conf t
router ospf 1
net 192.168.2.0 0.0.0.255 area 1
net 10.0.0.2 0.0.0.255 area 1
do copy run st

**R3**
en
conf t
router ospf 1
net 192.168.3.0 0.0.0.255 area 1
net 10.0.0.3 0.0.0.255 area 1
do copy run st

**R4**
en
conf t
router ospf 1
net 192.168.4.0 0.0.0.255 area 1
net 10.0.0.4 0.0.0.255 area 1
do copy run st

**dhcp desde el router**


1)en el router dhcp:
configuramos dhcp pool para las lan que queremos dar
2)en los demas routers configuramos ip-helper address
vamos a la interfaz de la lan que queremos dar dhcp
ponemos ip-helper address <ip de interfaz de entrada del router dhcp>
fin

DEL INTERNET
Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#group 2
Router(config-isakmp)#hash sha
Router(config-isakmp)#exit
Router(config)#crypto isakmp key 0 address 11.0.0.2 0.0.0.0
Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac
Router(config)#crypto ipsec security-association lifetime seconds 86400
Router(config)#ip access-list extended ramzy
Router(config-ext-nacl)#permit ip 10.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
Router(config-ext-nacl)#exit
Router(config)#crypto map auda 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
Router(config-crypto-map)#match address ramzy
Router(config-crypto-map)#set peer 11.0.0.2
Router(config-crypto-map)#set pfs group2
Router(config-crypto-map)#set transform-set yasser
Router(config-crypto-map)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#crypto map auda
*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router(config-if)#exit
Router(config)#do wr

You might also like