Configuring IDS TCP Reset Using VMS IDS MC

Size: px
Start display at page:

Download "Configuring IDS TCP Reset Using VMS IDS MC"

Transcription

1 Configuring IDS TCP Reset Using VMS IDS MC Document ID: Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Initial Sensor Configuration Import the Sensor into IDS MC Import the Sensor into Security Monitor Use IDS MC for Signature Updates Configure TCP Reset for IOS Router Verify Launch the Attack and TCP Reset Troubleshoot Troubleshooting Procedure Related Information Introduction The document provides a sample configuration of the Cisco Intrusion Detection System (IDS) via the VPN/Security Management Solution (VMS), IDS Management Console (IDS MC). In this case, TCP Reset from the IDS Sensor to a Cisco router is configured. Prerequisites Requirements Ensure that you meet these requirements before you attempt this configuration: The Sensor is installed and configured for sensing necessary traffic. The sniffing interface is spanned to the router outside interface. Components Used The information in this document is based on these software and hardware versions: VMS 2.2 with IDS MC and Security Monitor Cisco IDS Sensor 4.1.3S(63) Cisco Router that runs Cisco IOS Software Release The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

2 Conventions Refer to Cisco Technical Tips Conventions for more information on document conventions. Configure In this section, you are presented with the information to configure the features described in this document. Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section. Network Diagram This document uses this network setup: Configurations This document uses these configurations. Router Light Router House Router Light Current configuration : 906 bytes version 12.3 service timestamps debug uptime service timestamps log uptime no service password encryption hostname light enable password cisco username cisco password 0 cisco ip subnet zero ip ssh time out 120

3 ip ssh authentication retries 3 call rsvp sync fax interface type modem mta receive maximum recipients 0 controller E1 2/0 interface FastEthernet0/0 ip address duplex auto speed auto interface FastEthernet0/1 ip address duplex auto speed auto interface BRI4/0 no ip address shutdown interface BRI4/1 no ip address shutdown interface BRI4/2 no ip address shutdown interface BRI4/3 no ip address shutdown ip classless ip route ip http server ip pim bidir enable dial peer cor custom line con 0 line line aux 0 line vty 0 4 login end Building configuration... Router House Current configuration : 797 bytes version 12.3 no service pad service timestamps debug datetime msec

4 service timestamps log datetime msec no service password encryption hostname House logging queue limit 100 enable password cisco ip subnet zero no ip domain lookup interface Ethernet0 ip address hold queue 100 out interface Ethernet1 ip address ip classless ip route ip route ip http server no ip http secure server line con 0 stopbits 1 line vty 0 4 password cisco login scheduler max task time 5000 end Initial Sensor Configuration Note: If you have already performed the initial setup of your Sensor, proceed to the Import the Sensor into IDS MC section. 1. Console into the Sensor. You are prompted for a username and password. If this is the first time you are consoling into the Sensor, you must login with the username cisco and password cisco. 2. You are prompted to change the password and to re type the new password to confirm. 3. Type setup and enter the appropriate information at each prompt to set up basic parameters for your Sensor, as per this example: sensor5#setup System Configuration Dialog At any point you may enter a question mark '?' for help. User ctrl c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Current Configuration: networkparams ipaddress netmask defaultgateway

5 hostname sensor5 telnetoption enabled accesslist ipaddress netmask exit timeparams summertimeparams active selection none exit exit service webserver general ports 443 exit exit 5 Save the config: (It might take a few minutes for the sensor saving the configuration) [0] Go to the command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration and exit setup. Enter your selection[2]: 2 Import the Sensor into IDS MC Complete these steps in order to import the Sensor into the IDS MC. 1. Browse to your Sensor. In this case, either or 2. Login with the appropriate username and password. In this example, the username is admin and the password is cisco. 3. Choose VPN/Security Management Solution > Management Center and click IDS Sensors. 4. Click the Devices tab and choose Sensor Group. 5. Highlight Global and click Create Subgroup. 6. Enter the Group Name and ensure that Default is chosen, then click OK in order to add the subgroup into the IDS MC. 7. Choose Devices > Sensor, highlight the subgroup created in the previous step (in this case, test), and click Add. 8. Highlight the subgroup and click Next.

6 9. Enter the details as per this example and click Next in order to continue. 10. When you are presented with a message that states Successfully imported sensor configuration, click Finish in order to continue. 11. Your Sensor is imported into the IDS MC. In this case, Sensor5 is imported.

7 Import the Sensor into Security Monitor Complete these steps in order to import the Sensor into Security Monitor. 1. At the VMS Server menu, choose VPN/Security Management Solution > Monitoring Center > Security Monitor. 2. Select the Devices tab, then click Import and enter the IDS MC Server Information, as per this example. 3. Select your Sensor (in this case, sensor5) and click Next in order to continue. 4. If needed, update the NAT address for your Sensor, then click Finish in order to continue.

8 5. Click OK in order to finish importing the Sensor from IDS MC into Security Monitor. 6. You can now see that your Sensor is successfully imported Use IDS MC for Signature Updates This procedure explains how to use IDS MC for signature updates. 1. Download the Network IDS Signature updates (registered customers only) and save them in the C:\PROGRA~1\CSCOpx\MDC\etc\ids\updates\ directory on your VMS Server. 2. At the VMS server console, choose VPN/Security Management Solution > Management Center > IDS Sensors. 3. Select the Configuration tab and click Updates. 4. Click Update Network IDS Signatures. 5. Select the signature you want to upgrade from the drop down menu and click Apply in order to continue.

9 6. Select the Sensor(s) to update and click Next in order to continue. 7. After you are prompted to apply the update to the Management Center, as well as the Sensor, click Finish in order to continue. 8. Telnet or console into the Sensor command line interface. You see information similar to this: sensor5# Broadcast message from root (Mon Dec 15 11:42: ): Applying update IDS sig S63. This may take several minutes. Please do not reboot the sensor during this update. Broadcast message from root (Mon Dec 15 11:42: ): Update complete. sensorapp is restarting This may take several minutes. 9. Wait for a few minutes to allow the upgrade to complete, then enter show version in order to verify. sensor5#show version Application Partition: Cisco Systems Intrusion Detection Sensor, Version 4.1(3)S63 Upgrade History: * IDS sig S62 07:03:04 UTC Thu Dec IDS sig S63.rpm.pkg 11:42:01 UTC Mon Dec

10 Configure TCP Reset for IOS Router Complete these steps in order to configure TCP reset for the IOS router. 1. Choose VPN/Security Management Solution > Management Center > IDS Sensors. 2. Select the Configuration tab, select your Sensor from Object Selector, then click Settings. 3. Select Signatures, click Custom, and click Add in order to add a new signature. 4. Enter the new Signature Name, then select the Engine (in this case, STRING.TCP). 5. Check the appropriate radio button in order to customize the available parameters and then click Edit. In this example, the ServicePorts parameter is edited to change its value to 23 (for port 23). The RegexString parameter is also edited to add the value testattack. When this is complete, click OK to continue. 6. Click the name of the signature in order to edit the Signature Severity and Actions or to Enable/Disable the signature.

11 7. In this case, the severity is changed to High and the action Log & Reset is chosen. Click OK in order to continue. 8. The complete signature looks similar to this: 9. Choose Configuration > Pending, check the pending configuration to ensure it is correct, and click Save. 10. Choose Deployment > Generate, and then click Apply in order to push the configuration changes to the Sensor.

12 11. Choose Deployment > Deploy and click Submit. 12. Check the checkbox next to your Sensor and click Deploy. 13. Check the checkbox for the job in the queue and click Next in order to continue. 14. Enter the Job Name and schedule the job as Immediate, then click Finish. 15. Choose Deployment > Deploy > Pending. Wait a few minutes until all the pending jobs have been completed. The queue should then be empty. 16. Choose Configuration > History in order to confirm the deployment. Ensure the status of the configuration is displayed as Deployed. This means that the Sensor configuration is updated successfully.

13 Verify Use this section to confirm that your configuration works properly. Launch the Attack and TCP Reset Launch a test attack and check the results in order to verify that the Blocking process works correctly. 1. Before the attack is launched, choose VPN/Security Management Solution > Monitoring Center > Security Monitor. 2. Choose Monitor from the main menu and click Events. 3. Click Launch Event Viewer. 4. Telnet from one router to the other and type testattack in order to launch the attack. In this case, we Telnetted from the router Light to the router House. As soon as you press <space> or <enter>, after you type testattack, your Telnet session should be reset. light#telnet Trying Open User Access Verification Password: house>en Password: house#testattack The Telnet session is reset due to the signature "testattack" being triggered. [Connection to lost] 5. From the Event Viewer, click Query Database for new events now.

14 You see the alert for the previously launched attack 6. In the Event Viewer, highlight the alarm, right click it and select either View Context Buffer or View NSDB to view more detailed information about the alarm. Troubleshoot This section provides information you can use to troubleshoot your configuration. Troubleshooting Procedure Complete these steps in order to troubleshoot. 1. In the IDS MC, choose Reports > Generate. Depending on the problem type, further details should be found in one of the seven available reports.

15 2. While Blocking utilizes the Command and Control port to configure the router access lists, TCP Resets are sent from the sniffing interface of the Sensor. Ensure you have spanned the correct port, using the set span command on the switch, similar to this: set span <src_mod/src_port><dest_mod/dest_port> both inpkts enable banana (enable) set span 2/12 3/6 both inpkts enable Overwrote Port 3/6 to monitor transmit/receive traffic of Port 2/12 Incoming Packets enabled. Learning enabled. Multicast enabled. banana (enable) banana (enable) banana (enable) show span Destination : Port 3/6 Connect to sniffing interface of the Sensor. Admin Source : Port 2/12 In this case, connect to Ethernet1 of Router House. Oper Source : Port 2/12 Direction : transmit/receive Incoming Packets: enabled Learning : enabled Multicast : enabled 3. If TCP Reset is not working, login to the Sensor and enter the show event command. Launch the attack, and check to see whether or not the alarm is triggered. If the alarm is triggered, check to ensure it is set for the action type TCP reset. Related Information Cisco Secure Intrusion Detection Support Page Documentation for Cisco Secure Intrusion Detection System CiscoWorks VPN/Security Management Solution Support Page Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc.

16 Updated: Oct 17, 2008 Document ID: 47560

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500 Lab 4.2.2 Establishing and Verifying a Telnet Connection Instructor Version 2500 Objective Establish a Telnet connection to a remote router. Verify that the application layer between source and destination

More information

Three interface Router without NAT Cisco IOS Firewall Configuration

Three interface Router without NAT Cisco IOS Firewall Configuration Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations

More information

Lab Configuring Static Routes Instructor Version 2500

Lab Configuring Static Routes Instructor Version 2500 Lab 6.1.6 Configuring Static Routes Instructor Version 2500 Objective Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols. Background/Preparation

More information

Secure ACS Database Replication Configuration Example

Secure ACS Database Replication Configuration Example Secure ACS Database Replication Configuration Example Document ID: 71320 Introduction Prerequisites Requirements Components Used Related Products Conventions Background Information Scenario I Scenario

More information

Configuring a Terminal/Comm Server

Configuring a Terminal/Comm Server Configuring a Terminal/Comm Server Document ID: 5466 Introduction Prerequisites Requirements Components Used Conventions Cabling Design Strategy Configure Network Diagram Configurations Command Summary

More information

Configuring a Cisco 827 Router to Support PPPoE Clients, Terminating on a Cisco 6400 UAC

Configuring a Cisco 827 Router to Support PPPoE Clients, Terminating on a Cisco 6400 UAC Configuring a Cisco 827 Router to Support PPPoE Clients, Terminating on a Cisco 6400 UAC Document ID: 12889 Contents Introduction Before You Begin Conventions Prerequisites Components Used Configure Network

More information

Lab Troubleshooting IP Address Issues Instructor Version 2500

Lab Troubleshooting IP Address Issues Instructor Version 2500 Lab 4.2.6 Troubleshooting IP Address Issues Instructor Version 2500 Objective Configure two routers and two workstations in a small WAN. Troubleshoot problems introduced by incorrect configurations. Background/Preparation

More information

Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall

Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall Document ID: 43068 Contents Introduction Prerequisites Requirements Components Used Conventions Configure

More information

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Document ID: 113337 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration

More information

co Configuring PIX to Router Dynamic to Static IPSec with

co Configuring PIX to Router Dynamic to Static IPSec with co Configuring PIX to Router Dynamic to Static IPSec with Table of Contents Configuring PIX to Router Dynamic to Static IPSec with NAT...1 Introduction...1 Configure...1 Components Used...1 Network Diagram...1

More information

How to Configure a Cisco Router Behind a Non-Cisco Cable Modem

How to Configure a Cisco Router Behind a Non-Cisco Cable Modem How to Configure a Cisco Router Behind a Non-Cisco Cable Modem Document ID: 19268 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify

More information

TACACS+ on an Aironet Access Point for Login Authentication Configuration Example

TACACS+ on an Aironet Access Point for Login Authentication Configuration Example TACACS+ on an Aironet Access Point for Login Authentication Configuration Example Document ID: 70149 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram

More information

Lab Advanced Telnet Operations Instructor Version 2500

Lab Advanced Telnet Operations Instructor Version 2500 Lab 4.2.4 Advanced Telnet Operations Instructor Version 2500 Objective Use the telnet command to remotely access other routers. Verify that the application layer between the source and the destination

More information

Using NAT in Overlapping Networks

Using NAT in Overlapping Networks Using NAT in Overlapping Networks Document ID: 13774 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot Related Information

More information

Configuring Transparent and Proxy Media Redirection Using ACNS Software 4.x

Configuring Transparent and Proxy Media Redirection Using ACNS Software 4.x Configuring Transparent and Proxy Media Redirection Using ACNS Software 4.x Document ID: 4717 Contents Introduction Before You Begin Conventions Prerequisites Requirements Components Used Configure Network

More information

Policy Based Routing with the Multiple Tracking Options Feature Configuration Example

Policy Based Routing with the Multiple Tracking Options Feature Configuration Example Policy Based Routing with the Multiple Tracking Options Feature Configuration Example Document ID: 48003 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram

More information

Lab Backing up Configuration Files Instructor Version 2500

Lab Backing up Configuration Files Instructor Version 2500 Lab 3.2.9 Backing up Configuration Files Instructor Version 2500 Objective Demonstrate the capture of the running configuration of a router to an ASCII text file with HyperTerminal. Edit or modify the

More information

cable modem dhcp proxy nat on Cisco Cable Modems

cable modem dhcp proxy nat on Cisco Cable Modems cable modem dhcp proxy nat on Cisco Cable Modems Document ID: 12176 Contents Introduction Prerequisites Requirements Components Used Conventions Dynamic NAT Versus Static NAT Configuration Using cable

More information

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address Document ID: 71118 Contents Introduction Prerequisites Requirements Components

More information

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

Internet. SonicWALL IP Cisco IOS IP IP Network Mask Prepared by SonicWALL, Inc. 9/20/2001 Introduction: VPN standards are still evolving and interoperability between products is a continued effort. SonicWALL has made progress in this area and is interoperable

More information

IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example

IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example Document ID: 63098 Contents Introduction Prerequisites Requirements Components Used Conventions

More information

No Service Password-Recovery

No Service Password-Recovery No Service Password-Recovery Last Updated: January 18, 2012 The No Service Password-Recovery feature is a security enhancement that prevents anyone with console access from accessing the router configuration

More information

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example Table of Contents IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example...1 Document ID: 63881...1 Introduction...1 Prerequisites...2 Requirements...2 Components Used...2 Conventions...2

More information

Basic Router Configuration using SDM

Basic Router Configuration using SDM Basic Router Configuration using SDM Document ID: 71305 Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Interface Configuration NAT Configuration Routing Configuration

More information

How to configure MB5000 Serial Port Bridge mode

How to configure MB5000 Serial Port Bridge mode How to configure MB5000 Serial Port Bridge mode MB5000 has a configurable serial port. With this serial port, MB5000 can be used as DCE device to be connected with Cisco router s console port so that MB5000

More information

CONFIGURATION DU SWITCH

CONFIGURATION DU SWITCH Current configuration : 2037 bytes version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Switch no aaa new-model ip subnet-zero

More information

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates

More information

LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example

LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example Document ID: 26402 Contents Introduction Prerequisites Requirements Components Used Conventions Configure

More information

Lab Configuring Dynamic and Static NAT (Instructor Version Optional Lab)

Lab Configuring Dynamic and Static NAT (Instructor Version Optional Lab) (Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or

More information

This feature was introduced.

This feature was introduced. Feature History Release 12.2(11)T Modification This feature was introduced. This document describes the QSIG for TCL IVR (Tool Language Interactive Voice Response) 2.0 feature in and includes the following

More information

VPN Connection through Zone based Firewall Router Configuration Example

VPN Connection through Zone based Firewall Router Configuration Example VPN Connection through Zone based Firewall Router Configuration Example Document ID: 112051 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

Configuring Network Side ISDN BRI Voice Interface Cards

Configuring Network Side ISDN BRI Voice Interface Cards Configuring Network Side ISDN BRI Voice Interface Cards Document ID: 15415 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Configure the VIC

More information

Lab Configuring Dynamic and Static NAT (Solution)

Lab Configuring Dynamic and Static NAT (Solution) (Solution) Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway Gateway G0/1 192.168.1.1 255.255.255.0 N/A S0/0/1 209.165.201.18 255.255.255.252 N/A ISP S0/0/0 (DCE)

More information

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454 Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454 Document ID: 65122 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Topology

More information

Lab - Configuring a Switch Management Address

Lab - Configuring a Switch Management Address Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway S1 VLAN 1 192.168.1.2 255.255.255.0 N/A PC-A NIC 192.168.1.10 255.255.255.0 N/A Part 1: Configure a Basic Network

More information

#include /opt/cscocnsie/templates/ethernet_setup.cfgtpl. Now, you could centralize all the administration for Ethernet configuration in one file.

#include /opt/cscocnsie/templates/ethernet_setup.cfgtpl. Now, you could centralize all the administration for Ethernet configuration in one file. CHAPTER 12 When creating a template, it is possible to specify variables that will be contextually substituted. Many of these variables are available in the drop-down menu in the Template Editor (see Figure

More information

Lab Designing and Implementing a VLSM Addressing Scheme. Topology. Objectives. Background / Scenario

Lab Designing and Implementing a VLSM Addressing Scheme. Topology. Objectives. Background / Scenario CSNB214 Packet Tracer Lab Designing and Implementing a VLSM Addressing Scheme Topology Objectives Part 1: Examine Network Requirements Part 2: Design the VLSM Address Scheme Part 3: Cable and Configure

More information

Table of Contents. Cisco NAT Order of Operation

Table of Contents. Cisco NAT Order of Operation Table of Contents NAT Order of Operation...1 Document ID: 6209...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...1 NAT Overview...1 NAT Configuration and Output...2

More information

Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example

Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example Document ID: 91193 Contents Introduction Prerequisites Requirements Components Used Conventions Background

More information

Configure Q.SIG PRI Trunks between Call Manager and Avaya S8700/G650 with Unity Voice Mail Integration

Configure Q.SIG PRI Trunks between Call Manager and Avaya S8700/G650 with Unity Voice Mail Integration Configure Q.SIG PRI Trunks between Call Manager and Avaya S8700/G650 with Unity Voice Mail Integration Document ID: 63790 Contents Introduction Prerequisites Requirements Components Used Conventions Test

More information

Configuring Hookflash Relay on FXS/FXO Voice Ports

Configuring Hookflash Relay on FXS/FXO Voice Ports Configuring Hookflash Relay on FXS/FXO Voice Ports Document ID: 15405 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Configure PLAR OPX and

More information

Configuring IOS Server Load Balancing with HTTP Probes in the Dispatched Mode

Configuring IOS Server Load Balancing with HTTP Probes in the Dispatched Mode Configuring IOS Server Load Balancing with HTTP Probes in the Dispatched Mode Document ID: 15055 Contents Introduction Prerequisites Requirements Components Used Conventions Configure HTTP Probes Network

More information

Lab Configuring Basic Switch Settings (Solution)

Lab Configuring Basic Switch Settings (Solution) (Solution) Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway S1 VLAN 99 192.168.1.2 255.255.255.0 192.168.1.1 PC-A NIC 192.168.1.10 255.255.255.0 192.168.1.1

More information

Lab Configuring Basic RIPv2 (Solution)

Lab Configuring Basic RIPv2 (Solution) (Solution) Topology 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 15 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway

More information

Cisco Press CCIE Practical Studies CCIE Practice Lab: Enchilada Solutions

Cisco Press CCIE Practical Studies CCIE Practice Lab: Enchilada Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: LAB Book Chapter Book Page The 18 1161 Overview... 3 Technical Details... 3 Table 54-1:

More information

Assignment Six: Configure Hot Standby Router Protocol. Brian Dwyer. Morrisville State College

Assignment Six: Configure Hot Standby Router Protocol. Brian Dwyer. Morrisville State College Running head: ASSIGNMENT SIX: CONFIGURE HSRP Assignment Six: Configure Hot Standby Router Protocol Brian Dwyer Morrisville State College ASSIGNMENT SIX 1 Brian Dwyer CITA370 2/5/2010 Assignment Six: Configure

More information

Lab Troubleshooting IPv4 and IPv6 Static Routes (Instructor Version Optional Lab)

Lab Troubleshooting IPv4 and IPv6 Static Routes (Instructor Version Optional Lab) (Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or

More information

Multicast Music-on-Hold Support on Cisco UBE

Multicast Music-on-Hold Support on Cisco UBE First Published: July 22, 2011 Last Updated: July 22, 2011 The Multicast Music-on-Hold (MMOH) feature enables you to subscribe to a music streaming service when you are using a Cisco Unified Border Element.

More information

Lab b Standard ACLs Instructor Version 2500

Lab b Standard ACLs Instructor Version 2500 Lab 11.2.1b Standard ACLs Instructor Version 2500 Objective Scenario Plan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were

More information

Configuring Redundant Routing on the VPN 3000 Concentrator

Configuring Redundant Routing on the VPN 3000 Concentrator Configuring Redundant Routing on the VPN 3000 Concentrator Document ID: 13354 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Router Configurations

More information

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example Document ID: 45843 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

Configuring Cisco Prime NAM

Configuring Cisco Prime NAM Cisco SRE NAM has an internal Gigabit Ethernet interface and an external interface. You can use either interface for Prime NAM management traffic such as the NAM web GUI, telnet or ssh, but not both. You

More information

Configuring Authentication Proxy

Configuring Authentication Proxy The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.

More information

Configuring Modem Transport Support for VoIP

Configuring Modem Transport Support for VoIP Configuring Modem Transport Support for VoIP This chapter explains how to configure modem transport support for Voice over IP (VoIP) and contains the following sections: Modem Transport Support Overview,

More information

Lab Managing Router Configuration Files with Terminal Emulation Software

Lab Managing Router Configuration Files with Terminal Emulation Software Lab Managing Router Configuration Files with Terminal Emulation Software Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A

More information

Unified Border Element (CUBE) with Cisco Unified Communications Manager (CUCM) Configuration Example

Unified Border Element (CUBE) with Cisco Unified Communications Manager (CUCM) Configuration Example Unified Border Element (CUBE) with Cisco Unified Communications Manager (CUCM) Configuration Example Document ID: 99863 Contents Introduction Prerequisites Requirements Components Used Conventions Configure

More information

Configuring the Cisco IOS MGCP Gateway

Configuring the Cisco IOS MGCP Gateway Configuring the Cisco IOS MGCP Gateway Document ID: 42105 Contents Introduction Prerequisites Requirements Components Used Conventions Tasks to Perform Step by Step Summary Configurations Troubleshooting

More information

Basic Router Configuration

Basic Router Configuration This section includes information about some basic router configuration, and contains the following sections: Default Configuration, on page 1 Configuring Global Parameters, on page 2 Configuring Gigabit

More information

Configuring a Cisco 827 Router Using PPPoA With CHAP and PAP

Configuring a Cisco 827 Router Using PPPoA With CHAP and PAP Configuring a Cisco 827 Router Using PPPoA With CHAP and PAP Document ID: 12886 Contents Introduction Before You Begin Conventions Prerequisites Components Used Configure Network Diagram PPPoA Using CHAP

More information

Cisco IOS Firewall Authentication Proxy

Cisco IOS Firewall Authentication Proxy Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration

More information

IPsec Anti-Replay Window: Expanding and Disabling

IPsec Anti-Replay Window: Expanding and Disabling IPsec Anti-Replay Window: Expanding and Disabling First Published: February 28, 2005 Last Updated: March 24, 2011 Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker

More information

Cisco Configuring Hub and Spoke Frame Relay

Cisco Configuring Hub and Spoke Frame Relay Table of Contents Configuring Hub and Spoke Frame Relay...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 Configure...1 Network Diagram...2 Configurations...2

More information

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Lab 8.5.2: Troubleshooting Enterprise Networks 2 Lab 8.5.2: Troubleshooting Enterprise Networks 2 Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Fa0/0 192.168.10.1 255.255.255.0 N/A R1 Fa0/1 192.168.11.1 255.255.255.0

More information

Lab Configuring Per-Interface Inter-VLAN Routing (Instructor Version)

Lab Configuring Per-Interface Inter-VLAN Routing (Instructor Version) (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Objectives Device Interface IP Address Subnet Mask

More information

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.

More information

Configuring the Cisco Router and VPN Clients Using PPTP and MPPE

Configuring the Cisco Router and VPN Clients Using PPTP and MPPE Configuring the Cisco Router and VPN Clients Using PPTP and MPPE Document ID: 29781 Contents Introduction Prerequisites Requirements Components Used Network Diagram Conventions PPTP Router Configuration

More information

Cisco Press CCIE Practical Studies CCIE Practice Lab: Skynet Solutions

Cisco Press CCIE Practical Studies CCIE Practice Lab: Skynet Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: Overview... 3 Technical Details... 3 Table 51-1: Names and Interfaces used... 3 Lab

More information

Configuring Catalyst Switches for Polycom Conference Phones

Configuring Catalyst Switches for Polycom Conference Phones Configuring Catalyst Switches for Polycom Conference Phones Document ID: 97229 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Background Information Configure

More information

Integrated Voice and Data WAN on T1 E1 Interfaces

Integrated Voice and Data WAN on T1 E1 Interfaces Integrated Voice and Data WAN on T1 E1 Interfaces This chapter describes how to implement the Integrated Voice and Data WAN on T1/E1 Interfaces with the AIM-ATM-VOICE-30 Module feature. This card provides

More information

Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router)

Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router) Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router) Call Direct Document version 1.4 Last updated 17 December, 2010 support@call-direct.com.au Loading IPSec To support IPSec

More information

Configuring the Eight-Port FXS RJ-21 Module

Configuring the Eight-Port FXS RJ-21 Module CHAPTER 7 Configuring the Eight-Port FXS RJ-21 Module The Eight-port RJ-21 FXS Module is a high-density analog phone and fax relay interface. By providing service to analog phones and fax machines, the

More information

User and System Administration

User and System Administration CHAPTER 2 This chapter provides information about performing user and system administration tasks and generating diagnostic information for obtaining technical assistance. The top-level Admin window displays

More information

IPsec Anti-Replay Window Expanding and Disabling

IPsec Anti-Replay Window Expanding and Disabling IPsec Anti-Replay Window Expanding and Disabling Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence

More information

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab) (Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or

More information

Lab Configuring Per-Interface Inter-VLAN Routing (Solution)

Lab Configuring Per-Interface Inter-VLAN Routing (Solution) (Solution) Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/0 192.168.20.1 255.255.255.0 N/A G0/1 192.168.10.1 255.255.255.0 N/A S1 VLAN 10 192.168.10.11

More information

Lab Guide 1 - Basic Configuration and Interface Configuration

Lab Guide 1 - Basic Configuration and Interface Configuration IXP Workshop Lab Lab Guide 1 - Basic Configuration and Interface Configuration Objective: All the workshop lab routers are set to the default configuration and cabling requirements are prebuild according

More information

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives

More information

Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with E1 PRI NET5 Signaling

Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with E1 PRI NET5 Signaling Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with E1 PRI NET5 Signaling This document describes the interoperability and configuration of a Cisco 2621 voice gateway with a Lucent/Avaya

More information

Abstract. CRK; Reviewed: WCH/MIC 2/24/2003. Solution & Interoperability Test Lab Application Notes 2003 Avaya Inc. All Rights Reserved.

Abstract. CRK; Reviewed: WCH/MIC 2/24/2003. Solution & Interoperability Test Lab Application Notes 2003 Avaya Inc. All Rights Reserved. Configuring the Avaya IP403 Office Server, Avaya IP600 Internet Protocol Communication Server, and Cisco Routers for T1 / PPP and Frame-Relay Connectivity Issue 1.1 Abstract These Application Notes describe

More information

Bi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] Ken Fritz (PSS)

Bi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] Ken Fritz (PSS) Bi-directional ADN Deployment Using WCCP with Reflect Client IP [Configuration Sample] February 17, 2011 Ken Fritz (PSS) Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of

More information

Configure IOS-XE to display full show running-config for users with low Privilege Levels

Configure IOS-XE to display full show running-config for users with low Privilege Levels Configure IOS-XE to display full show running-config for users with low Privilege Levels Contents Introduction Prerequisites Requirements Components Used Configuration Problem Configuration Solution and

More information

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP Document ID: 6306 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information How V.120 Affects

More information

PIX/ASA 7.x and Later : Easy VPN with Split Tunneling ASA 5500 as the Server and Cisco 871 as the Easy VPN Remote Configuration Example

PIX/ASA 7.x and Later : Easy VPN with Split Tunneling ASA 5500 as the Server and Cisco 871 as the Easy VPN Remote Configuration Example PIX/ASA 7.x and Later : Easy VPN with Split Tunneling ASA 5500 as the Server and Cisco 871 as the Easy VPN Remote Configuration Example Document ID: 68815 Contents Introduction Prerequisites Requirements

More information

Lab 7 Configuring Basic Router Settings with IOS CLI

Lab 7 Configuring Basic Router Settings with IOS CLI Lab 7 Configuring Basic Router Settings with IOS CLI Objectives Part 1: Set Up the Topology and Initialize Devices Cable equipment to match the network topology. Initialize and restart the router and switch.

More information

Fractional DS3. Version: 400. Copyright ImageStream Internet Solutions, Inc., All rights Reserved.

Fractional DS3. Version: 400. Copyright ImageStream Internet Solutions, Inc., All rights Reserved. Version: 400 Copyright 2007-2010 ImageStream Internet Solutions, Inc., All rights Reserved. Table of Contents Fractional DS3...1 Configuration for Fractional DS3 Point-to-Point...1 Before You Start...1

More information

Configuring IOS to IOS IPSec Using AES Encryption

Configuring IOS to IOS IPSec Using AES Encryption Configuring IOS to IOS IPSec Using AES Encryption Document ID: 43069 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Configurations Verify Troubleshoot Troubleshooting

More information

GSS Administration and Troubleshooting

GSS Administration and Troubleshooting CHAPTER 9 GSS Administration and Troubleshooting This chapter covers the procedures necessary to properly manage and maintain your GSSM and GSS devices, including login security, software upgrades, GSSM

More information

Default Gateway Fa0/ N/A. Device Interface IP Address Subnet Mask

Default Gateway Fa0/ N/A. Device Interface IP Address Subnet Mask Felix Rohrer Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway Fa0/1 10.0.0.1 255.255.255.128 N/A S0/0/0 172.16.0.1 255.255.255.252 N/A S0/0/1 172.16.0.9 255.255.255.252

More information

Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with T1 PRI Signaling

Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with T1 PRI Signaling Cisco 2621 Gateway-PBX Interoperability: Lucent/Avaya Definity G3si with T1 PRI Signaling This document describes the interoperability and configuration of a Cisco 2621 voice gateway with a Lucent/Avaya

More information

LANE, CES, and VBR PVCs in Shaped VP Tunnels

LANE, CES, and VBR PVCs in Shaped VP Tunnels LANE, CES, and VBR PVCs in Shaped VP Tunnels Document ID: 10493 Contents Introduction Prerequisites Requirements Components Used Conventions Assumptions Configure Network Diagram Configurations Troubleshoot

More information

Sample Business Ready Branch Configuration Listings

Sample Business Ready Branch Configuration Listings APPENDIX A Sample Business Ready Branch Configuration Listings The following is a sample configuration of a Business Ready Branch. There are many permutations of feature combinations when setting up the

More information

Cisco Press CCIE Practical Studies CCIE Practice Lab: Darth Reid Solutions

Cisco Press CCIE Practical Studies CCIE Practice Lab: Darth Reid Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: Solutions Cisco Press CCIE Practical Studies CCIE Practice Lab: LAB Book Chapter Book Page 18 1143 Overview... 3 Technical Details... 3 Table 52-1:

More information

Troubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture)

Troubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture) Lab 1 Wireshark Wireshark is an open source and free packet analyser used for many purposes, such as: Troubleshooting Network analysis Software communication tests and development Education This reports

More information

1. Which OSI layers offers reliable, connection-oriented data communication services?

1. Which OSI layers offers reliable, connection-oriented data communication services? CCNA 1 Practice Final Exam Answers v4.0 100% 1. Which OSI layers offers reliable, connection-oriented data communication services? application presentation session transport network 2. Refer to the exhibit.

More information

Configuring FXS Ports for Basic Calls

Configuring FXS Ports for Basic Calls Configuring FXS Ports for Basic Calls First Published: October 2, 2008 Last updated: March 19, 2010 This module describes how to configure analog Foreign Exchange Station (FXS) ports on a Cisco Integrated

More information

Lab - Troubleshooting VLAN Configurations (Instructor Version Optional Lab)

Lab - Troubleshooting VLAN Configurations (Instructor Version Optional Lab) (Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or

More information

Configuring Secure (Router) Mode on the Content Switching Module

Configuring Secure (Router) Mode on the Content Switching Module Configuring Secure (Router) Mode on the Content Switching Module Document ID: 5448 Contents Introduction Before You Begin Conventions Prerequisites Components Used Operation Mode Network Diagram Configurations

More information

ord Recovery Procedure for the Cisco Catalyst 8510 Multiserv

ord Recovery Procedure for the Cisco Catalyst 8510 Multiserv ord Recovery Procedure for the Cisco Catalyst 8510 Multiserv Table of Contents Password Recovery Procedure for the Cisco Catalyst 8510 Multiservice Switch Router...1 Introduction...1 Before You Begin...1

More information

Lab Configuring Port Address Translation (PAT) (Instructor Version)

Lab Configuring Port Address Translation (PAT) (Instructor Version) (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Objectives Device Interface IP Address Subnet Mask

More information

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing (Instructor Version Optional Lab)

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing (Instructor Version Optional Lab) (Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or

More information