Packet Tracer - Skills Integration Challenge Topology

Similar documents
Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

CCNA Security v2.0 Chapter 9 Exam Answers

CCNA Security v2.0 Chapter 2 Exam Answers

CCNA Security v2.0 Chapter 10 Exam Answers

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge

Felix Rohrer. Lab 5.5.3: Troubleshooting Access Control Lists. Topology Diagram

CCNA Security PT Practice SBA

CCNA 1 Chapter v5.1 Answers 100%

CCNA Security 1.0 Student Packet Tracer Manual

SASAC v1.0 Implementing Core Cisco ASA Security Cisco Training

CCNA Security v2.0 Chapter 3 Exam Answers

CCNA 1 Chapter v5.1 Answers 100%

2. What is the most cost-effective method of solving interface congestion that is caused by a high level of traffic between two switches?

CCNA 3 Chapter 2 v5.0 Exam Answers 2015 (100%)

Questions and Answers

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

2. When logging is used, which severity level indicates that a device is unusable?

Cisco Companion Topics

Exercise 1: Deploying Windows Server 2012

ICND2 Lab Exercises Lesson Companion

Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

2. When an EIGRP-enabled router uses a password to accept routes from other EIGRP-enabled routers, which mechanism is used?

Release Notes System Software

Max 8/16 and T1/E1 Gateway, Version FAQs

Frequently Asked Questions

Telkom VPN-Lite router setup User Manual Billion 810VGTX

Smart Collector Embedded Assistant User Guide

These tasks can now be performed by a special program called FTP clients.

Competitor fills in. Expert fills in. Time: 6.75h 39 - IT Network Systems Administration Danny Meier, Florian Meier, Tobias Meier

CNS-222-1I: NetScaler for Apps and Desktops

1.3 Describe the impact of infrastructure components in an enterprise network

UDS Enterprise Configuring UDS Enterprise in HA

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

CCNA 1 Chapter v5.1 Answers 100%

Apply power, the appliance may be powered by connecting:

CCNA course contents:

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

CCNA 3 Chapter 8 v5.0 Exam Answers 2015 (100%) CCNA 5 Page 1

Please contact technical support if you have questions about the directory that your organization uses for user management.

Telkom VPN-Lite router setup User Manual Billion 800VGT

BMC Remedyforce Integration with Remote Support

Dolby Conference Phone Support Frequently Asked Questions

EVALUATION GUIDE - OCTOBER 2018 VMWARE CLOUD ON AWS. Evaluation Guide

Click Studios. Passwordstate. RSA SecurID Configuration

CCNA 1 v5.1 Practice Final Exam Answers %

Launching Xacta 360 Marketplace AMI Guide June 2017

1. Which IOS 12.4 software package integrates full features, including voice, security, and VPN capabilities, for all routing protocols?

(CNS-220) Citrix NetScaler Essentials and Traffic Management

Technical Paper. Installing and Configuring SAS Environment Manager in a SAS Grid Environment with a Shared Configuration Directory

1. What is a characteristic of Frame Relay that provides more flexibility than a dedicated line?

BMC Remedyforce Integration with Bomgar Remote Support

CCNA 1 Chapter v5.1 Answers 100%

AvePoint Discovery Tool 3.5. User Guide

CCNA - Routing and Switching

Admin Report Kit for Exchange Server

Overview. Recommended pre-requisite courses: Key Skills. : CNS-220-1I: Citrix NetScaler Traffic Management

Hillstone Networks, Inc. StoneOS Cookbook. Version 5.5R1 V4.0

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

NSE 8 Certification. Exam Description for FortiGate 5.2 and higher

Cisco Nexus Data Broker Embedded: Implementation Quick- Start Guide

Knowledge Exchange (KE) System Cyber Security Plan

Chapter 11 - CCNA Security Comprehensive Lab

Summary. Server environment: Subversion 1.4.6

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

ASM Educational Center (ASM) Est Authorized SCNS Security Certified Network Specialist Boot Camp

CCNA Voice ICOMM: (4 Day Course)

TSHOOT v2.0 Troubleshooting and Maintaining Cisco IP Networks

Log shipping is a HA option. Log shipping ensures that log backups from Primary are

CaseWare Working Papers. Data Store user guide

Web Application Security Version 13.0 Training Course

Installing AX Server with PostgreSQL

Enterprise Installation

OmniAccess 3500 Nonstop Laptop Guardian Release 1.2 Administration Guide

DC Remote Control Installation and Configuration Guide. Version 1.2

CCNA 3 Practice Final v5.0 Exam Answers 2015 (100%)

Kaltura MediaSpace TM Enterprise 2.0 Requirements and Installation

Lecture 6 -.NET Remoting

SANsymphony Installation and Getting Started Guide. November 7, 2016

Interoperability between ProCurve WESM zl and HP ipaq Voice Messenger smartphone

TCG Compliance_TNC IF-PEP Compliance Test Plan

Deploying an Exadata DB System on Oracle Cloud Infrastructure ORACLE WHITE PAPER AUGUST 2018

OO Shell for Authoring (OOSHA) User Guide

Manual for installation and usage of the module Secure-Connect

Technical Paper. Installing and Configuring SAS Environment Manager in a SAS Grid Environment

Understanding Active Directory Domain Services (AD DS) Functional Levels

E-Lock Policy Manager White Paper

Chapter 5. The Network Layer IP

TRENDnet User s Guide. Cover Page

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

Release Type: Firmware Software Hardware New Product

Pexip Infinity Secure Mode Deployment Guide

Integration Framework for SAP Business One

Cisco Tetration Analytics, Release , Release Notes

NAT Instance Configuration

TDR and Trend Micro. Integration Guide

Link-layer switches. Jurassic Park* LANs with backbone hubs are good. LANs with backbone hubs are bad. Hubs, bridges, and switches

Transcription:

Packet Tracer - Skills Integratin Challenge Tplgy 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 1 f 6

Packet Tracer - Skills Integratin Challenge Addressing Table R1 R2 R3 Objectives Scenari Device Interface IP Address Subnet Mask Default Gateway G0/0 209.165.200.233 255.255.255.248 N/A S0/0/0 (DCE) 10.10.10.1 255.255.255.252 N/A Lpback 1 172.20.1.1 255.255.255.0 N/A S0/0/0 10.10.10.2 255.255.255.252 N/A S0/0/1 (DCE) 10.20.20.2 255.255.255.252 N/A G0/1 172.30.3.1 255.255.255.0 N/A S0/0/1 10.20.20.1 255.255.255.252 N/A S1 VLAN 1 192.168.10.11 255.255.255.0 192.168.10.1 S2 VLAN 1 192.168.10.12 255.255.255.0 192.168.10.1 S3 VLAN 1 172.30.3.11 255.255.255.0 172.30.3.1 ASA VLAN 1 (E0/1) 192.168.10.1 255.255.255.0 N/A VLAN 2 (E0/0) 209.165.200.234 255.255.255.248 N/A PC-A NIC 192.168.10.2 255.255.255.0 192.168.10.1 PC-B NIC 192.168.10.3 255.255.255.0 192.168.10.1 PC-C NIC 172.30.3.3 255.255.255.0 172.30.3.1 Cnfigure basic ruter security Cnfigure basic switch security Cnfigure AAA lcal authenticatin Cnfigure SSH Secure against lgin attacks Cnfigure site-t-site IPsec VPNs Cnfigure firewall and IPS settings Cnfigure ASA basic security and firewall settings This culminating activity includes many f the skills that yu have acquired during this curse. The ruters and switches are precnfigured with the basic device settings, such as IP addressing and ruting. Yu will secure ruters using the CLI t cnfigure varius IOS features, including AAA, SSH, and Zne-Based Plicy Firewall (ZPF). Yu will cnfigure a site-t-site VPN between R1 and R3. Yu will secure the switches n the netwrk. In additin, yu will als cnfigure firewall functinality n the ASA. Requirements Nte: Nt all security features will be cnfigured n all devices, hwever, they wuld be in a prductin netwrk. 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 2 f 6

Packet Tracer - Skills Integratin Challenge Cnfigure Basic Ruter Security Cnfigure the fllwing n R1: Minimum passwrd length is 10 characters. Encrypt plaintext passwrds. Privileged EXEC mde secret passwrd is ciscenapa55. Cnsle line passwrd is cisccnpa55, timeut is 15 minutes, and cnsle messages shuld nt interrupt cmmand entry. A message-f-the-day (MOTD) banner shuld include the wrd unauthrized. Cnfigure the fllwing n R2: Privileged EXEC mde secret passwrd is ciscenapa55. Passwrd fr the VTY lines is ciscvtypa55, timeut is 15 minutes, and lgin is required. Cnfigure Basic Switch Security Cnfigure the fllwing n S1: Encrypt plaintext passwrds. Privileged EXEC mde secret passwrd is ciscenapa55. Cnsle line passwrd is cisccnpa55, timeut is 5 minutes, and cnsles messages shuld nt interrupt cmmand entry. Passwrd fr the VTY lines is ciscvtypa55, timeut is 5 minutes, and lgin is required. An MOTD banner shuld include the wrd unauthrized. Cnfigure trunking between S1 and S2 with the fllwing settings: Set the mde t trunk and assign VLAN 99 as the native VLAN. Disable the generatin f DTP frames. Cnfigure the S1 with the fllwing prt settings: F0/6 shuld nly allw access mde, set t PrtFast, and enable BPDU guard. F0/6 uses basic default prt security with dynamically learned MAC addresses added t the running cnfiguratin. All ther prts shuld be disabled. Nte: Althugh nt all prts are checked, yur instructr may want t verify that all unused prts are disabled. Cnfigure AAA Lcal Authenticatin Cnfigure the fllwing n R1: Cnfigure SSH Create a lcal user accunt f Admin01, a secret passwrd f Admin01pa55, and a privilege level f 15. Enable AAA services. Implement AAA services using the lcal database as the first ptin and then the enable passwrd as the backup ptin. Cnfigure the fllwing n R1: The dmain name is ccnasecurity.cm 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 3 f 6

Packet Tracer - Skills Integratin Challenge The RSA key shuld be generated with 1024 mdulus bits. Only SSH versin 2 is allwed. Only SSH is allwed n VTY lines. Verify that PC-C can remtely access R1 (209.165.200.233) using SSH. Secure Against Lgin Attacks Cnfigure the fllwing n R1: If a user fails t lg in twice within a 30-secnd time span, disable lgins fr ne minute. Lg all failed lgin attempts. Cnfigure Site-t-Site IPsec VPNs Nte: Sme VPN cnfiguratins are nt scred. Hwever, yu shuld be able t verify cnnectivity acrss the IPsec VPN tunnel. Enable the Security Technlgy package license n R1. Save the running cnfiguratin befre relading. Cnfigure the fllwing n R1: Create an access list t identify interesting traffic n R1. Cnfigure ACL 101 t allw traffic frm the R1 L1 netwrk t the R3 G0/1 LAN. Cnfigure the crypt isakmp plicy 10 Phase 1 prperties n R1 and the shared crypt key ciscvpnpa55. Use the fllwing parameters: Key distributin methd: ISAKMP Encryptin: aes 256 Hash: sha Authenticatin methd: pre-shared Key exchange: DH Grup 5 IKE SA lifetime: 3600 ISAKMP key: ciscvpnpa55 Create the transfrm set VPN-SET t use esp-aes 256 and esp-sha-hmac. Then create the crypt map CMAP that binds all f the Phase 2 parameters tgether. Use sequence number 10 and identify it as an ipsec-isakmp map. Use the fllwing parameters: Transfrm set: VPN-SET Transfrm encryptin: esp-aes 256 Transfrm authenticatin: esp-sha-hmac Perfect Frward Secrecy (PFS): grup5 Crypt map name: CMAP SA establishment: ipsec-isakmp Bind the crypt map (CMAP) t the utging interface. Verify that the Security Technlgy package license is enabled. Repeat the site-t-site VPN cnfiguratins n R3 s that they mirrr all cnfiguratins frm R1. Ping the L1 interface (172.20.1.1) n R1 frm PC-C. On R3, use the shw crypt ipsec sa cmmand t verify that the number f packets is mre than 0, which indicates that the IPsec VPN tunnel is wrking. 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 4 f 6

Packet Tracer - Skills Integratin Challenge Cnfigure Firewall and IPS Settings Cnfigure a ZPF n R3 using the fllwing requirements: Create znes named IN-ZONE and OUT-ZONE. Create an ACL number 110 that defines internal traffic, which permits all IP prtcls frm the 172.30.3.0/24 surce netwrk t any destinatin. Create a class map named INTERNAL-CLASS-MAP that uses the match-all ptin and ACL 110. Create a plicy map named IN-2-OUT-PMAP that uses the class map INTERNAL-CLASS-MAP t inspect all matched traffic. Create a zne pair named IN-2-OUT-ZPAIR that identifies IN-ZONE as the surce zne and OUT-ZONE as the destinatin zne. Specify that the IN-2-OUT-PMAP plicy map is t be used t inspect traffic between the tw znes. Assign G0/1 as an IN-ZONE member and S0/0/1 as an OUT-ZONE member. Cnfigure an IPS n R3 using the fllwing requirements: Nte: Within Packet Tracer, the ruters already have the signature files imprted and in place. They are the default XML files in flash. Fr this reasn, it is nt necessary t cnfigure the public crypt key and cmplete a manual imprt f the signature files. Create a directry in flash named ipsdir and set it as the lcatin fr IPS signature strage. Create an IPS rule named IPS-RULE. Retire the all signature categry with the retired true cmmand (all signatures within the signature release). Unretire the IOS_IPS Basic categry with the retired false cmmand. Apply the rule inbund n the S0/0/1 interface. Cnfigure ASA Basic Security and Firewall Settings Cnfigure VLAN interfaces with the fllwing settings: Fr the VLAN 1 interface, cnfigure the addressing t use 192.168.10.1/24. Fr the VLAN 2 interface, remve the default DHCP setting and cnfigure the addressing t use 209.165.200.234/29. Cnfigure hstname, dmain name, enable passwrd, and cnsle passwrd using the fllwing settings: The ASA hstname is CCNAS-ASA. The dmain name is ccnasecurity.cm. The enable mde passwrd is ciscenapa55. Create a user and cnfigure AAA t use the lcal database fr remte authenticatin. Cnfigure a lcal user accunt named admin with the passwrd adminpa55. D nt use the encrypted attribute. Cnfigure AAA t use the lcal ASA database fr SSH user authenticatin. Allw SSH access frm the utside hst 172.30.3.3 with a timeut f 10 minutes. Cnfigure the ASA as a DHCP server using the fllwing settings: Assign IP addresses t inside DHCP clients frm 192.168.10.5 t 192.168.10.30. Enable DHCP t listen fr DHCP client requests. 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 5 f 6

Packet Tracer - Skills Integratin Challenge Cnfigure static ruting and NAT. Create a static default rute t the next hp ruter (R1) IP address. Create a netwrk bject named inside-net and assign attributes t it using the subnet and nat cmmands. Create a dynamic NAT translatin t the utside interface. Mdify the Cisc Mdular Plicy Framewrk (MPF) n the ASA using the fllwing settings: Cnfigure class-map inspectin_default t match default-inspectin-traffic, and then exit t glbal cnfiguratin mde. Cnfigure the plicy-map list glbal_plicy. Enter the class inspectin_default and enter the cmmand t inspect icmp. Then exit t glbal cnfig mde. Cnfigure the MPF service-plicy t make the glbal_plicy apply glbally. 2015 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public. Page 6 f 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback