- Suscribirse a un feed RSS
- Marcar tema como nuevo
- Marcar tema como leído
- Flotar este Tema para el usuario actual
- Favorito
- Suscribir
- Silenciar
- Página de impresión sencilla
DNS & SSH
- Marcar como nuevo
- Favorito
- Suscribir
- Silenciar
- Suscribirse a un feed RSS
- Resaltar
- Imprimir
- Informe de contenido inapropiado
el 08-22-2023 07:39 AM
Buenas, tengo problema en Packet Tracer y es que quiero configurar que la red remota pueda hacer consultas DNS a la red central, también que pueda la red central pueda acceder mediante SSH a los dispositivos de red de la oficina remota.
Paso la configuración que he hecho, Configuré TUNNEL VPN mediante IPSEC.
Muchas Gracias por la ayuda.
R2
version 15.1
service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R2
!
login block-for 300 attempts 3 within 30
login on-failure
login on-success
!
!
enable secret 5 $1$mERr$3S1668AmmcfuYfOm1fl0K1
!
!
ip dhcp excluded-address 172.20.0.62
ip dhcp excluded-address 172.20.0.30
ip dhcp excluded-address 172.20.0.1 172.20.0.3
!
ip dhcp pool Factory
network 172.20.0.0 255.255.255.224
default-router 172.20.0.30
dns-server 192.168.1.130
ip dhcp pool Distribution
network 172.20.0.32 255.255.255.224
default-router 172.20.0.62
dns-server 192.168.1.130
!
!
!
no ip cef
no ipv6 cef
!
!
!
username spmunu secret 5 $1$mERr$X5z14LkZZcIqOfMP/7Y1Q1
!
!
license udi pid CISCO2911/K9 sn FTX1524ZB6F-
license boot module c2900 technology-package securityk9
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
!
crypto isakmp policy 102
encr aes
authentication pre-share
group 5
!
crypto isakmp key mmspm address 80.0.0.1
!
!
!
crypto ipsec transform-set R2_R1_Set esp-aes 256 esp-sha-hmac
!
crypto map R2-R1 10 ipsec-isakmp
set peer 80.0.0.1
set transform-set R2_R1_Set
match address VPN
!
!
!
!
ip domain-name lasociados.com
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.0.2 255.255.255.252
mtu 1476
tunnel source Serial0/0/0
tunnel destination 80.0.0.1
!
!
interface GigabitEthernet0/0
description Conexion con S4 con TRUNK
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
description VLAN del departamento de Fabrica
encapsulation dot1Q 10
ip address 172.20.0.30 255.255.255.224
ip access-group OUTSIDE in
ip nat inside
!
interface GigabitEthernet0/0.20
description VLAN del departamento de Distribucion
encapsulation dot1Q 20
ip address 172.20.0.62 255.255.255.224
ip access-group OUTSIDE in
ip nat inside
!
interface GigabitEthernet0/0.99
description Vlan ADM
encapsulation dot1Q 99 native
ip address 172.20.0.254 255.255.255.248
ip access-group OUTSIDE in
ip nat inside
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 90.0.0.1 255.255.255.0
ip access-group INSIDE in
ip nat outside
crypto map R2-R1
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.0.3 area 0
network 172.20.0.0 0.0.0.255 area 0
!
router rip
!
ip nat inside source list 1 interface Serial0/0/0 overload
ip classless
ip route 70.0.0.0 255.255.255.0 90.0.0.2
ip route 80.0.0.0 255.255.255.0 90.0.0.2
!
ip flow-export version 9
!
!
ip access-list extended sl_def_acl
deny tcp any any eq telnet
deny tcp any any eq www
deny tcp any any eq 22
permit tcp any any eq 22
ip access-list extended VPN
permit ip 172.20.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 1 permit 172.20.0.0 0.0.0.255
ip access-list standard VTY
permit 192.168.1.248 0.0.0.3
deny any
access-list 102 permit ip 172.20.0.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended OUTSIDE
permit udp any any eq 123
permit icmp 172.20.0.0 0.0.0.255 any
permit udp 172.20.0.0 0.0.0.255 host 192.168.1.130 eq domain
permit tcp 172.20.0.0 0.0.0.255 host 192.168.1.130 eq domain
permit tcp 172.20.0.0 0.0.0.255 any eq www
permit tcp 172.20.0.0 0.0.0.255 any eq 443
deny ip any any
ip access-list extended INSIDE
permit udp any any eq 123
permit gre any any
permit icmp 70.0.0.0 0.0.0.255 any echo-reply
permit tcp 70.0.0.0 0.0.0.255 any established
deny ip any any
!
no cdp run
!
banner motd ^C
********************************************************
********************************************************
************* RH LOPEZ Y ASOCIADOS ********************
********************************************************
*** El acceso no autorizado al dispositivo *************
*** esta penado por las leyes internacionales. *********
********************************************************
** Si no esta autorizado, desconectese de inmediato ****
********************************************************
^C
!
!
!
!
logging trap debugging
logging 192.168.1.132
line con 0
password 7 08245F5B1A1D03
login
!
line aux 0
!
line vty 0 4
access-class VTY in
exec-timeout 5 30
login local
transport input ssh
line vty 5 15
access-class VTY in
exec-timeout 5 30
login local
transport input ssh
!
!
ntp server 90.0.0.2
!
end
R1
version 15.1
service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R1
!
login block-for 300 attempts 3 within 30
login on-failure
login on-success
!
!
enable secret 5 $1$mERr$3S1668AmmcfuYfOm1fl0K1
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
username spmunu secret 5 $1$mERr$X5z14LkZZcIqOfMP/7Y1Q1
!
!
license udi pid CISCO2911/K9 sn FTX15246PI4-
license boot module c2900 technology-package securityk9
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
!
crypto isakmp key mmspm address 90.0.0.1
!
!
!
crypto ipsec transform-set R1_R2_Set esp-aes 256 esp-sha-hmac
!
crypto map R1-R2 10 ipsec-isakmp
set peer 90.0.0.1
set transform-set R1_R2_Set
match address VPN
!
!
!
!
ip domain-name lasociados.com
ip name-server 192.168.1.130
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.252
mtu 1476
tunnel source Serial0/0/0
tunnel destination 90.0.0.1
!
!
interface GigabitEthernet0/0
ip address 192.168.1.254 255.255.255.252
ip access-group OUTSIDE in
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 80.0.0.1 255.255.255.0
ip access-group INSIDE in
ip nat outside
clock rate 2000000
crypto map R1-R2
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute static subnets
network 192.168.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.3 area 0
!
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.1.130 80 80.0.0.1 80
ip nat inside source static tcp 192.168.1.130 443 80.0.0.1 443
ip classless
ip route 90.0.0.0 255.255.255.0 80.0.0.2
ip route 192.168.1.0 255.255.255.128 192.168.1.253
ip route 192.168.1.128 255.255.255.224 192.168.1.253
ip route 192.168.1.160 255.255.255.240 192.168.1.253
ip route 192.168.1.240 255.255.255.248 192.168.1.253
ip route 70.0.0.0 255.255.255.0 80.0.0.2
!
ip flow-export version 9
!
!
ip access-list extended sl_def_acl
deny tcp any any eq telnet
deny tcp any any eq www
deny tcp any any eq 22
permit tcp any any eq 22
ip access-list extended VPN
permit ip 192.168.1.0 0.0.0.255 172.20.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
ip access-list standard VTY
permit 192.168.1.160 0.0.0.15
deny any
ip access-list extended INSIDE
permit udp any any eq 123
permit tcp 70.0.0.0 0.0.0.255 host 80.0.0.1 eq 443
deny tcp 70.0.0.0 0.0.0.255 host 80.0.0.1 eq www
permit tcp 70.0.0.0 0.0.0.255 any established
permit icmp 70.0.0.0 0.0.0.255 any echo-reply
permit gre any any
deny ip any any
ip access-list extended OUTSIDE
permit udp any any eq 123
permit icmp 192.168.1.0 0.0.0.255 any
permit tcp 192.168.1.0 0.0.0.255 any eq www
permit tcp 192.168.1.0 0.0.0.255 any eq 443
permit tcp 192.168.1.0 0.0.0.255 any established
permit tcp 192.168.1.160 0.0.0.15 any eq 22
deny ip any any
!
banner motd ^C
********************************************************
********************************************************
************* RH LOPEZ Y ASOCIADOS ********************
********************************************************
*** El acceso no autorizado al dispositivo *************
*** esta penado por las leyes internacionales. *********
********************************************************
** Si no esta autorizado, desconectese de inmediato ****
********************************************************
^C
!
!
!
!
logging trap debugging
logging 192.168.1.132
line con 0
password 7 08245F5B1A1D03
login
!
line aux 0
!
line vty 0 4
access-class VTY in
exec-timeout 5 30
login local
transport input ssh
line vty 5 15
access-class VTY in
exec-timeout 5 30
login local
transport input ssh
!
!
ntp server 80.0.0.2
ntp update-calendar
!
end
- Etiquetas:
-
Otros temas de Routing y Switching
-
Routers
-
Swtiches
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros
Navegue y encuentre contenido personalizado de la comunidad