Scribd Logo
Upload

Welcome to Scribd!

  • Configuracion Router Junos Chavarro

    Uploaded by

    JA González Castilla
    10 views4 pages

    Original Title

    CONFIGURACION ROUTER JUNOS CHAVARRO.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views4 pages

    Configuracion Router Junos Chavarro

    Uploaded by

    JA González Castilla

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    set security ike proposal p1 authentication-method pre-shared-keys

    set security ike proposal p1 dh-group group14


    set security ike proposal p1 authentication-algorithm sha-256
    set security ike proposal p1 encryption-algorithm aes-256-cbc
    set security ike proposal p1 lifetime-seconds 86400
    set security ike policy pol1 mode main
    set security ike policy pol1 proposals p1
    set security ike policy pol1 pre-shared-key ascii-text
    $1$BkrJ$TJoT1EFXtu0YlOuBy4mNN0 --------------------> LLAVE ASIGNADA POR
    NIVEL 2

    set security ike gateway gw1 ike-policy pol1


    set security ike gateway gw1 address 192.168.253.1
    set security ike gateway gw1 external-interface ge-0/0/0.0
    set security ipsec proposal ipsec-p1 protocol esp
    set security ipsec proposal ipsec-p1 authentication-algorithm hmac-sha-256-128
    set security ipsec proposal ipsec-p1 encryption-algorithm aes-256-cbc
    set security ipsec proposal ipsec-p1 lifetime-seconds 3600
    set security ipsec policy ipsec-pol proposals ipsec-p1
    set security ipsec vpn vpn-reval bind-interface st0.0
    set security ipsec vpn vpn-reval df-bit clear
    set security ipsec vpn vpn-reval ike gateway gw1
    set security ipsec vpn vpn-reval ike ipsec-policy ipsec-pol
    set security ipsec vpn vpn-reval traffic-selector t1 local-ip 192.168.156.0/24
    -------> LAN SEDE
    set security ipsec vpn vpn-reval traffic-selector t1 remote-ip 192.168.2.0/24
    set security ipsec vpn vpn-reval traffic-selector t2 local-ip 192.168.156.0/24
    -------> LAN SEDE
    set security ipsec vpn vpn-reval traffic-selector t2 remote-ip 192.168.4.0/24
    set security ipsec vpn vpn-reval traffic-selector t3 local-ip 192.168.156.0/24
    -------> LAN SEDE
    set security ipsec vpn vpn-reval traffic-selector t3 remote-ip 192.168.7.0/24

    set security ipsec vpn vpn-reval establish-tunnels immediately


    set security zones security-zone trust interfaces st0.0
    set security zones security-zone trust interfaces ge-0/0/0.0

    set interfaces st0 unit 0 family inet

    set security flow tcp-mss all-tcp mss 1350


    set security flow tcp-mss ipsec-vpn mss 1350

    set routing-options static route 192.168.2.0/24 next-hop st0.0


    set routing-options static route 192.168.4.0/24 next-hop st0.0
    set routing-options static route 192.168.7.0/24 next-hop st0.0

    xxxxxxxxxxxxxxxx
    RATE-LIMIT DVR
    xxxxxxxxxxxxxxxx

    set firewall policer 1.5M if-exceeding bandwidth-limit 1536K


    set firewall policer 1.5M if-exceeding burst-size-limit 625k
    set firewall policer 1.5M then discard

    set firewall family inet filter CALIDAD term DVR from source-address
    192.168.156.150 ------------------------> IP DVR, indicada por
    el cliente
    set firewall family inet filter CALIDAD term DVR from destination-address 0.0.0.0/0
    set firewall family inet filter CALIDAD term DVR then policer 1.5M
    set firewall family inet filter CALIDAD term DVR then accept
    set firewall family inet filter CALIDAD term OTRAS then accept

    set interfaces ge-0/0/0 unit 0 family inet filter input CALIDAD


    set interfaces ge-0/0/0 unit 0 family inet filter output CALIDAD

    set security zones security-zone trust interfaces irb.0 host-inbound-traffic


    protocols all

    **********************************************************************************

    Cuando los NV2 configuen la vpn se realiza prueba hacia la ip 192.168.2.201 con
    fuente la LAN

    ================================================================================
    La configuraci�n en la sede principal ser� configurada por un ingeniero Nivel 2
    ================================================================================

    crypto isakmp key $1$CD3y$KHGrDIZD9SWisf address 192.168.254.X


    ------------------------> LLAVE Y PEER DE LA SEDE
    crypto map REVAL 20 ipsec-isakmp
    ------------------------> CONSECUTIVO POLITICA FASE 2
    set peer 192.168.254.X
    ------------------------> PEER SEDE
    set transform-set ESP-AES256-SHA256
    match address NOMBRE_SEDE
    ------------------------> LISTA DE ACCESO EXTENDIDA NOMBRADA CON EL NOMBRE DE
    LA SEDE

    ip access-list extended NOMBRE_SEDE


    permit ip 192.168.2.0 0.0.0.255 192.168.X.0 0.0.0.255
    permit ip 192.168.4.0 0.0.0.255 192.168.X.0 0.0.0.255
    permit ip 192.168.7.0 0.0.0.255 192.168.X.0 0.0.0.255

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXX
    PASOS
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXX
    ===================================================================================
    =======================
    1. ENVIAMOS CORREO A NIVELES 2
    ===================================================================================
    =======================
    CAMBIO C836091
    IDENTIFICADOR CAV30CI1128381
    INGENIERO PEM JORGE PEREZ
    LAN 192.169.178.0/24
    WAN ROUTER 10.243.119.34/30
    SEDE Meta\Villavicencio_ K32C38

    -------

    Buenas Tardes

    Se asigna :
    llave $1$nKpN$QREkU5aRamXjogv.P.9bQ.

    ===================================================================================
    =======================
    2. CONFIGURAMOS LAN Y LOOPBACK
    ===================================================================================
    =======================
    set interfaces irb unit 0 description CONEXION_LAN
    set interfaces irb unit 0 family inet address 192.168.156.1/24 -------
    >LAN_SUMINISTRADA_POR_CLIENTE_SE_VALIDA_CON_CLIENTE_AFECTACION_DE_SERVICIO
    set interfaces lo0 unit 0 description GRAFICACION_GU
    set interfaces lo0 unit 0 family inet address 10.172.8.123/32

    ===================================================================================
    =======================
    3. prueba
    ===================================================================================
    =======================

    [edit]
    etb@REVAL_BOG_AVCARC41_D# run show security ike sa
    Index State Initiator cookie Responder cookie Mode Remote Address
    5499674 UP f2778c22e0e425c0 b99730cc7fc924d8 Main 192.168.253.1

    [edit]
    etb@REVAL_BOG_AVCARC41_D# run show security ipsec sa
    Total active tunnels: 3
    ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway
    <67108870 ESP:aes-cbc-256/sha256 e9dae75 3279/ 4608000 - root 500 192.168.253.1

    >67108870 ESP:aes-cbc-256/sha256 b0924623 3279/ 4608000 - root 500 192.168.253.1

    <67108870 ESP:aes-cbc-256/sha256 6a15d351 3280/ 4599797 - root 500 192.168.253.1

    >67108870 ESP:aes-cbc-256/sha256 6465f1fd 3280/ 4599797 - root 500 192.168.253.1

    <67108869 ESP:aes-cbc-256/sha256 76a46024 3280/ 4608000 - root 500 192.168.253.1

    >67108869 ESP:aes-cbc-256/sha256 f002fb86 3280/ 4608000 - root 500 192.168.253.1

    <67108868 ESP:aes-cbc-256/sha256 4df36d0 3280/ 4608000 - root 500 192.168.253.1

    >67108868 ESP:aes-cbc-256/sha256 97cf56a2 3280/ 4608000 - root 500 192.168.253.1

    [edit]
    etb@REVAL_BOG_AVCARC41_D#

    [edit]
    etb@REVAL_BOG_AVCARC41_D# run show security ipsec statistics
    ESP Statistics:
    Encrypted bytes: 590696
    Decrypted bytes: 8703828
    Encrypted packets: 4474
    Decrypted packets: 12428
    AH Statistics:
    Input bytes: 0
    Output bytes: 0
    Input packets: 0
    Output packets: 0
    Errors:
    AH authentication failures: 0, Replay errors: 0
    ESP authentication failures: 0, ESP decryption failures: 0
    Bad headers: 0, Bad trailers: 0

    [edit]
    etb@REVAL_BOG_AVCARC41_D#

    You might also like