###### tags: `Redes`
# Configuração Retirada dos Aparelhos
## MAIN SITE - MAIN NETWORK
### R1_MainSite
```
interface GigabitEthernet0/0
no ip address
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
description Vlan Dados1
encapsulation dot1Q 10
ip address 10.0.10.2 255.255.255.0
standby version 2
standby 1 ip 10.0.10.1
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0.20
description Vlan Dados2
encapsulation dot1Q 20
ip address 10.0.20.2 255.255.255.0
standby version 2
standby 1 ip 10.0.20.1
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/1
description Ligacao para R_MainSite_Extension
ip address 10.0.250.10 255.255.255.252
standby 1 track 1 decrement 60
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
description Ligacao para ASAv
ip address 10.0.250.2 255.255.255.252
standby 1 track 2 decrement 60
no shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 10
router-id 2.2.2.2
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.50.0 0.0.0.255 area 0
network 10.0.110.0 0.0.0.255 area 0
network 10.0.250.0 0.0.0.3 area 0
network 10.0.250.4 0.0.0.3 area 0
network 10.0.250.8 0.0.0.3 area 0
network 10.0.250.12 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
network 172.16.50.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.15 area 0
network 172.16.200.16 0.0.0.15 area 0
network 172.16.250.0 0.0.0.3 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip sla 1
icmp-echo 10.0.250.10
frequency 300
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.0.250.2
frequency 300
ip sla schedule 2 life forever start-time now
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
```
### R2_MainSite
```
!
interface GigabitEthernet0/0
no ip address
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
description Vlan Dados1
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
standby version 2
standby 1 ip 10.0.10.1
!
interface GigabitEthernet0/0.20
description Vlan Dados2
encapsulation dot1Q 20
ip address 10.0.20.3 255.255.255.0
standby version 2
standby 1 ip 10.0.20.1
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description Ligacao para R_MainSite_Extension
ip address 10.0.250.14 255.255.255.252
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
description Ligacao para ASAv
ip address 10.0.250.6 255.255.255.252
no shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 10
router-id 3.3.3.3
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.50.0 0.0.0.255 area 0
network 10.0.110.0 0.0.0.255 area 0
network 10.0.250.0 0.0.0.3 area 0
network 10.0.250.4 0.0.0.3 area 0
network 10.0.250.8 0.0.0.3 area 0
network 10.0.250.12 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
network 172.16.50.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.15 area 0
network 172.16.200.16 0.0.0.15 area 0
network 172.16.250.0 0.0.0.3 area 0
!
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
```
### R_MainSite_Extension
```
interface GigabitEthernet0/0
description Para o PC_MainSite_Extension
ip address 10.0.110.1 255.255.255.0
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description Ligacao para R1_MainSite
ip address 10.0.250.9 255.255.255.252
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
description Ligacao para R2_MainSite
ip address 10.0.250.13 255.255.255.252
no shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 10
router-id 4.4.4.4
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.50.0 0.0.0.255 area 0
network 10.0.110.0 0.0.0.255 area 0
network 10.0.250.0 0.0.0.3 area 0
network 10.0.250.4 0.0.0.3 area 0
network 10.0.250.8 0.0.0.3 area 0
network 10.0.250.12 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
network 172.16.50.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.15 area 0
network 172.16.200.16 0.0.0.15 area 0
network 172.16.250.0 0.0.0.3 area 0
!
end
```
### S1_MainSite
```
!
interface Port-channel1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel4
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
!
interface GigabitEthernet0/1
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 1 mode on
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 1 mode on
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 4 mode on
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 4 mode on
!
interface Vlan50
no ip address
shutdown
!
interface Vlan100
no ip address
shutdown
!
ip forward-protocol nd
!
ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
end
```
### S2_MainSite
```
!
!
interface Port-channel3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel4
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
!
interface GigabitEthernet0/1
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 3 mode on
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 3 mode on
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 4 mode on
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 4 mode on
!
ip forward-protocol nd
!
ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
end
```
### S3_MainSite
```
!
!
!
interface Port-channel1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport access vlan 10
switchport mode access
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 5000.0011.0000
switchport port-security
negotiation auto
!
interface GigabitEthernet0/1
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 1 mode on
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 1 mode on
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 2 mode on
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 2 mode on
!
interface Vlan10
no ip address
shutdown
!
interface Vlan30
no ip address
shutdown
!
interface Vlan100
no ip address
shutdown
!
end
```
### S4_MainSite
```
!
!
interface Port-channel2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport access vlan 20
switchport mode access
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0050.7966.6812
switchport port-security
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
!
interface GigabitEthernet0/2
negotiation auto
!
interface GigabitEthernet0/3
negotiation auto
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 3 mode on
!
interface GigabitEthernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 3 mode on
!
interface GigabitEthernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 2 mode on
!
interface GigabitEthernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
channel-group 2 mode on
!
interface Vlan20
no ip address
shutdown
!
interface Vlan30
no ip address
shutdown
!
interface Vlan100
no ip address
shutdown
!
end
```
## BRANCH SITE
### R_Branch
```
hostname R_Branch
!
enable secret GRLB1234
!
ip dhcp pool Voice
network 192.168.30.0 255.255.255.0
option 150 ip 192.168.30.1
default-router 192.168.30.1
!
no ip domain lookup
ip domain name Go.Luis
login block-for 120 attempts 3 within 90
!
username R_Branch privilege 15 password GRLB1234
!
crypto key generate rsa modulus 1024
ip ssh version 2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key GRLB1234 address 189.15.10.2
!
crypto ipsec transform-set ESP-TUNNEL esp-3des esp-sha-hmac
mode tunnel
!
crypto map RT_Branch-ASAV 10 ipsec-isakmp
set peer 189.15.10.2
set security-association lifetime seconds 86400
set transform-set ESP-TUNNEL
match address VPN-ACL
!
interface Ethernet0/0
no switchport
no ip address
no shutdown
!
interface Ethernet0/0.10
no switchport
description Gateway da Vlan Dados
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
no shutdown
!
interface Ethernet0/0.30
no switchport
description Gateway da Vlan VOIP
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
no shutdown
!
interface Ethernet0/1
no switchport
description Ligacao a INTERNET
ip address 189.15.11.2 255.255.255.252
crypto map RT_Branch-ASAV
no shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 189.15.11.1
!
ip access-list extended VPN-ACL
remark Link to the ASA
permit ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
permit ip 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255
!
telephony-service
max-ephones 3
max-dn 3
ip source-address 192.168.30.1 port 2000
max-conferences 8 gain -6
transfer-system full-consult
!
!
ephone-dn 1
number 3001
!
!
ephone-dn 2
number 3002
!
ephone-dn 3
number 3003
!
ephone 1
device-security-mode none
!
ephone 2
device-security-mode none
!
ephone 3
device-security-mode none
!
banner motd ^C
___ _ _ _ _ _
| _ \___ __| |_ _ _(_)__| |_ ___ __| | /_\ __ __ ___ ______
| / -_|_-< _| '_| / _| _/ -_) _` | / _ \/ _/ _/ -_|_-<_-<
|_|_\___/__/\__|_| |_\__|\__\___\__,_| /_/ \_\__\__\___/__/__/
_ _ _ _ _
/_\ _ _| |_| |_ ___ _ _(_)______ __| |
/ _ \ || | _| ' \/ _ \ '_| |_ / -_) _` |
/_/ \_\_,_|\__|_||_\___/_| |_/__\___\__,_|
___ _ ___ _ _ _ __ __
| _ \___ _ _ ___ ___ _ _ _ _ ___| | / _ \| \| | |\ \ / /
| _/ -_) '_(_-</ _ \ ' \| ' \/ -_) | | (_) | .` | |_\ V /
|_| \___|_| /__/\___/_||_|_||_\___|_| \___/|_|\_|____|_|
^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login local
transport input ssh
!
```
### S1_Branch
```
!
hostname S1_Branch
!
enable secret GRLB1234
!
username S1_Branch privilege 15 password GRLB1234
!
no ip domain-lookup
ip domain-name Go.Luis
ip cef
login block-for 120 attempts 3 within 90
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface Port-channel1
switchport
switchport trunk allowed vlan 10,20,30,50
!
interface Port-channel2
switchport
switchport trunk allowed vlan 10,20,30,50
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
no shutdown
!
interface Ethernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
no shutdown
!
interface Ethernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
no shutdown
!
interface Ethernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
no shutdown
!
interface Vlan10
no ip address
no shutdown
!
interface Vlan20
no ip address
no shutdown
!
interface Vlan30
no ip address
no shutdown
!
interface Vlan50
no ip address
no shutdown
!
interface Vlan100
no ip address
no shutdown
!
ip forward-protocol nd
!
ip http server
!
ip ssh version 2
!
banner motd ^C
___ _ _ _ _ _
| _ \___ __| |_ _ _(_)__| |_ ___ __| | /_\ __ __ ___ ______
| / -_|_-< _| '_| / _| _/ -_) _` | / _ \/ _/ _/ -_|_-<_-<
|_|_\___/__/\__|_| |_\__|\__\___\__,_| /_/ \_\__\__\___/__/__/
_ _ _ _ _
/_\ _ _| |_| |_ ___ _ _(_)______ __| |
/ _ \ || | _| ' \/ _ \ '_| |_ / -_) _` |
/_/ \_\_,_|\__|_||_\___/_| |_/__\___\__,_|
___ _ ___ _ _ _ __ __
| _ \___ _ _ ___ ___ _ _ _ _ ___| | / _ \| \| | |\ \ / /
| _/ -_) '_(_-</ _ \ ' \| ' \/ -_) | | (_) | .` | |_\ V /
|_| \___|_| /__/\___/_||_|_||_\___|_| \___/|_|\_|____|_|
^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login local
transport input ssh
!
!
end
```
### S2_Branch
```
!
hostname S2_Branch
!
enable secret GRLB1234
!
username S2_Branch privilege 15 password GRLB1234
!
no ip domain-lookup
ip domain-name Go.Luis
ip cef
login block-for 120 attempts 3 within 90
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface Port-channel1
switchport
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Port-channel3
switchport
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet0/0
switchport access vlan 10
switchport mode access
switchport voice vlan 30
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 5001.0001.0000
switchport port-security
no shutdown
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
no shutdown
!
interface Ethernet0/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
no shutdown
!
interface Ethernet1/0
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
no shutdown
!
interface Ethernet1/1
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
no shutdown
!
interface Ethernet1/2
!
interface Ethernet1/3
!
interface Vlan10
no ip address
no shutdown
!
ip forward-protocol nd
!
ip http server
!
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
banner motd ^C
___ _ _ _ _ _
| _ \___ __| |_ _ _(_)__| |_ ___ __| | /_\ __ __ ___ ______
| / -_|_-< _| '_| / _| _/ -_) _` | / _ \/ _/ _/ -_|_-<_-<
|_|_\___/__/\__|_| |_\__|\__\___\__,_| /_/ \_\__\__\___/__/__/
_ _ _ _ _
/_\ _ _| |_| |_ ___ _ _(_)______ __| |
/ _ \ || | _| ' \/ _ \ '_| |_ / -_) _` |
/_/ \_\_,_|\__|_||_\___/_| |_/__\___\__,_|
___ _ ___ _ _ _ __ __
| _ \___ _ _ ___ ___ _ _ _ _ ___| | / _ \| \| | |\ \ / /
| _/ -_) '_(_-</ _ \ ' \| ' \/ -_) | | (_) | .` | |_\ V /
|_| \___|_| /__/\___/_||_|_||_\___|_| \___/|_|\_|____|_|
^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login local
transport input ssh
!
!
end
```
### S3_Branch
```
!
hostname S3_Branch
!
enable secret GRLB1234
!
username S3_Branch privilege 15 password GRLB1234
!
no ip domain-lookup
ip domain-name Go.Luis
ip cef
login block-for 120 attempts 3 within 90
!
interface Port-channel2
switchport
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Port-channel3
switchport
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
no shutdown
!
interface Ethernet0/0
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
no shutdown
!
interface Ethernet0/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
no shutdown
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
no shutdown
!
interface Ethernet1/3
switchport trunk allowed vlan 10,20,30,50
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
no shutdown
!
ip forward-protocol nd
!
ip http server
!
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
banner motd ^C
___ _ _ _ _ _
| _ \___ __| |_ _ _(_)__| |_ ___ __| | /_\ __ __ ___ ______
| / -_|_-< _| '_| / _| _/ -_) _` | / _ \/ _/ _/ -_|_-<_-<
|_|_\___/__/\__|_| |_\__|\__\___\__,_| /_/ \_\__\__\___/__/__/
_ _ _ _ _
/_\ _ _| |_| |_ ___ _ _(_)______ __| |
/ _ \ || | _| ' \/ _ \ '_| |_ / -_) _` |
/_/ \_\_,_|\__|_||_\___/_| |_/__\___\__,_|
___ _ ___ _ _ _ __ __
| _ \___ _ _ ___ ___ _ _ _ _ ___| | / _ \| \| | |\ \ / /
| _/ -_) '_(_-</ _ \ ' \| ' \/ -_) | | (_) | .` | |_\ V /
|_| \___|_| /__/\___/_||_|_||_\___|_| \___/|_|\_|____|_|
^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
login local
transport input ssh
!
end
```
## MAIN SITE - DMZ
### ASAV_MainSite
```
!
hostname ASAV-MainSite
enable password F8CNMOFoSSl4TtZh encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface GigabitEthernet0/0
description Ligacao Para o site de SQL
nameif dmz3
security-level 70
ip address 172.16.200.1 255.255.255.240
!
interface GigabitEthernet0/1
description Ligacao Para a Base de Dados do Site
nameif dmz2
security-level 70
ip address 172.16.200.17 255.255.255.240
!
interface GigabitEthernet0/2
description Ligacao Para o Switch L3
nameif dmz
security-level 70
ip address 172.16.250.1 255.255.255.252
!
interface GigabitEthernet0/3
description Para o R1_MainSite
nameif inside
security-level 100
ip address 10.0.250.1 255.255.255.252
!
interface GigabitEthernet0/4
description Para o R2_MainSite
nameif inside2
security-level 100
ip address 10.0.250.5 255.255.255.252
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
description Ligacao para o INTERNET
nameif outside
security-level 0
ip address 189.15.10.2 255.255.255.252
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
object network DMZ_Network
subnet 172.16.0.0 255.255.0.0
object network Inside_Network
subnet 10.0.0.0 255.255.0.0
object network Branch_Site
subnet 192.168.0.0 255.255.0.0
object network Inside-10.0.0.0
subnet 10.0.0.0 255.0.0.0
object-group network DM_INLINE_NETWORK_1
network-object object DMZ_Network
network-object object Inside_Network
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object Branch_Site
access-list outside_cryptomap_1 extended permit ip object Inside_Network object Branch_Site
pager lines 23
mtu dmz 1500
mtu inside 1500
mtu outside 1500
mtu dmz3 1500
mtu dmz2 1500
mtu inside2 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
router ospf 10
router-id 1.1.1.1
network 172.16.0.0 255.255.0.0 area 0
log-adj-changes
default-information originate
!
route outside 0.0.0.0 0.0.0.0 189.15.10.1 1
route dmz 172.16.50.0 255.255.255.0 172.16.250.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 172.16.50.100 255.255.255.255 dmz
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 189.15.11.2
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer 189.15.11.2
crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=172.16.250.1,CN=ASAV-MainSite
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a
308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30
36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967
6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c
79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562
6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72
69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b
e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1
b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49
ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969
7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406
04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd
75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983
cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f
3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405
30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701
0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007
06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516
23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f
2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af
33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a
982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98
097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8
e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e
db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f
e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619
e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e
6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6
183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate 2d64965d
308202da 308201c2 a0030201 0202042d 64965d30 0d06092a 864886f7 0d010105
0500302f 31163014 06035504 03130d41 5341562d 4d61696e 53697465 31153013
06035504 03130c31 37322e31 362e3235 302e3130 1e170d31 39313030 33323230
3030325a 170d3239 30393330 32323030 30325a30 2f311630 14060355 0403130d
41534156 2d4d6169 6e536974 65311530 13060355 0403130c 3137322e 31362e32
35302e31 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
02820101 009a32bb 16fcb7f8 b59b30b4 a929e969 8021f1f1 d99fa355 bb423521
563070b7 964fa874 9e9cad43 6be35c6b ea8617ee f06084a3 13960cb1 c10609e8
e0a7a0d1 739efbc8 0504f95b 4cc2e07e 31752acf 26a84b77 0bdadda3 a3acd4e1
658c5580 3eabb0aa 36388cfd f6365695 eb6914c7 cfea34d9 7480ca91 a68152a8
b875707c e0395c04 a1dcea18 a193d265 fc9b9274 e2adc32a c3ac3189 39548325
6513067b 7cd38ee3 482c3c48 282cf6e0 d0450109 f60dbc58 3ec548cb a448ca2f
87e3c043 19c4f9cb 919131db 791604d6 c9625042 58d005b6 5e9ecafe fd72a83d
cf306e3f 6fae2c6a 57834969 89750f21 a2f8be76 3901b876 00d26e19 14705c15
256728d9 67020301 0001300d 06092a86 4886f70d 01010505 00038201 0100396f
1fcb57c1 2497e5ba d5e0e308 a1770a85 87fb9d4a d1767a11 1a5cbb0f 8d3d17e2
1e649628 7f370b3a 08034dea 2bd837b9 fc5e5de1 12a30d0e 28e0c86a 5d51b6fe
6d7916ae 6786a4a1 2a3532e7 7278a15d 40104f1f e70df3a5 312dff8b 1405bfbc
8b1ec7b5 2b89c0d3 1b1588c2 7ec7793f 404ca8ff 10c5329c bdb138bb 568929f6
f3dac88a 6dca285f ac4cd371 23ae734b dec16a2a a3b8ef8b 3c2f741b 73901514
9d96c458 d06381b0 e9d63104 b0488242 7750fe0d 765193cb 9f94c531 39ed8921
2bb7d66d 59539a5c 19359726 c8f6d067 54657645 0c484084 31b58ac4 46268087
1df25ccb dcabd24e e5184daf 4071253b 19f2ffee 96793a19 b2f5f3c8 da0c
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 dmz
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 dmz vpnlb-ip
group-policy GroupPolicy_189.15.11.2 internal
group-policy GroupPolicy_189.15.11.2 attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy
username ASAV-MainSite password nx1.apHjuGQDNWAg encrypted privilege 15
tunnel-group 189.15.11.2 type ipsec-l2l
tunnel-group 189.15.11.2 general-attributes
default-group-policy GroupPolicy_189.15.11.2
tunnel-group 189.15.11.2 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f81e2fcbed984855e5ed5cf310d65427
: end
```
### MLS_DataCenter v3
```
!
hostname MLS_DataCenter
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EET 2 0
!
ip cef
!
!
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport access vlan 50
switchport mode access
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
description Ligacao Para a ASAV_MainSite
no switchport
ip address 172.16.250.2 255.255.255.252
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet1/1
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet1/2
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet1/3
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet2/0
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet2/1
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet2/2
switchport access vlan 80
switchport mode access
duplex auto
!
interface Ethernet2/3
switchport access vlan 80
switchport mode access
duplex auto
!
interface Vlan50
description Ligacao para o Admin_SSH_Client
ip address 172.16.50.1 255.255.255.0
ip helper-address 172.16.80.126
!
interface Vlan80
description Ligacao para os Servidores
ip address 172.16.80.1 255.255.255.0
!
router ospf 10
router-id 5.5.5.5
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.50.0 0.0.0.255 area 0
network 10.0.110.0 0.0.0.255 area 0
network 10.0.250.0 0.0.0.3 area 0
network 10.0.250.4 0.0.0.3 area 0
network 10.0.250.8 0.0.0.3 area 0
network 10.0.250.12 0.0.0.3 area 0
network 172.16.0.0 0.0.0.255 area 0
network 172.16.50.0 0.0.0.255 area 0
network 172.16.200.0 0.0.0.15 area 0
network 172.16.200.16 0.0.0.15 area 0
network 172.16.250.0 0.0.0.3 area 0
network 172.16.0.0 0.0.255.255 area 0
!
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
```
### MLS_DataCenter V2
```
hostname MLS_DataCenter
!
interface Ethernet0/0
switchport access vlan 50
no shutdown
!
interface Ethernet0/1
!
interface Ethernet0/2
description Ligacao Para a ASAV_MainSite
no switchport
ip address 172.16.250.2 255.255.255.252
no shutdown
!
interface Ethernet0/3
!
interface Ethernet1/0
switchport access vlan 80
no shutdown
!
interface Ethernet1/1
switchport access vlan 80
no shutdown
!
interface Ethernet1/2
switchport access vlan 80
no shutdown
!
interface Ethernet1/3
switchport access vlan 80
no shutdown
!
interface Vlan 50
description Ligacao para o Admin_SSH_Client
ip address 172.16.50.1 255.255.255.0
no shutdown
!
interface Vlan 80
description Ligacao para os Servidores
ip address 172.16.80.1 255.255.255.0
no shutdown
!
ip forward-protocol nd
!
ip http server
!
ip route 172.16.50.0 255.255.255.0 172.16.250.1
ip route 0.0.0.0 0.0.0.0 172.16.250.1
!
no banner exec
no banner incoming
no banner login
!
!
end
```
## INTERNET
```
```