vpnvoip
TRANSCRIPT
-
8/15/2019 vpnvoip
1/19
Nov
9
CME & VPN IPSEC
Que tal lectores, en esta ocación les comparto otra practica muy util en el campo de las redes.
Un Call Manager Express simulado en cada Site y conectados por medio de VPN IPSEC Site-
to-Site con trafico interesante de redes de VOZ y DATOS, usando subinterfaces.
Les muestro las configuraciones:
Si alguien quiere los archivos de la NVRAM: solo pidanlos:
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router-LAN
!
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.10ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool DATA
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
ip dhcp pool VOICE
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
option 150 ip 10.10.20.1
!
!!
-
8/15/2019 vpnvoip
2/19
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 1009480 address 189.210.125.54!
!
crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac
!
crypto map R2_TO_R1 10 ipsec-isakmp
set peer 189.210.125.54
set transform-set VPNSET
match address 101
!
!
!!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
description ## DATOS ##
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/0.110
description ## VOICE ##
encapsulation dot1Q 110
ip address 10.10.20.1 255.255.255.0
!interface FastEthernet0/1
description ## INTERNET ##
ip address 177.17.17.1 255.255.255.0
duplex auto
speed auto
crypto map R2_TO_R1
!
interface Vlan1
no ip address
shutdown
!ip classless
-
8/15/2019 vpnvoip
3/19
ip route 0.0.0.0 0.0.0.0 177.17.17.2
!
!
access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!
!!
!
!
dial-peer voice 1 voip
destination-pattern 2001
session target ipv4:192.168.110.2
!
dial-peer voice 10 voip
!
telephony-service
max-ephones 5max-dn 5
ip source-address 10.10.20.1 port 2000
auto assign 1 to 5
!
ephone-dn 1
number 1001
!
ephone-dn 2
number 1002
!
ephone-dn 3
number 1003
!
ephone 1
device-security-mode none
mac-address 0030.F25A.88A6
type 7960
button 1:1
!
ephone 2
device-security-mode nonemac-address 0009.7C8B.61E4
type 7960
button 1:2
!
ephone 3
device-security-mode none
mac-address 000A.41A8.DB02
type CIPC
button 1:3
!
line con 0line vty 0 4
-
8/15/2019 vpnvoip
4/19
login
!
!
!
end
ISP
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ISP#
ISP#sh run
Building configuration...
Current configuration : 543 bytes
!
version 12.4no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
!
!
!
!
!!
-
8/15/2019 vpnvoip
5/19
!
!
!
!
!
!!
!
!
!
!
interface FastEthernet0/0
ip address 189.210.125.49 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1ip address 177.17.17.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
clock rate 64000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!line con 0
line vty 0 4
login
!
!
!
end
R2
version 12.4no service timestamps log datetime msec
-
8/15/2019 vpnvoip
6/19
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2-Sitio2
!
!!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.110.1 192.168.110.10
!
ip dhcp pool DATA
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
ip dhcp pool VOICE
network 192.168.110.0 255.255.255.0
default-router 192.168.110.2option 150 ip 192.168.110.2
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 1009480 address 177.17.17.1
!
!
crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac
!
crypto map R1_TO_R2 10 ipsec-isakmp
set peer 177.17.17.1
set transform-set VPNSET
match address 101
!
!
!!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!interface FastEthernet0/0.10
-
8/15/2019 vpnvoip
7/19
description ## DATA ##
encapsulation dot1Q 2
ip address 192.168.10.2 255.255.255.0
!
interface FastEthernet0/0.20
description ## VOICE ##encapsulation dot1Q 102
ip address 192.168.110.2 255.255.255.0
!
interface FastEthernet0/1
ip address 189.210.125.54 255.255.255.0
duplex auto
speed auto
crypto map R1_TO_R2
!
interface Serial0/0/0
no ip addressshutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
access-list 101 permit ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
!
!
!
!
dial-peer voice 1 voip
destination-pattern 10..
session target ipv4:10.10.20.1
!
telephony-servicemax-ephones 5
max-dn 5
ip source-address 192.168.110.2 port 2000
auto assign 1 to 5
create cnf-files version-stamp Jan 01 2002 00:00:00
!
ephone-dn 1
number 2001
!
ephone-dn 2
number 2002!
-
8/15/2019 vpnvoip
8/19
ephone 1
device-security-mode none
mac-address 0010.11B4.56C8
type 7960
button 1:1
!line con 0
line vty 0 4
login
!
!
!
end
Switch Sitio 2
version 12.2no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
interface FastEthernet0/1
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/2
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/3switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/4
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!interface FastEthernet0/5
-
8/15/2019 vpnvoip
9/19
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/6switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/7
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!interface FastEthernet0/8
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/9
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/10
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/11
switchport trunk native vlan 2
switchport mode trunkswitchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/12
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/13
switchport trunk native vlan 2switchport mode trunk
-
8/15/2019 vpnvoip
10/19
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/14
switchport trunk native vlan 2
switchport mode trunkswitchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/15
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/16
switchport trunk native vlan 2switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/17
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/18
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/19
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast!
interface FastEthernet0/20
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/21
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102spanning-tree portfast
-
8/15/2019 vpnvoip
11/19
!
interface FastEthernet0/22
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast!
interface FastEthernet0/23
switchport trunk native vlan 2
switchport mode trunk
switchport voice vlan 102
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.10.3 255.255.255.0
!
ip default-gateway 192.168.10.2
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!end
Switch-LAN
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW-LAN
!!
-
8/15/2019 vpnvoip
12/19
!
interface FastEthernet0/1
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast!
interface FastEthernet0/2
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/3
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110spanning-tree portfast
!
interface FastEthernet0/4
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/5
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/6
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/7switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/8
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!interface FastEthernet0/9
-
8/15/2019 vpnvoip
13/19
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/10switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/11
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!interface FastEthernet0/12
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/13
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/14
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/15
switchport trunk native vlan 10
switchport mode trunkswitchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/16
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/17
switchport trunk native vlan 10switchport mode trunk
-
8/15/2019 vpnvoip
14/19
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/18
switchport trunk native vlan 10
switchport mode trunkswitchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/19
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/20
switchport trunk native vlan 10switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/21
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/22
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast
!
interface FastEthernet0/23
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 110
spanning-tree portfast!
interface FastEthernet0/24
description ## UPLINK TO ROUTER-LAN ##
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0!
-
8/15/2019 vpnvoip
15/19
ip default-gateway 10.10.10.1
!
!
line con 0
!
line vty 0 4login
line vty 5 15
login
!
!
end
Para levantar la VPN solo necesitan generar trafico desde una interfaz de origen del router
donde se encuentren.
Ejemplo:
Desde el Router CME-VPN seria asi:
Router-LAN>en
Router-LAN#ping
Protocol [ip]:
Target IP address: 192.168.10.2
-
8/15/2019 vpnvoip
16/19
Router-LAN#
Saludos y Hasta un nuevo Pos
Publicado 9th November 201
Etiquetas: Call Manager Expr
11
Ver comentarios
1.
Shamhain16 de novie
gracias por este ejempl
Saludos
Responder
2.
Shamhain16 de novie
bueno, no pude espera
debería ser... porque ti
solamente y no coinci
Responder
3.
Ruben Rojas19 de nov
Excelente observacion
topologia, el problema
confusion ala hora de
t....
por Ruben Rojas
ssCCNACCNA SecurityCMEPacket Tracer
bre de 2010, 16:10
o... en cuanto pueda terminarlo escribo más
bre de 2010, 16:21
porque la configuracion del router ISP no p
ne configurada la IP de un enlace serial y u
en las IPs, si puede explicarme al respecto le
embre de 2010, 11:30
Shamhain, efectivamente la configuracion e
fue que lo hice con dos topologias distintas
legir las imagenes, ya edite la entrada a la n
VPN
l respecto.
rece la que
fast ethernet
agradecería.
a de otra
hubo una
eva configuracion.
-
8/15/2019 vpnvoip
17/19
saludos y gracias por c
Responder
4.
Anonymous14 de abril
Hola Ruben, por favor
centralita SPA9000 co
Responder
5.
Ruben Rojas14 de abri
Hola que tal.
Como tu lo quieres ha
manejo puros equipos
2811, 2911, 2925, 394
cuento con ellos para
Lo que deseas realizar
de Packet Tracer para
la VPN Easy client qu
Espera los videos.
Estoy a tus ordenes.
Saludos
Responder
6.
Jairo4 de octubre de 2
omentar.
de 2011, 6:50
podrías publicar un ejemplo de la configura
un correo de voz spa400 con teléfonos cisc
l de 2011, 7:35
er solo lo he hecho una vez ya que la empre
grandes como Catalyst 2960, 3750, 6500 y R
5 etc...Los equipos que me mencionas desgra
oder brindarte un ejemplo.
lo puedes hacer con una VPN Easy client, te
ue los analices ademas de la VPN IPSEC Si
es la necesitas, si tienes dudas con gusto.
011, 14:40
ión de una
o 7970?.
a donde laboro
outers ISR como
ciadamente no
adjunto ejemplos
te to Site te adjunto
-
8/15/2019 vpnvoip
18/19
Disculpa necesito saber solo la configracion de vpn si puedes mandarmela, hasta
donde se las listas de acceso se tienen que asociar a una interfaz ya sea de salida(out) o
entrada(in) y no lo veo en la configuracion de los router.
tengo activo el tunel pero cuando compruebo a traves del comando
show cryto isakmp sa no me muestra ninguna direccion. este es mi archivo de
configuracion.CE1#show running-config
Building configuration...
Current configuration : 1054 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CE1!
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
ip dhcp pool CE1
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 1009480 address 189.210.125.2
!
!
crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac!
crypto map RUTA 10 ipsec-isakmp
set peer 189.210.125.2
set transform-set VPNSET
match address 101
!
!
!
!
!
!!
-
8/15/2019 vpnvoip
19/19
!
!
interface FastEthernet0/0
ip address 177.17.17.1 255.255.255.252
ip access-group 101 out
duplex autospeed auto
crypto map RUTA
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown!
ip classless
ip route 0.0.0.0 0.0.0.0 177.17.17.2
!
!
access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!
!
!
!
!
line con 0
line vty 0 4
access-class 101 out
login
!
!
!
end
Responder