1)Router R3 - Santiago

enable configure terminal hostname R3-SANTIAGO no ip domain-lookup ip domain-name empresa2.com.do service password-encryption enable secret cisco123

username admin privilege 15 secret Admin123

crypto key generate rsa modulus 1024 ip ssh version 2

line console 0 logging synchronous password cisco login exit

line vty 0 4 transport input ssh login local exit

! ! ENLACE A RED DE USUARIOS ! interface e0/1 no shutdown description TRUNK-HACIA-SW-SANTIAGO2

interface e0/1.10 encapsulation dot1Q 10 description VLAN10-VENTAS ip address 172.18.0.1 255.255.255.224 ip helper-address 172.18.0.66 ip nat inside no sh

interface e0/1.20 encapsulation dot1Q 20 description VLAN20-CENTRO-DATOS ip address 172.18.0.33 255.255.255.240 ip helper-address 172.18.0.66 ip nat inside no sh

interface e0/1.30 encapsulation dot1Q 30 description VLAN30-ADMINISTRACION ip address 172.18.0.49 255.255.255.240 ip helper-address 172.18.0.66 ip nat inside no sh

interface e0/1.99 encapsulation dot1Q 99 description VLAN99-GESTION ip address 172.18.0.81 255.255.255.248 ip nat inside no sh

access-list 1 permit 172.18.0.0 0.1.255.255 ip nat inside source list 1 interface Ethernet0/2 overload

! ! ENLACE A SWITCH DE SERVIDORES ! interface e0/3 no shutdown description TRUNK-HACIA-SW-SERVIDORES

interface e0/3.40 encapsulation dot1Q 40 description VLAN40-SERVIDORES ip address 172.18.0.65 255.255.255.240 ip nat inside no sh

! ! WAN - PENDIENTE ! interface e0/2 description ENLACE-WAN-PENDIENTE ip addr dhcp ip nat outside no shutdown

!#DMVPN#

! 1. Fase 1: ISAKMP crypto isakmp policy 10 encr aes authentication pre-share group 2 exit

crypto isakmp key itla2026 address 0.0.0.0

! 2. Fase 2: IPsec crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac mode transport exit

crypto ipsec profile VPN-PROFILE set transform-set ESP-AES-SHA exit

! 3. Interfaz Física - Asegura el Full Duplex para evitar errores interface e0/0 duplex full exit

! 4. Interfaz Túnel - Spoke 3 interface Tunnel0 ip address 10.0.0.3 255.255.255.0