CCNA Security PT Practice SBA
|
|
- Angel Carter
- 5 years ago
- Views:
Transcription
1 A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done. It will close automatically. 3. Click the Submit Assessment button to submit your work. Introduction In this practice Packet Tracer Skills Based Assessment, you will: configure basic device hardening and secure network management configure a CBAC firewall to implement security policies configure devices to protect against STP attacks and to enable broadcast storm control configure port security and disable unused switch ports configure an IOS IPS configure a ZPF to implement security policies configure a site-to-site IPsec VPN Addressing Table Device Interface IP Address Subnet Mask Gateway DNS server Internet CORP Branch External S0/0/ n/a n/a S0/0/ n/a n/a S0/1/ n/a n/a Fa0/ n/a n/a S0/0/ n/a n/a Fa0/ n/a n/a Fa0/ n/a n/a Fa0/ n/a n/a Fa0/ n/a n/a S0/0/ n/a n/a Fa0/ n/a n/a S0/0/ n/a n/a Fa0/ n/a n/a Public Svr NIC n/a External Web Svr NIC External PC NIC NTP/Syslog Svr NIC DMZ DNS Svr NIC DMZ Web Svr NIC PC0 NIC PC1 NIC Net Admin NIC Admin PC NIC All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5
2 Note: Appropriate verification procedures should be taken after each configuration task to ensure that it has been properly implemented. Step 1: Configure Basic Device Hardening for the CORP Router. a. Configure the CORP router to only accept passwords with a minimum length of 10 characters. b. Configure an encrypted privileged level password of ciscoclass. c. Enable password encryption for all clear text passwords in the configuration file. d. Configure the console port and all vty lines with the following requirements: Note: CORP is already configured with the username CORPADMIN and the secret password ciscoccnas. use the local database for login disconnect after being idle for 20 minutes e. Disable the CDP protocol only on the link to the Internet router. Step 2: Configure Secure Network Management for the CORP Router. a. Enable the CORP router: as an NTP client to the NTP/Syslog server to update the router calendar (hardware clock) from the NTP time source to timestamp log messages to send logging messages to the NTP/Syslog server b. Configure the CORP router to accept SSH connections. Use the following guidelines: Note: CORP is already configured with the username SSHAccess and the secret password ciscosshaccess. domain name is theccnas.com RSA encryption key pair using a modulus of 1024 SSH version 2, timeout of 90 seconds, and 2 authentication retries all vty lines accept only SSH connections c. Configure the CORP router with AAA authentication and verify its functionality: AAA authentication using the local database as the default for console line and vty lines access Step 3: Configure Device Hardening for Switch1. a. Access Switch1 with username CORPADMIN, password ciscoccnas, and the enable secret password of ciscoclass. b. Enable storm control for broadcasts on FastEthernet 0/24 with a 50 percent rising suppression level. c. Configure Switch1 to protect against STP attacks. Configure PortFast on FastEthernet ports 0/1 to 0/23. Enable BPDU guard on FastEthernet ports 0/1 to 0/23. All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5
3 d. Configure port security and disable unused ports. Set the maximum number of learned MAC addresses to 2 on FastEthernet ports 0/1 to 0/23. Allow the MAC address to be learned dynamically and to shutdown the port if a violation occurs. Disable unused ports (Fa0/2-5, Fa0/7-10, Fa0/13-23). Step 4: Configure an IOS IPS on the CORP Router. a. On the CORP router, create a directory in flash named ipsdir. b. Configure the IPS signature storage location to be flash:ipsdir. c. Create an IPS rule named corpips. d. Configure the IOS IPS to use the signature categories. Retire the all signature category and unretire the ios_ips basic category. e. Apply the IPS rule to the Fa0/0 interface. f. Modify the ios_ips basic category. Unretire the echo request signature (signature 2004, subsig 0); enable the signature; modify the signature event-action to produce an alert and to deny packets that match the signature. g. Verify that IPS is working properly. Net Admin in the internal network cannot ping DMZ Web Svr. DMZ Web Svr, however, can ping Net Admin. Step 5: Configure ACLs and CBAC on the CORP Router to Implement the Security Policy. a. Create ACL 12 to implement the security policy regarding the access to the vty lines: Only users connecting from Net Admin and Admin PC are allowed access to the vty lines. b. Create, apply, and verify an extended named ACL (named DMZFIREWALL) to filter incoming traffic to the DMZ. The ACL should be created in the order specified in the following guidelines (Please note, the order of ACL statements is significant only because of the scoring need in Packet Tracer.): 1. HTTP traffic is allowed to DMZ Web Svr. 2. DNS traffic (both TCP and UDP) is allowed to DMZ DNS Svr. 3. All traffic from /24 is allowed to enter the DMZ. 4. FTP traffic from the Branch administrator workstation is allowed to DMZ Web Svr. c. To verify the DMZFIREWALL ACL, complete the following tests: Admin PC in the branch office can access the URL Admin PC can open an FTP session to the DMZ Web Svr with the username cisco and the password cisco; PCB1 cannot open an FTP session to the DMZ Web Svr. Net Admin can open an FTP session to the DMZ Web Svr with the username cisco and the password cisco; and PC1 cannot open an FTP session to the DMZ Web Svr. All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 5
4 d. Create, apply, and verify an extended named ACL (named INCORP) to control access from the Internet into the CORP router. The ACL should be created in the order specified in the following guidelines (Please note, the order of ACL statements is significant only because of the scoring need in Packet Tracer.): 1. Allow HTTP traffic to the DMZ Web Svr. 2. Allow DNS traffic (both TCP and UDP) to the DMZ DNS Svr. 3. Allow SSH traffic from the Branch Office administrator workstation to the Serial 0/0/0 interface on the CORP router. 4. Allow IP traffic from the Branch router serial interface into the CORP router serial interface. 5. Allow IP traffic from the Branch Office LAN to the public IP address range that is assigned to the CORP site ( /28). e. To verify the INCORP ACL, complete the following tests: Admin PC in the branch office can access the URL Admin PC can establish an SSH connection to the CORP router ( ) with the username SSHAccess and password ciscosshaccess PCB1 cannot establish an SSH connection to the CORP router ( ); and External PC cannot establish an SSH connection to the CORP router ( ). f. Create and apply a CBAC inspection rule (named INTOCORP) to inspect ICMP, TCP, and UDP traffic between the CORP internal network and any other network. g. Enable CBAC audit messages to be sent to the syslog server. h. Verify the CBAC firewall configuration. PC1 can access the External Web Svr ( PC1 can establish an SSH connection to the External router with username SSHadmin and password ciscosshpa55. Admin PC in the Branch office can establish an SSH connection to the CORP router with the username SSHAccess and password ciscosshaccess. Step 6: Configure a Zone-Based Policy Firewall on the Branch Router. a. Access the Branch router with username CORPADMIN, password ciscoccnas and the enable secret password of ciscoclass. b. On the Branch router, create the firewall zones. Create an internal zone named BR-IN-ZONE. Create an external zone named BR-OUT-ZONE. c. Define a traffic class and access list. Create an ACL (ACL 110) to permit all protocols from the /27 network to any destination. Create a class map using the option of class map type inspect with the match-all keyword. Match the ACL 110 and name the class map BR-IN-CLASS-MAP. d. Specify firewall policies. Create a policy map named BR-IN-OUT-PMAP. Use the BR-IN-CLASS-MAP class map. Specify the action of inspect for this policy map. All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5
5 e. Apply the firewall. Create a pair of zones named IN-OUT-ZPAIR with the source as BR-IN-ZONE and destination as BR-OUT-ZONE. Specify the policy map BR-IN-OUT-PMAP for handling the traffic between the two zones. Assign interfaces to the appropriate security zones. f. Verify the ZPF configuration. The Admin PC in the Branch office can access the URLs and The Admin PC in the Branch office can ping the External PC ( ). External PC cannot ping the Admin PC in the Branch office ( ). The Admin PC in Branch office can establish an SSH connection to the CORP router with the username SSHAccess and password ciscosshaccess. If you get the Corp> prompt, then your configuration is correct. Step 7: Configure a Site-to-Site IPsec VPN between the CORP router and the Branch Router. The following tables list the parameters for the ISAKMP Phase 1 Policy and IPsec Phase 2 Policy: ISAKMP Phase 1 Policy Parameters ISAKMP Phase 2 Policy Parameters Key Distribution Method ISAKMP Parameters CORP Router Branch Router Encryption Algorithm AES Transform Set Name VPN-SET VPN-SET Number of Bits 256 Transform Set esp-3des esp-sha-hmac Hash Algorithm SHA-1 Peer Host Name Branch CORP esp-3des esp-sha-hmac Authentication Method Pre-share Peer IP Address Key Exchange DH 2 Encrypted Network / /27 IKE SA Lifetime Crypto Map Name VPN-MAP VPN-MAP ISAKMP Key Vpnpass101 SA Establishment ipsec-isakmp ipsec-isakmp a. Configure an ACL (ACL 120) on the CORP router to identify the interesting traffic. The interesting traffic is all IP traffic between the two LANs ( /28 and /27). b. Configure the ISAKMP Phase 1 properties on the CORP router. The crypto ISAKMP policy is 10. Refer to the ISAKMP Phase 1 Policy Parameters Table for the specific details needed. c. Configure the ISAKMP Phase 2 properties on the CORP router. Refer to the ISAKMP Phase 2 Policy Parameters Table for the specific details needed. d. Bind the VPN-MAP crypto map to the outgoing interface. e. Configure IPsec parameters on the Branch router using the same parameters as on the CORP router. Note that interesting traffic is defined as the IP traffic from the two LANs. f. Save the running-config, then reload both CORP and Branch routers. g. Verify the VPN configuration by conducting an FTP session with the username cisco and the password cisco from the Admin PC to the DMZ Web Svr. On the Branch router, check that the packets are encrypted. To exit the FTP session, type quit. Last updated: September 2012 All contents are Copyright Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5
CCNA Security 1.0 Student Packet Tracer Manual
1.0 Student Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationCCNA Security Instructor Packet Tracer Manual
1.0.1 Instructor Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use
More informationPacket Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI
Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI Topology Addressing Table R1 R2 R3 Device Interface IP Address Subnet Mask Default Gateway Switch Port G0/0 192.168.1.1 255.255.255.0
More informationTeacher s Reference Manual
UNIVERSITY OF MUMBAI Teacher s Reference Manual Subject: Security in Computing Practical with effect from the academic year 2018 2019 Practical 1: Packet Tracer - Configure Cisco Routers for Syslog, NTP,
More informationPT Activity: Configuring a Zone-Based Policy Firewall (ZPF)
PT Activity: Configuring a Zone-Based Policy Firewall (ZPF) Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 R2 R3 Fa0/1 192.168.1.1 255.255.255.0
More informationInternet. SonicWALL IP Cisco IOS IP IP Network Mask
Prepared by SonicWALL, Inc. 9/20/2001 Introduction: VPN standards are still evolving and interoperability between products is a continued effort. SonicWALL has made progress in this area and is interoperable
More informationPacket Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version)
Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version) Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All
More informationCCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationEIGRP Practice Skills Assessment - Packet Tracer
CCNA Routing and Switching Scaling Networks EIGRP Practice Skills Assessment - Packet Tracer A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close
More informationLab Configuring and Verifying Extended ACLs Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationChapter 11 - CCNA Security Comprehensive Lab
Chapter 11 - Comprehensive Lab This lab has been updated for use on NETLAB+ Topology 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 18 IP Addressing Table
More information1.1 Configuring HQ Router as Remote Access Group VPN Server
Notes: 1.1 Configuring HQ Router as Remote Access Group VPN Server Step 1 Enable AAA model for local and remote access authentication. AAA will prompt extended authentication for remote access group VPN
More informationChapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS
Chapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2017 Cisco and/or its affiliates. All rights
More informationPacket Tracer - Skills Integration Challenge Topology
Packet Tracer - Skills Integratin Challenge Tplgy 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 1 f 6 Packet Tracer - Skills Integratin Challenge Addressing Table
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationCisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
More informationVPN Connection through Zone based Firewall Router Configuration Example
VPN Connection through Zone based Firewall Router Configuration Example Document ID: 112051 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationNetwork security session 9-2 Router Security. Network II
Network security session 9-2 Router Security Network II Router security First line of defense of the network Compromise of a router can lead to many issues: Denial of network services Degrading of network
More informationLab - Troubleshooting ACL Configuration and Placement Topology
Topology 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway HQ G0/1 192.168.1.1
More informationco Configuring PIX to Router Dynamic to Static IPSec with
co Configuring PIX to Router Dynamic to Static IPSec with Table of Contents Configuring PIX to Router Dynamic to Static IPSec with NAT...1 Introduction...1 Configure...1 Components Used...1 Network Diagram...1
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationCradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions
Cradlepoint to Palo Alto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Palo Alto firewall. IPSec is customizable on both the Cradlepoint
More informationChapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls
Chapter 4 Lab A: Configuring CBAC and Zone-Based Firewalls Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of Fast Ethernet Interfaces. IP Addressing Table Device Interface IP Address
More informationLab Securing Network Devices
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 PC-A NIC 192.168.1.3
More informationLab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP
CCNA Security Lab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP Topology Note: ISR G2 devices use GigabitEthernet interfaces instead of FastEthernet Interfaces. 2015 Cisco and/or its affiliates.
More informationTechnology Scenarios. INE s CCIE Security Bootcamp - 1 -
INE s CCIE Security Bootcamp For CCIE v3.0-1 - - 2 - Lab Physical Cabling Fa0/0 Fa0/1 Fa0/0 S1/2 S1/3 R3 S1/0 S1/1 Fa0/0 R1 S0/0 S0/1 S0/1 R2 S0/0 Ethernet Fa0/0 Fa0/1 BB3 Serial Frame-Relay S0/0 R4 S0/1
More informationLab Configure Cisco IOS Firewall CBAC on a Cisco Router
Lab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab, students
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 7, 2013 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationCisco Exam Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ]
s@lm@n Cisco Exam 210-260 Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ] Cisco 210-260 : Practice Test Question No : 1 When an IPS detects an attack, which action can the IPS
More informationLab Configuring Switch Security Features Topology
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 172.16.99.1 255.255.255.0 N/A S1 VLAN 99 172.16.99.11 255.255.255.0 172.16.99.1 PC-A NIC 172.16.99.3
More informationIPsec Anti-Replay Window Expanding and Disabling
IPsec Anti-Replay Window Expanding and Disabling Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence
More informationChapter 8: Lab B: Configuring a Remote Access VPN Server and Client
Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1 192.168.1.1 255.255.255.0 N/A
More informationLab - Examining Telnet and SSH in Wireshark
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 Part 1: Configure the Devices
More informationUniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL
UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL Contents: UniNets CCNA Security LAB MANUAL Section 1 Securing Layer 2 Lab 1-1 Configuring Native VLAN on a Trunk Links Lab 1-2 Disabling
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 18, 2012 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationSample Business Ready Branch Configuration Listings
APPENDIX A Sample Business Ready Branch Configuration Listings The following is a sample configuration of a Business Ready Branch. There are many permutations of feature combinations when setting up the
More informationMediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR)
Configuration Guide AudioCodes Family of Multi-Service Business Routers (MSBR) Mediant MSBR Security Setup Version 6.8 Version 6.8 May 2014 Document # LTRT-31640 Configuration Guide Contents Table of
More informationLoading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router)
Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router) Call Direct Document version 1.4 Last updated 17 December, 2010 support@call-direct.com.au Loading IPSec To support IPSec
More informationCCNA 1 Final Exam Answers UPDATE 2012 eg.2
CCNA 1 Final Exam Answers UPDATE 2012 eg.2 January 12th, 2012AdminLeave a commentgo to comments 1. When must a router serial interface be configured with the clock rate command? when the interface is functioning
More informationLab 7 Configuring Basic Router Settings with IOS CLI
Lab 7 Configuring Basic Router Settings with IOS CLI Objectives Part 1: Set Up the Topology and Initialize Devices Cable equipment to match the network topology. Initialize and restart the router and switch.
More informationInspection of Router-Generated Traffic
Inspection of Router-Generated Traffic The Inspection of Router-Generated Traffic feature allows Context-Based Access Control (CBAC) to inspect traffic that is originated by or destined to the router on
More informationPT Activity: Configure AAA Authentication on Cisco Routers
PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2
More informationConfiguring a VPN Using Easy VPN and an IPSec Tunnel, page 1
Configuring a VPN Using Easy VPN and an IPSec Tunnel This chapter provides an overview of the creation of Virtual Private Networks (VPNs) that can be configured on the Cisco 819, Cisco 860, and Cisco 880
More informationThis document is intended to give guidance on how to read log entries from a Cisco PIX / ASA. The specific model in this case was a PIX 501.
1.0 Overview This document is intended to give guidance on how to read log entries from a Cisco PIX / ASA. The specific model in this case was a PIX 501. 2.0 PIX Config The following is the PIX config
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationQuick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016
Quick Note Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions...
More informationAutoSecure. Finding Feature Information. Last Updated: January 18, 2012
AutoSecure Last Updated: January 18, 2012 The AutoSecure feature secures a router by using a single CLI command to disable common IP services that can be exploited for network attacks, enable IP services
More informationDeploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels
Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)
More informationConfiguring Management Access
37 CHAPTER This chapter describes how to access the ASA for system management through Telnet, SSH, and HTTPS (using ASDM), how to authenticate and authorize users, how to create login banners, and how
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 642-504 Title : Securing Networks with Cisco Routers and Switches Vendors
More information1. Which OSI layers offers reliable, connection-oriented data communication services?
CCNA 1 Practice Final Exam Answers v4.0 100% 1. Which OSI layers offers reliable, connection-oriented data communication services? application presentation session transport network 2. Refer to the exhibit.
More informationTable of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example
Table of Contents IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example...1 Document ID: 63881...1 Introduction...1 Prerequisites...2 Requirements...2 Components Used...2 Conventions...2
More informationPT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram
Topology Diagram All contents are Copyright 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6 Addressing Table Device Interface IP Address Subnet Mask
More informationLab Using the CLI to Gather Network Device Information Topology
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A Lo0 209.165.200.225 255.255.255.224 N/A S1 VLAN 1 192.168.1.11 255.255.255.0
More informationLab 9: VPNs IPSec Remote Access VPN
Lab 9: VPNs IPSec Remote Access VPN Rich Macfarlane 2015 Aim: Details The aim of this lab is to introduce Virtual Private Network (VPN) concepts, using an IPSec remote access VPN between a remote users
More informationSkills Assessment Student Training
Skills Assessment Student Training Topology Assessment Objectives Part 1: Initialize Devices (6 points, 5 minutes) Part 2: Configure Device Basic Settings (33 points, 20 minutes) Part 3: Configure Switch
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationConfiguring a Hub & Spoke VPN in AOS
June 2008 Quick Configuration Guide Configuring a Hub & Spoke VPN in AOS Configuring a Hub & Spoke VPN in AOS Introduction The traditional VPN connection is used to connect two private subnets using a
More informationLAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example
LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example Document ID: 26402 Contents Introduction Prerequisites Requirements Components Used Conventions Configure
More informationL2TP IPsec Support for NAT and PAT Windows Clients
L2TP IPsec Support for NAT and PAT Windows Clients The L2TP IPsec Support for NAT and PAT Windows Clients feature allows mulitple Windows client to connect to an IPsec-enabled Cisco IOS Layer 2 Tunneling
More informationexam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)
100-105.exam Number: 100-105 Passing Score: 800 Time Limit: 120 min CISCO 100-105 Interconnecting Cisco Networking Devices Part 1 (ICND) Exam A QUESTION 1 Which route source code represents the routing
More informationI N D E X. Numerics. 3DES (triple Data Encryption Standard), 199
I N D E X Numerics A 3DES (triple Data Encryption Standard), 199 AAA (Authentication, Authorization, and Accounting), 111 114, 236 configuring, 114, 144 145 CSACS, 116 122 floodguard, 168 169 servers,
More informationSkills Assessment Student Practice
Skills Assessment Student Practice Topology Assessment Objectives Part 1: Develop the IPv4 Address Scheme (15 points, 20 minutes) Part 2: Initialize and Reload Devices (10 points, 5 minutes) Part 3: Configure
More informationLab Configuring and Verifying Standard IPv4 ACLs Topology
Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 10 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationIPsec Anti-Replay Window: Expanding and Disabling
IPsec Anti-Replay Window: Expanding and Disabling First Published: February 28, 2005 Last Updated: March 24, 2011 Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker
More informationNote that you can also use the password command but the secret command gives you a better encryption algorithm.
Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the
More informationCisco ASA 5500 LAB Guide
INGRAM MICRO Cisco ASA 5500 LAB Guide Ingram Micro 4/1/2009 The following LAB Guide will provide you with the basic steps involved in performing some fundamental configurations on a Cisco ASA 5500 series
More informationThis document is a tutorial related to the Router Emulator which is available at:
Introduction This document is a tutorial related to the Router Emulator which is available at: http://www.dcs.napier.ac.uk/~bill/router.html A demo is also available at: http://www.dcs.napier.ac.uk/~bill/router_demo.htm
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0 Module 1: Intrusion Detection and Prevention Technology 1.1 Overview of Intrusion
More informationSupport for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.
Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only. Transparently Routing Web Traffic to the Barracuda Web Security Gateway This article demonstrates
More informationDefining IPsec Networks and Customers
CHAPTER 4 Defining the IPsec Network Elements In this product, a VPN network is a unique group of targets; a target can be a member of only one network. Thus, a VPN network allows a provider to partition
More informationStudy Guide. Using ACLs to Secure Networks
CHAPTER 5 ACLs The Study Guide portion of this chapter uses a combination of matching, multiple-choice, and open-ended question exercises to test your knowledge of the various types of access control lists
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Site-to-Site VPN Configuration between Avaya SG208 Security Gateway, Enterasys XSR-1805 Security Router, and Cisco VPN 3000 Concentrator using AES-128, Perfect
More informationCyberPatriot Packet Tracer Tool Kit
CyberPatriot Packet Tracer Tool Kit https://www.uscyberpatriot.org/competition/training-materials/training-modules https://www.netacad.com/ http://www.uscyberpatriot.org/documents/training%20documents/cyberpatriot%20route
More informationSecurity Hardening Checklist for Cisco Routers/Switches in 10 Steps
Security Hardening Checklist for Cisco Routers/Switches in 10 Steps Network infrastructure devices (routers, switches, load balancers, firewalls etc) are among the assets of an enterprise that play an
More informationLab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)
(Instructor Version Optional Lab) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or
More informationViewing Router Information
CHAPTER39 The Cisco Router and Security Device Manager (Cisco SDM) Monitor mode lets you view a current snapshot of information about your router, the router interfaces, the firewall, and any active VPN
More informationSkills Assessment. CCNA Routing and Switching: Connecting Networks. Topology. Assessment Objectives. Scenario
Skills Assessment Topology Assessment Objectives Part 1: Configure Device Basic Settings (15 points, 15 minutes) Part 2: Configure PPP Connections (20 points, 10 minutes) Part 3: Configure IPv4 ACL for
More informationCisco Exam Questions & Answers
Cisco 300-209 Exam Questions & Answers Number: 300-209 Passing Score: 800 Time Limit: 120 min File Version: 35.4 http://www.gratisexam.com/ Exam Code: 300-209 Exam Name: Implementing Cisco Secure Mobility
More informationConfiguring LAN-to-LAN IPsec VPNs
CHAPTER 28 A LAN-to-LAN VPN connects networks in different geographic locations. The ASA 1000V supports LAN-to-LAN VPN connections to Cisco or third-party peers when the two peers have IPv4 inside and
More informationVirtual Private Network. Network User Guide. Issue 05 Date
Issue 05 Date 2018-03-30 Contents Contents 1 Overview... 1 1.1 Concepts... 1 1.1.1 VPN... 1 1.1.2 IPsec VPN...1 1.2 Application Scenarios...2 1.3 Billing Standards... 3 1.4 VPN Reference Standards and
More informationCCNA 4 PRAKTISK PRØVE NOTER
CCNA 4 PRAKTISK PRØVE NOTER Af Adam Andersen TEC CISCO Indhold PPP with Authentication... 2 Configure PPP PAP / CHAP Authentication... 2 Multi link... 2 Debug serial / PPP... 2 Configure Static/Dynamic
More informationConfiguration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example
Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Document ID: 113337 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration
More informationGoogle Cloud VPN Interop Guide
Google Cloud VPN Interop Guide Using Cloud VPN With Cisco ASA Courtesy of Cisco Systems, Inc. Unauthorized use not permitted. Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or
More informationfirewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name
firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal"
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Time: 20 minutes Given an IP address and mask of (address / mask), design an IP addressing scheme that satisfies the following requirements. Network address/mask
More informationLab Configuring and Verifying Standard ACLs Topology
Topology 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 9 Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.10.1
More informationDevice Interface IP Address Subnet Mask Default Gateway
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway BRANCH HQ ISP Fa0/0 172.20.1.129 255.255.255.128 N/A S0/0/0 172.20.1.1 255.255.255.128 N/A Fa0/0 172.20.0.129 255.255.255.128
More informationChapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION
CCNPv7.1 SWITCH Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION Topology Objectives Background Secure the server farm using private VLANs. Secure the staff VLAN from the student VLAN. Secure the
More informationConfiguring IPsec and ISAKMP
CHAPTER 61 This chapter describes how to configure the IPsec and ISAKMP standards to build Virtual Private Networks. It includes the following sections: Tunneling Overview, page 61-1 IPsec Overview, page
More informationLAN-to-LAN IPsec VPNs
A LAN-to-LAN VPN connects networks in different geographic locations. You can create LAN-to-LAN IPsec connections with Cisco peers and with third-party peers that comply with all relevant standards. These
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 640-554 Title : Implementing Cisco IOS Network Security (IINS v2.0) Vendor : Cisco Version
More informationNetwork Security CSN11111
Network Security CSN11111 VPN part 2 12/11/2010 r.ludwiniak@napier.ac.uk Five Steps of IPSec Step 1 - Interesting Traffic Host A Router A Router B Host B 10.0.1.3 10.0.2.3 Apply IPSec Discard Bypass IPSec
More informationImplementing Traffic Filters and Firewalls for IPv6 Security
Implementing Traffic Filters and Firewalls for IPv6 Security Last Updated: August 1, 2012 This module describes how to configure Cisco IOS IPv6 traffic filter and firewall features for your Cisco networking
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More information