Scribd Logo
Upload

Welcome to Scribd!

  • Reval-Nuevo Dilhann

    Uploaded by

    JA González Castilla
    13 views3 pages

    Original Title

    REVAL-NUEVO DILHANN.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views3 pages

    Reval-Nuevo Dilhann

    Uploaded by

    JA González Castilla

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    &&&&&&&&&&&&&&&&&&&&&&&& CIFRADO &&&&&&&&&&&&&&&&&&&&&&&&

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    PARA JUNIPER
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    set security ike proposal p1 authentication-method pre-shared-keys


    set security ike proposal p1 dh-group group14
    set security ike proposal p1 authentication-algorithm sha-256
    set security ike proposal p1 encryption-algorithm aes-256-cbc
    set security ike proposal p1 lifetime-seconds 86400
    set security ike policy pol1 mode main
    set security ike policy pol1 proposals p1
    set security ike policy pol1 pre-shared-key ascii-text
    $1$zOGU$gBBssty9ZgB1b3ls6.4RW0 ---------------> llave asignada n2
    set security ike gateway gw1 ike-policy pol1
    set security ike gateway gw1 address 192.168.253.1
    set security ike gateway gw1 external-interface lo0.0
    set security ipsec proposal ipsec-p1 protocol esp
    set security ipsec proposal ipsec-p1 authentication-algorithm hmac-sha-256-128
    set security ipsec proposal ipsec-p1 encryption-algorithm aes-256-cbc
    set security ipsec proposal ipsec-p1 lifetime-seconds 3600
    set security ipsec policy ipsec-pol proposals ipsec-p1
    set security ipsec vpn vpn-reval bind-interface st0.0
    set security ipsec vpn vpn-reval df-bit clear
    set security ipsec vpn vpn-reval ike gateway gw1
    set security ipsec vpn vpn-reval ike ipsec-policy ipsec-pol
    set security ipsec vpn vpn-reval traffic-selector t1 local-ip 192.168.134.0/24
    -----------> lan
    set security ipsec vpn vpn-reval traffic-selector t1 remote-ip 192.168.2.0/24
    set security ipsec vpn vpn-reval traffic-selector t2 local-ip 192.168.134.0/24
    -----------> lan
    set security ipsec vpn vpn-reval traffic-selector t2 remote-ip 192.168.4.0/24
    set security ipsec vpn vpn-reval traffic-selector t3 local-ip 192.168.134.0/24
    -----------> lan
    set security ipsec vpn vpn-reval traffic-selector t3 remote-ip 192.168.7.0/24
    set security ipsec vpn vpn-reval establish-tunnels immediately
    set security zones security-zone trust interfaces st0.0
    set security zones security-zone trust interfaces lo0.0
    set interfaces lo0 unit 0 family inet address 192.168.254.13/32 primary
    --------------> loop asignada n2 correo previo
    set interfaces st0 unit 0 family inet

    set routing-options static route 192.168.2.0/24 next-hop st0.0


    set routing-options static route 192.168.4.0/24 next-hop st0.0
    set routing-options static route 192.168.7.0/24 next-hop st0.0

    set security flow tcp-mss all-tcp mss 1350


    set security flow tcp-mss ipsec-vpn mss 1350

    xxxxxxxxxxxxxxxx
    RATE-LIMIT DVR
    xxxxxxxxxxxxxxxx
    set firewall policer 1.5M if-exceeding bandwidth-limit 1536K
    set firewall policer 1.5M if-exceeding burst-size-limit 625k
    set firewall policer 1.5M then discard
    set firewall family inet filter CALIDAD term DVR from source-address
    192.168.134.150 ------------> lan terminada .150 dvr
    set firewall family inet filter CALIDAD term DVR from destination-address 0.0.0.0/0
    set firewall family inet filter CALIDAD term DVR then policer 1.5M
    set firewall family inet filter CALIDAD term DVR then accept
    set firewall family inet filter CALIDAD term OTRAS then accept

    set interfaces ge-0/0/0 unit 0 family inet filter input CALIDAD


    set interfaces ge-0/0/0 unit 0 family inet filter output CALIDAD

    xxxxxxxxxxxxxxxxxxxxxx
    COMANDOS VERIFICACI�N
    xxxxxxxxxxxxxxxxxxxxxx

    run show security ipsec statistics


    run show security ipsec sa

    xxxxxxxxxxxxxxxxxxxxxxxx
    PRUEBAS
    xxxxxxxxxxxxxxxxxxxxxxxx
    pines a las ip desde la lan

    172.16.6.51
    10.200.7.26
    10.200.7.24
    192.168.2.80
    192.168.4.1

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    CONTACTOS
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Alvaro Tibata
    Cel: 3183817822
    Yeison Zapata
    3057098885
    Andres
    3102144691
    3105840922

    PEM CUMPLIDA <AGOSTO> <31> DE <2019>. <PEM EXITOSA>. Se <instala> el canal de


    <Datos> del cliente <REVAL> con los siguientes resultados:

    Se sube UM demarcador Bus.


    Se configura router.
    Se realiza prueba de saturaci�n OK.
    Se establece comunicaci�n con ingeniero Alvaro Tibat� 3183817822 quien indica
    direccionamiento LAN 192.169.51.0/24
    Sede nueva, se enruta LAN en la sede CONSUMO LA AMERICA
    Se establece comunicaci�n con ingeniero Alvaro nuevamente quien realiza pruebas
    sobre el canal sin cifrado de manera exitosa.
    Se configura cifrado en el router y se realizan pruebas nuevamente en conjunto con
    ingeniero Alvaro Tibat� de manera exitosa recibiendo OK.
    Se realiza prueba de conectividad LAN TO LAN a IP's indicadas por ingeniero Alvaro.
    Se adjunta configuraci�n de router.
    Tarea de monitoreo y reportes: T2020673

    T�CNICO
    FABIAN REINO
    3148323909

    Recibe
    CLAUDIA LEON ARDILA
    Cajera
    3017932607

    Pruebas remotas
    Alvaro Tibat�
    3183817822
    4376767

    CONDICIONES

    Condiciones el�ctricas: VFN <126.3> , VFT <125,4> , VNT <1>


    Se adjunta la configuraci�n del router en la carpeta del cliente:
    <\\atlas\VP_DESARROLLO_DE_RED_Y_SERVICIOS\G_Aprovisionamiento_Servicios_Datos_Inter
    net\D3910_D_LD_TECNICA\DATOS & INTERNET\CLIENTES\REVAL\APROVISIONAMIENTO>

    You might also like