Академический Документы
Профессиональный Документы
Культура Документы
no shutdown
security-level 0
nameif outside
ip address 16.16.0.1 255.255.255.248
!
interface GigabitEthernet 1
no shutdown
security-level 100
nameif inside
ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet 2
no shutdown
security-level 100
nameif dmz1
ip address 10.0.100.1 255.255.255.0
!
interface GigabitEthernet 3
no shutdown
security-level 100
nameif dmz2
ip address 10.0.200.1 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 16.16.0.2
!
PAT - DINAMICO
--------------------------------------------------
object network inside
subnet 10.0.10.0 255.255.255.0
nat (inside,outside) dynamic 16.16.0.3
-----------------------------------------------------------------------------------
--
----------------------AUTECNTICACI�N AAA EN
ROUTER-----------------------------------
RouterRC1
.........
aaa new-model
tacacs-server host 16.16.0.5 key cisco123
aaa authentication login PRUEBA1 group tacacs+ group radius local-case none
aaa authentication enable default group tacacs+ enable none
!
aaa authorization exec PRUEBA2 GROup tacacs+
aaa authorization commands 0 PRUEBA2COMM group tacacs+
aaa authorization commands 1 PRUEBA2COMM group tacacs+
aaa authorization commands 15 PRUEBA2COMM group tacacs+
!
ip domain name marina.com
crypto key generate rsa modulus 1024
ip ssh version 2
line vty 0 6
login authentication PRUEBA1
transport input ssh
authorization exec PRUEBA2
AUTHorization COMMands 0 PRUEBA2COMM
AUTHorization COMMands 1 PRUEBA2COMM
AUTHorization COMMands 15 PRUEBA2COMM
RouterRS1
.........
aaa new-model
tacacs-server host 16.16.0.5 key cisco123
aaa authentication login PRUEBA1 group tacacs+ group radius local-case none
aaa authentication enable default group tacacs+ enable none
------------------------------------------
VPN-SITE TO SITE PARA EL 1
--------------------
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 enable outside
!
tunnel-group 2.0.0.18 type ipsec-l2l
tunnel-group 2.0.0.18 ipsec-attributes
ikev1 pre-shared-key cisco123
nat (dmz1,outside) 1 source static any any destination static obj-vpnpool obj-
vpnpool
isakmp policy 30
encryption 3des
hash sha
authentication pre-share
group 1
lifetime 3600
----------------------------------------------
----------------------------------------------------------------------------------
--------------------CONF. ZPF-----------------------------------------------------
ROUTER RS1
...........
!
zone security outside
exit
!
zone security inside
exit
!
class-map type inspect match-any inside
match protocol http
match protocol https
match protocol dns
match protocol ssh
match protocol isakmp
match protocol icmp
!
policy-map type inspect PRIV-TO-PUB-INSIDE
class type inspect inside
inspect
!
zone-pair security PRIV-PUB source inside destination outside
service-policy type inspect PRIV-TO-PUB-INSIDE
!
!
class-map type inspect match-any inside10
match protocol icmp
!
policy-map type inspect PRIV-TO-PUB-INSIDE10
class type inspect inside10
inspect
!
zone-pair security PRIV-PUB10 source outside destination inside
service-policy type inspect PRIV-TO-PUB-INSIDE10
!
!
!
!
interface serial 0/0
zone-member security outside
interface FastEthernet0/0
zone-member security inside
!
!
COSAS DE MAS
ftp://10.0.100.250