-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathR-ALFA.txt
106 lines (77 loc) · 2.45 KB
/
R-ALFA.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
****************
* Router ALFA *
****************
---------IP's excluídos pelo DHCP-----------
ip dhcp excluded-address 172.16.4.1
ip dhcp excluded-address 172.16.4.253
ip dhcp excluded-address 172.18.4.253
ip dhcp excluded-address 172.18.4.1
---------DHCP para o telefone do ASA-----------
ip dhcp pool inside
network 172.18.4.0 255.255.255.0
default-router 172.18.4.253
option 150 ip 172.18.4.1
dns-server 8.8.8.8
exit
---------Roteamento EIGRP para ENTA-----------
router eigrp 100
network 172.16.4.0 0.0.0.255
network 172.17.4.0 0.0.0.255
network 172.18.4.0 0.0.0.255
network 192.168.4.0 0.0.0.3
redistribute static
passive-interface FastEthernet0/0
---------Access-Lists and Routes-----------
# Access-List que define as permissões de saída e de entrada
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq 443
access-list 100 permit ip any 1.4.0.0 0.0.0.3
# NAT na porta S0/1/1 e NAT para uma maquina especifica apenas para as portas http / https
ip nat inside source list 1 interface Serial0/1/1 overload
ip nat inside source static tcp 172.17.4.2 80 1.4.0.2 80
ip nat inside source static tcp 172.17.4.2 443 1.4.0.2 443
# Rotas
ip route 172.17.4.0 255.255.255.0 172.16.4.2
ip route 172.18.4.0 255.255.255.0 172.16.4.2
# Interfaces
interface FastEthernet0/0
no shut
ip address 172.16.4.1 255.255.255.0
ip nat inside
duplex auto
speed auto
---------Tunnel com encryptação do Router ALFA para ENTA-----------
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key Passw0rd address 1.4.0.1
crypto ipsec transform-set TRANS ah-sha-hmac esp-aes 256 esp-sha-hmac
crypto map OMAPA 10 ipsec-isakmp
set peer 1.4.0.1
set transform-set TRANS
match address 101
interface Tunnel100
ip address 192.168.4.2 255.255.255.252
tunnel source Serial0/1/1
tunnel destination 1.4.0.1
interface Serial0/1/1
ip address 1.4.0.2 255.255.255.252
ip nat outside
clock rate 125000
crypto map OMAPA
access-list 101 permit gre host 1.4.0.2 host 1.4.0.1
---------Meter numero para o Telefone do ASA-----------
telephony-service
max-ephones 10
max-dn 10
ip source-address 172.16.4.1 port 2000
auto assign 1 to 10
ephone-dn 1
number 200
ephone-dn 2
number 201