0

Configuración VPN site to site con Routers Cisco

Aquí os dejo una configuración básica de VPN site to site con routers Cisco, realizada sobre GNS3:

VPN Site to Site

 

 

 

 

 

 

* Configuración Router rtcala:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtcala
!
boot-start-marker
boot-end-marker
!
enable secret ——
enable password ——-
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip domain lookup
ip domain name ragasys.net
!
!
username ragasys privilege 15 secret ——
!
!
ip tcp synwait-time 5
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cala4madrid address 212.45.12.2
!
!
crypto ipsec transform-set LINKTOMADRID esp-3des esp-sha-hmac
!
crypto map CALA 1 ipsec-isakmp
set peer 212.45.12.2
set transform-set LINKTOMADRID
set pfs group2
match address 120
!
!
interface FastEthernet0/0
description LAN Cala
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
description WAN-INTERNET
ip address 212.45.12.1 255.255.255.0
ip nat outside
ip virtual-reassembly
clock rate 2000000
crypto map CALA
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map noNAT interface Serial0/0 overload
!
access-list 100 remark ACL para hacer PAT con la conexion a INTERNET y filtar VPN
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 120 remark ACL para permitir el trafico desde Cala a Madrid
access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 120 deny ip any any
!
route-map noNAT permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
password ——-
logging synchronous
login local
line aux 0
exec-timeout 0 0
privilege level 15
password ——–
logging synchronous
login local
line vty 0 4
password 7 ——-
login local
transport input telnet ssh
!
!
end

 

* Configuración Router rtmadrid:

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname rtmadrid
!
boot-start-marker
boot-end-marker
!
enable secret ——–
enable password ———
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip domain lookup
ip domain name ragasys.net
!
!
username ragasys privilege 15 secret ——
!
!
ip tcp synwait-time 5
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cala4madrid address 212.45.12.1
!
!
crypto ipsec transform-set LINKTOCALA esp-3des esp-sha-hmac
!
crypto map MADRID 1 ipsec-isakmp
set peer 212.45.12.1
set transform-set LINKTOCALA
set pfs group2
match address 120
!
!
interface FastEthernet0/0
description LAN Madrid
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 212.45.12.2 255.255.255.0
ip nat outside
ip virtual-reassembly
clock rate 2000000
crypto map MADRID
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map noNAT interface Serial0/0 overload
!
access-list 100 remark ACL para hacer PAT con la conexion a INTERNET y flitar VPN
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 120 remark ACL para permitir el trafico desde Madrid a Cala
access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip any any
!
route-map noNAT permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
password ——-
logging synchronous
login local
line aux 0
exec-timeout 0 0
privilege level 15
password ——–
logging synchronous
login local
line vty 0 4
password ———
login local
transport input telnet ssh
!
!
end

 

jramos

Técnico Superior STI

Deja una respuesta

Tu dirección de correo electrónico no será publicada.

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.