SEDE LA ROMANA
Router: R2-La-Romana
enable
configure terminal
hostname R2-La-Romana
no ip domain-lookup
ip domain-name empresa2.com.do
enable secret cisco123
username admin privilege 15 secret Admin123
service password-encryption
crypto key generate rsa modulus 1024
ip ssh version 2
line console 0
logging synchronous
password cisco
login
exit
line vty 0 4
transport input ssh
login local
exit
interface e0/0
description CONEXION-ISP-EMPRESA2
ip address dhcp
ip nat outside
no shutdown
exit
!#SWA2 (e0/3)
interface e0/3
no shutdown
exit
interface e0/3.10
description VLAN10-GERENCIA
encapsulation dot1Q 10
ip address 172.20.0.193 255.255.255.224
ip helper-address 172.20.1.5
ip nat inside
exit
interface e0/3.20
description VLAN20-FINANZAS
encapsulation dot1Q 20
ip address 172.20.0.225 255.255.255.224
ip helper-address 172.20.1.5
ip nat inside
exit
!#SWA1 (e0/2)
interface e0/2
no shutdown
interface e0/2.30
description VLAN30-NOC
encapsulation dot1Q 30
ip address 172.20.0.1 255.255.255.128
ip helper-address 172.20.1.5
ip nat inside
exit
interface e0/2.40
description VLAN40-VENTAS
encapsulation dot1Q 40
ip address 172.20.0.129 255.255.255.192
ip helper-address 172.20.1.5
ip nat inside
exit
!#Servidores (e0/1)
interface e0/1
no shutdown
interface e0/1
description LAN50-SISTEMAS
ip address 172.20.1.1 255.255.255.240
ip nat inside
exit
ip route 0.0.0.0 0.0.0.0 e0/0
access-list 1 permit 172.20.0.0 0.1.255.255
ip nat inside source list 1 interface Ethernet0/0 overload
conf t
! 1. Fase 1: ISAKMP (IKEv1)
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
exit
crypto isakmp key itla2026 address 17.6.0.2
! 2. Fase 2: IPsec Transform-set y Profile
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
mode transport
exit
crypto ipsec profile VPN-PROFILE
set transform-set ESP-AES-SHA
exit
! 3. Interfaz Túnel - La Romana
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
! Autenticación NHRP debe coincidir con el Hub
ip nhrp authentication itla
ip nhrp network-id 2
! Mapeo de Multicast a la IP pública del Hub (e0/2 del Hub)
ip nhrp map multicast 17.6.0.2
! Mapeo de la IP del Túnel del Hub a su IP Pública
ip nhrp map 10.0.0.1 17.6.0.2
! Definir al Hub de Santo Domingo como el Next Hop Server
ip nhrp nhs 10.0.0.1
! Parámetros del Túnel
! Asegúrate que e0/0 sea tu interfaz con salida a internet en este router
tunnel source e0/0
tunnel mode gre multipoint
tunnel key 2000
tunnel protection ipsec profile VPN-PROFILE
! Optimización para evitar fragmentación en el túnel
ip mtu 1400
ip tcp adjust-mss 1360
exit
router ospf 1
router-id 2.2.2.2
network 172.20.0.0 0.1.255.255 area 2
network 10.0.0.0 0.0.0.255 area 0
default-information originate
exit
interface Tunnel0
ip ospf network broadcast
! Prioridad 0 para que NUNCA intente ser DR o BDR
ip ospf priority 0
exit
end
wr
Switch: SW-Servidores
enable
configure terminal
hostname SW-Servidores
enable secret cisco123
username admin privilege 15 secret Admin123
vlan 50
name SISTEMAS
exit
interface range e0/3, e1/0
switchport mode access
switchport access vlan 50
spanning-tree portfast
exit
interface range e0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan add 50
exit
do wr
Switch: R2-SWA1 (Ventas y NOC)
enable
configure terminal
hostname R2-SWA1
enable secret cisco123
vlan 30
name NOC
vlan 40
name VENTAS
exit
interface e0/1
switchport mode access
switchport access vlan 30
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast
exit
interface e0/2
switchport mode access
switchport access vlan 40
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast
exit
interface e0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30,40
switchport mode trunk
exit
do wr
Switch: R2-SWA2 (Gerencia y Finanzas)
enable
configure terminal
hostname R2-SWA2
enable secret cisco123
vlan 10
name GERENCIA
vlan 20
name FINANZAS
exit
interface e0/1
switchport mode access
switchport access vlan 10
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast
exit
interface e0/2
switchport mode access
switchport access vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
spanning-tree portfast
exit
interface e0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan add 10,20
switchport mode trunk
exit
do wr