================

R4-PUERTO PLATA

enable configure terminal

hostname R4-PUERTO-PLATA no ip domain-lookup

enable secret cisco123

ip domain-name empresa.local

username admin privilege 15 secret admin123

crypto key generate rsa 1024

line vty 0 4 login local transport input ssh exit

interface e0/0 ip address dhcp ip nat outside no shutdown

interface e0/2 ip address 172.22.0.1 255.255.255.252 ip nat inside no shutdown

interface e0/1 ip address 172.22.0.5 255.255.255.252 ip nat inside no shutdown

interface e0/3 ip address 172.22.0.9 255.255.255.252 ip nat inside no shutdown

access-list 1 permit 172.22.0.0 0.1.255.255 ip nat inside source list 1 interface Ethernet0/0 overload

! 1. Fase 1: ISAKMP (Seguridad de Phase 1) crypto isakmp policy 10 encr aes authentication pre-share group 2 exit

crypto isakmp key itla2026 address 17.6.0.2

! 2. Fase 2: IPsec (Seguridad de Phase 2) crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac mode transport exit

crypto ipsec profile VPN-PROFILE set transform-set ESP-AES-SHA exit

! 3. Interfaz WAN - Forzamos Full Duplex para evitar los errores de colisión que vimos antes interface e0/0 duplex full exit

! 4. Interfaz Túnel - Puerto Plata interface Tunnel0 ip address 10.0.0.4 255.255.255.0

! NHRP: Registro contra el Hub de Santo Domingo (17.6.0.2) ip nhrp authentication itla ip nhrp network-id 2

! Mapeos necesarios para encontrar al Hub ip nhrp map multicast 17.6.0.2 ip nhrp map 10.0.0.1 17.6.0.2 ip nhrp nhs 10.0.0.1