CCNA 4 PRAKTISK PRØVE NOTER

Similar documents
Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI

Skills Assessment Student Training Exam

L2TP IPsec Support for NAT and PAT Windows Clients

CCNA Security 1.0 Student Packet Tracer Manual

Pre-Fragmentation for IPSec VPNs

Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall

Configuration Summary

IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example

Configuring a VPN Using Easy VPN and an IPSec Tunnel, page 1

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example

1.1 Configuring HQ Router as Remote Access Group VPN Server

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

CCNA Security PT Practice SBA

Chapter 7. IP Addressing Services. IP Addressing Services. Part I

CCNP TSHOOT. Quick Reference Sheet Exam

IPsec Anti-Replay Window Expanding and Disabling

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Network Security 2. Module 4 Configure Site-to-Site VPN Using Pre-Shared Keys

Chapter 6: Infrastructure Services

Configuring LAN-to-LAN IPsec VPNs

co Configuring PIX to Router Dynamic to Static IPSec with

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

This document is intended to give guidance on how to read log entries from a Cisco PIX / ASA. The specific model in this case was a PIX 501.

Configuring IOS to IOS IPSec Using AES Encryption

Lab - Configuring a Site-to-Site VPN Using Cisco IOS and CCP

Cisco IOS Firewall Authentication Proxy

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Network Security CSN11111

Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example

Chapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Lab Configuring Port Address Translation (PAT) (Instructor Version)

Feature-by-Feature Router Configurations

Static VTI R1: (previous tunnel 0 config remains the same)

IPv6 over IPv4 GRE Tunnel Protection

Sample Business Ready Branch Configuration Listings

Configuring PPP over Ethernet with NAT

VPN Connection through Zone based Firewall Router Configuration Example

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example

Securizarea Calculatoarelor și a Rețelelor 28. Implementarea VPN-urilor IPSec Site-to-Site

Skills Assessment. CCNA Routing and Switching: Connecting Networks. Topology. Assessment Objectives. Scenario

Securizarea Calculatoarelor și a Rețelelor 29. Monitorizarea și depanarea VPN-urilor IPSec Site-to-Site

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

Note that you can also use the password command but the secret command gives you a better encryption algorithm.

Contents. Introduction. Prerequisites. Background Information

IPsec Management Configuration Guide Cisco IOS Release 12.4T

Lab Configuring Dynamic and Static NAT (Solution)

LAN-to-LAN IPsec VPNs

Configure ISDN Connectivity between Remote Sites

Cisco Virtual Office: Easy VPN Deployment Guide

PPP over Frame Relay

Lab Configuring Dynamic and Static NAT (Instructor Version Optional Lab)

15. PPP and Frame relay in small network

Split DNS. Finding Feature Information

IPsec Anti-Replay Window: Expanding and Disabling

Virtual Tunnel Interface

Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router)

Lab 9: VPNs IPSec Remote Access VPN

Security for VPNs with IPsec Configuration Guide Cisco IOS Release 12.4T

Troubleshooting, Editing, Port # s

Configuring the PIX Firewall and VPN Clients Using PPTP, MPPE and IPSec

PIX/ASA 7.x and Later : Easy VPN with Split Tunneling ASA 5500 as the Server and Cisco 871 as the Easy VPN Remote Configuration Example

Regular Expressions to Remove Passwords From IOS Configurations

This document is a tutorial related to the Router Emulator which is available at:

Configuring Authentication Proxy

ROUTER COMMANDS. BANNER: Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message

SSG Configuration Example

Split DNS. Finding Feature Information

CCNP 2: Remote Access

The primary audience for this course includes Network Administrators, Network Engineers,

Google Cloud VPN Interop Guide

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

CCNA 4 - Final Exam (A)

Implementing Cisco IP Routing

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

Configuring Virtual Asynchronous Traffic over ISDN

CCNA 4 - Final Exam Answers

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR)

VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example

NetVanta PowerPak. Virtual Instructor-Led Training Lab Guide

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Table of Contents. Cisco PIX/ASA 7.x Enhanced Spoke to Spoke VPN Configuration Example

Table of Contents. Cisco Enhanced Spoke to Client VPN Configuration Example for PIX Security Appliance Version 7.0

ASA Version 7.2(4)30! hostname vpn domain-name hollywood.com enable password BO5OGdtIUElAVJc7 encrypted passwd BO5OGdtIUElAVJc7 encrypted names name

Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version)

Teacher s Reference Manual

SYSLOG Enhancements for Cisco IOS EasyVPN Server

Cisco.Actualtests v New Questions.by.Nev.32q.vce

Configuring Layer 2 Tunneling Protocol (L2TP) over IPSec

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

Implementing Dynamic Multipoint VPN for IPv6

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 7.2. AudioCodes Family of Multi-Service Business Routers (MSBR)

VPN Overview. VPN Types

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 5.2

Lab Configuring and Verifying Standard IPv4 ACLs Topology

IPsec Dead Peer Detection Periodic Message Option

Configuring Authentication Proxy

IOS/CCP: Dynamic Multipoint VPN using Cisco Configuration Professional Configuration Example

Transcription:

CCNA 4 PRAKTISK PRØVE NOTER Af Adam Andersen TEC CISCO

Indhold PPP with Authentication... 2 Configure PPP PAP / CHAP Authentication... 2 Multi link... 2 Debug serial / PPP... 2 Configure Static/Dynamic NAT... 3 Debug NAT show running-config... 3 Configuring GRE... 3 Configuring GRE IPSec... 4 Debug... 4 Configure Frame-Relay... 5 NTP / Timestamp / debugging / SNMP... 5 NTP client... 5 Debugging level... 5 SNMP accesslist... 5 Debug NTP / Time / logging / SNMP / NetFlow... 6 1 S ide

PPP with Authentication R3(config)# interface serial 0/0/0 R3(config-if)# encapsulation ppp R3(config-if)# compress [ predictor stac ] Configure PPP PAP / CHAP Authentication R1(config)# username R3 secret class R1(config)# interface s0/0/0 R1(config-if)# ppp authentication pap R1(config-if)# ppp pap sent-username R1 password cisco CHAP Router(config)# hostname ISP ISP(config)# username R3 secret cisco ISP(config)# interface s0/0/0 ISP(config-if)# ppp authentication chap R3(config)# username ISP secret cisco R3(config)# interface serial0/1/0 R3(config-if)# ppp authentication chap Multi link interface multilink Debug serial / PPP show interfaces serial show controllers show controllers cbus show controllers serial debug ppp authentication 2 S ide

Configure Static/Dynamic NAT Static R1(config)#ip nat inside source static 172.16.16.1 64.100.50.1 Interface private IP R1(config)#ip nat inside Interface public IP R1(config)#ip nat outside Dynamic R2(config)#ip nat pool dynamic 209.165.76.196 209.165.76.199 netmask 255.255.255.252 R2(config)#access-list 1 permit 172.16.0.0 0.0.255.255 R2(config)#ip nat inside source list 1 pool dynamic Interface private IP inside NAT R1(config)#ip nat inside Interface public IP outside NAT R1(config)#ip nat outside PAT R2(config)#ip nat pool R2POOL 209.165.202.129 209.165.202.129 netmask 255.255.255.252 R2(config)#ip access-list standard R2NAT R2(config)#ip nat inside source list R2NAT pool R2POOL overload Debug NAT show running-config show ip nat translations show ip nat statistics show ip nat translation timeout clear ip nat translation Configuring GRE RA(config)#interface tunnel 0 RA(config-if)#ip address 10.10.10.1 255.255.255.252 RA(config-if)#tunnel source serial 0/0/0 RA(config-if)#tunnel destination 209.165.122.2 RA(config-if)#tunnel mode gre ip Static tunnel route to private IP RA(config)# ip route 192.168.2.0 255.255.255.0 10.10.10.2 RB(config)# ip route 192.168.1.0 255.255.255.0 10.10.10.1 3 S ide

Configuring GRE IPSec R1(config)# license boot module c2900 technology-package securityk9 Configure ACL 101 to identify the traffic from the LAN on R1 to the LAN on R2 and R3 as interesting. This interesting traffic will trigger the IPsec VPN to be implemented whenever there is traffic between the R1 and R2 - R3 LANs. All other traffic sourced from the LANs will not be encrypted. Remember that because of the implicit deny any, there is no need to add the statement to the list. R1(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.0.3.255 Configure the ISAKMP Phase 1 Configure the crypto ISAKMP policy 101 properties on R1 along with the shared crypto key cisco. Default values do not have to be configured therefore only the encryption, key exchange method, and DH method must be configured. R1(config)# crypto isakmp policy 101 R1(config-isakmp)# encryption aes R1(config-isakmp)# authentication pre-share R1(config-isakmp)# group 5 R1(config-isakmp)# exit Generate isakmp keys for each peer of R1(config)# crypto isakmp key cisco address 64.100.13.2 R1(config)# crypto isakmp key cisco address 64.102.46.2 Configure the ISAKMP Phase 2 properties Create the transform-set VPN-SET to use esp-aes and esp-sha-hmac. Then create the crypto map VPN-MAP that binds all of the Phase 2 parameters together. Use sequence number 101 and identify it as an ipsec-isakmp map. R1(config)# crypto ipsec transform-set R1_Set esp-aes esp-sha-hmac R1(config)# crypto map R1_Map 101 ipsec-isakmp R1(config-crypto-map)# set peer 64.100.13.2 R1(config-crypto-map)# set peer 64.102.46.2 R1(config-crypto-map)# set transform-set R1_Set R1(config-crypto-map)# match address 101 R1(config-crypto-map)# exit Configure the crypto map on the outgoing interface. Finally, bind the R1_Map crypto map to the outgoing Serial 0/0/0 interface. Note: This is not graded. R1(config)# interface S0/0/0 R1(config-if)# crypto map R1_Map Debug Show version 4 S ide

Configure Frame-Relay Encapsulation R1(config)# interface s0/0/0 R1(config-if)# encapsulation frame-relay MAP IP WITH DLCI R1(config)# interface s0/0/0 R1(config-if)# frame-relay map ip 10.1.1.2 102 broadcast R1(config-if)# frame-relay map ip 10.1.1.3 103 broadcast Set LMI type R1(config-if)# frame-relay lmi-type ansi NTP / Timestamp / debugging / SNMP Clock set NTP server Ntp master 1 NTP client Ntp server [ntp master ip] ntp update-calendar timestamp R1(config)#service timestamps log datetime msec Debugging level R1(config)#logging trap debugging Syslog R1(config)# logging 192.168.1.3 SNMP accesslist R1(config)#ip access-list standard SNMP-ACCES SNMP R1(config-std-nacl)#snmp-server community SA-LAB ro SNMP-ACCESS R1(config)#snmp-server host 192.168.11.3 version 2c SA-LAB R1(config)#snmp-server enable traps R2(config-if)#ip flow ingress R2(config-if)#ip flow egress R2(config)#ip flow-export destination 192.168.22.3 9996 R2(config)#ip flow-export version 9 5 S ide

Debug NTP / Time / logging / SNMP / NetFlow Show clock Show ntp associations Show logging Show snmp show snmp community Show ip cache flow show ip flow interface 6 S ide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback