Building configuration... Current configuration : 11395 bytes ! ! Last configuration change at 17:47:27 UTC Fri Feb 8 2019 version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CUBE ! boot-start-marker boot-end-marker ! ! logging buffered 1000000 ! aaa new-model ! ! ! ! aaa session-id common ! ip cef ! ! ! ! ip dhcp pool ll ! ! ! ip domain name domain.com ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip name-server 4.2.2.5 ip name-server 4.2.2.6 no ipv6 cef ! multilink bundle-name authenticated ! ! flow record FNFnbarREC match ipv4 tos match ipv4 dscp match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match application name collect routing source as collect routing destination as collect routing next-hop address ipv4 collect ipv4 id collect ipv4 source mask collect ipv4 destination mask collect transport tcp flags collect interface output collect flow direction collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last ! ! flow exporter FNFnbarEXP destination 192.168.1.48 source GigabitEthernet0/1 transport udp 9912 ! ! flow monitor FNFnbarMON exporter FNFnbarEXP cache timeout active 1 record FNFnbarREC ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-30323 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-30323 revocation-check none rsakeypair TP-self-signed-30323 ! ! crypto pki certificate chain TP-self-signed-30323 voice-card 0 ! ! ! voice service voip ip address trusted list ipv4 192.168.120.5 ipv4 169.132.196.33 ipv4 206.20.196.19 mode border-element allow-connections sip to sip no supplementary-service sip moved-temporarily no supplementary-service sip refer fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none sip registrar server expires max 3600 min 3600 early-offer forced midcall-signaling passthru g729 annexb-all ! voice class codec 10 codec preference 1 g729r8 codec preference 2 g711ulaw ! ! ! ! voice translation-rule 1 rule 1 /3336292211/ /3001/ ! voice translation-rule 11 rule 1 /^.*/ /4226xxxxxx/ ! ! voice translation-profile Inbound translate called 1 ! voice translation-profile out translate calling 11 ! ! ! license udi pid CISCO2911/K9 sn FTX1833AMLA hw-module pvdm 0/0 ! hw-module pvdm 0/1 ! ! ! ! ! ip ssh logging events ip ssh version 2 ! track 100 ip sla 1 delay down 10 up 5 ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 lifetime 60800 crypto isakmp key key address 0.0.0.0 ! ! crypto isakmp client configuration group vpn key pass dns 192.168.130.2 wins 192.168.130.2 pool VPN-POOL acl 120 crypto isakmp profile vpn-ike-profile-1 match identity group vpn client configuration address respond virtual-template 2 ! ! crypto ipsec transform-set TUN esp-3des esp-sha-hmac mode tunnel ! crypto ipsec profile VPN-PROFILE-1 set transform-set TUN ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address dhcp ip flow monitor FNFnbarMON input ip flow monitor FNFnbarMON output ip nat outside ip virtual-reassembly in shutdown duplex auto speed auto ! interface GigabitEthernet0/1 description <<<< ENLACE A SW_CORE >>>> ip address 192.168.100.2 255.255.255.240 ip flow ingress ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 duplex auto speed auto ! interface GigabitEthernet0/2 ip address 45.235.x.x 255.255.255.224 ip access-group EVITA-ICMP in ip nat outside ip virtual-reassembly in duplex auto speed 100 ! interface Virtual-Template1 no ip address ! interface Virtual-Template2 type tunnel ip unnumbered GigabitEthernet0/2 tunnel mode ipsec ipv4 tunnel protection ipsec profile VPN-PROFILE-1 ! ! router eigrp 1 network 192.168.0.0 0.0.255.255 ! ip local pool VPNREMOTE-POOL 192.168.160.2 192.168.160.30 ip local pool VPN-POOL 192.168.130.200 192.168.130.230 ip forward-protocol nd ! no ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip dns server ip nat inside source list NAT_Outside interface GigabitEthernet0/2 overload ip route 0.0.0.0 0.0.0.0 45.235.x.x ! ip access-list extended EVITA-ICMP permit ip any any ip access-list extended NAT_Outside deny ip 192.168.0.0 0.0.255.255 10.10.1.0 0.0.0.255 remark remark NAT Internet permit ip 192.168.0.0 0.0.255.255 any remark Evita el NAT a los clientes VPN deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 ip access-list extended RECURSOS-VPNREMOTE permit ip 192.168.0.0 0.0.255.255 any ip access-list extended SIP-TRUNK permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 ip access-list extended TRAFICO-VPN-CDMX permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.255.255 permit ip 192.168.110.0 0.0.0.255 10.10.0.0 0.0.255.255 permit ip 192.168.130.0 0.0.0.255 10.10.0.0 0.0.255.255 deny ip any any ! ip sla auto discovery access-list 1 permit 192.168.0.0 0.0.255.255 access-list 10 permit 192.168.110.0 0.0.0.255 access-list 10 permit 192.168.160.0 0.0.0.255 access-list 10 deny any access-list 15 permit 192.168.100.0 0.0.0.15 access-list 15 permit 192.168.0.0 0.0.255.255 access-list 15 permit 192.168.1.0 0.0.0.255 access-list 120 remark access-list 120 permit ip 192.168.0.0 0.0.255.255 any ! ! snmp-server enable traps ospf state-change snmp-server enable traps ospf cisco-specific state-change shamlink interface snmp-server enable traps entity-sensor threshold ! ! ! control-plane ! ! voice-port 0/0/0 cptone MX timing hookflash-out 50 timing guard-out 1000 caller-id enable ! voice-port 0/0/1 cptone MX timing hookflash-out 50 timing guard-out 1000 caller-id enable ! voice-port 0/0/2 cptone MX timing hookflash-out 50 timing guard-out 1000 caller-id enable ! voice-port 0/0/3 cptone MX timing hookflash-out 50 caller-id enable ! voice-port 0/1/0 ! voice-port 0/1/1 ! ! ! ! ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 192.168.120.5 ccm-manager config ! mgcp mgcp call-agent 192.168.120.5 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit ! mgcp profile default ! ! ! dial-peer voice 2000 voip translation-profile outgoing out destination-pattern .T session protocol sipv2 session target sip-server voice-class codec 10 dtmf-relay rtp-nte no vad ! dial-peer voice 1 voip translation-profile incoming Inbound session protocol sipv2 session target sip-server incoming called-number .% voice-class codec 10 voice-class sip dtmf-relay force rtp-nte dtmf-relay rtp-nte no vad ! ! sip-ua credentials username 4226xxxxxx password 7 0250510F5D535B205F4A realm siptrunk.net2phone.com authentication username 4226xxxxxx password 7 055D535B77191A080A01 retry invite 2 timers connect 100 registrar dns:siptrunk.net2phone.com expires 3600 sip-server dns:siptrunk.net2phone.com host-registrar ! ! ! gatekeeper shutdown