Configure ISDN Connectivity between Remote Sites

Similar documents
CCNP 2: Remote Access

Lab Configuring ISDN PRI

Configuring Legacy DDR Hubs

CCNA 4 - Final Exam Answers

DDR Routing Commands

Lab Configuring ISDN Dial Backup

Number of seconds that elapse after the primary line goes down before the router activates the secondary line. The default is 0 seconds.

Cisco IOS Firewall Authentication Proxy

Lab : Challenge OSPF Configuration Lab. Topology Diagram. Addressing Table. Default Gateway. Device Interface IP Address Subnet Mask

Sample Business Ready Branch Configuration Listings

WHITE PAPERS from the files of Networking Unlimited, Inc. Using Dial-on-Demand Routing to Trigger Backup Links on Cisco Routers

Using ISDN Effectively

Connections, addressing and common configuration rules.

ROUTER COMMANDS. BANNER: Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message

Lab 9.6.2: Challenge EIGRP Configuration Lab

Cisco Exam CCNA Version: 4.1 [ Total Questions: 215 ]

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Lab Configuring Dialer Profiles

Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall

Lab Configuring Legacy DDR

CCNA 4 - Final Exam (A)

Configuring PPP Callback

GoCertify Advanced Cisco CCIE Lab Scenario # 1

Evaluating Backup Interfaces, Floating Static Routes, and Dialer Watch for DDR Backup

Configuring PPP over Ethernet with NAT

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP

Connections, addressing and common configuration rules.

Skills Assessment Student Training Exam

Cisco Configuring Hub and Spoke Frame Relay

CCNA 4 - Final Exam (B)

Configuring BACP. Cisco IOS Dial Technologies Configuration Guide DC-667

Configuring Virtual Asynchronous Traffic over ISDN

IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example

Configuring Dial-on-Demand Routing

Lab Configuring Legacy DDR

L2TP IPsec Support for NAT and PAT Windows Clients

PPPoE Client DDR Idle-Timer

Implementing ADSL and Deploying Dial Access for IPv6

Lab Configuring PPP Callback

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Configuring PPP over Ethernet with NAT

Completing an ISDN BRI Call. 2000, Cisco Systems, Inc. 13-1

Application Note Configuring the Ascend MAX800 for use with Clipmail in a private network

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

Configuring Basic AAA on an Access Server

Configuring Modem Transport Support for VoIP

Configuring Link Fragmentation and Interleaving for Multilink PPP

Configuring and Troubleshooting Dialer Profiles

Configuring Authentication Proxy

Cisco Press CCIE Practical Studies CCIE Practice Lab: Enchilada Solutions

How to configure MB5000 Serial Port Bridge mode

1- and 2-Port V.90 Modem WICs for Cisco 2600 and Cisco 3600 Series Multiservice Platforms

Cisco Router Configuration Handbook

Virtual Private Networks (VPNs)

Exam : Title : CCIE Service Provider Dial. Version : DEMO

Skills Assessment. CCNA Routing and Switching: Connecting Networks. Topology. Assessment Objectives. Scenario

Tactical Software requires that Cisco IOS Software Release 12.0(9) or later be installed on the NAS to interoperate with DialOut/EZ.

Lab Configuring and Verifying Extended ACLs Topology

Chapter 3 Lab 3-4, OSPF over Frame Relay

Configuring and Troubleshooting Frame Relay

We have looked at how and why one router dials another using ISDN. Just as important is knowing what keeps the link up once it is dialed.

Configuring X.25 on ISDN Using AO/DI

CCNA Security 1.0 Student Packet Tracer Manual

Configuring Virtual Profiles

Lab 2.8.2: Challenge Static Route Configuration

Configuring a VPN Using Easy VPN and an IPSec Tunnel, page 1

Cisco Configuring and Troubleshooting Frame Relay

Case Study 2: Frame Relay and OSPF Solution

Understanding and Troubleshooting Idle Timeouts

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Fractional DS3. Version: 400. Copyright ImageStream Internet Solutions, Inc., All rights Reserved.

PPP over Frame Relay

The primary audience for this course includes Network Administrators, Network Engineers,

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

- PIX Advanced IPSEC Lab -

Education by Simulation Sequential Labs For CCNA

Lab AAA Authorization and Accounting

Lab Configuring HSRP and GLBP Topology

Configuring Lock-and-Key Security (Dynamic Access Lists)

Lab Using the CLI to Gather Network Device Information Topology

CCIE R&S v5.0. Troubleshooting Lab. Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7

PPPoE Client DDR Idle Timer

Lab Troubleshooting Basic PPP with Authentication Topology

1. Which OSI layers offers reliable, connection-oriented data communication services?

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

Lab Configuring Dynamic and Static NAT (Solution)

Cisco Press CCIE Practical Studies CCIE Practice Lab: Unnamed Solutions

Lab 5.6.2: Challenge RIP Configuration

Lab Configuring Dynamic and Static NAT (Instructor Version Optional Lab)

et Su cc es s in Passing Yourertification Exam at first

QoS: Per-Session Shaping and Queuing on LNS

IPsec Anti-Replay Window Expanding and Disabling

IPsec Dead Peer Detection Periodic Message Option

Add Path Support in EIGRP

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

co Configuring PIX to Router Dynamic to Static IPSec with

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Virtual Private Networks Advanced Technologies

Lab: RIP v2 with VLSM

Transcription:

Case Study 1 Configure ISDN Connectivity between Remote Sites Cisco Networking Academy Program CCNP 2: Remote Access v3.1

Objectives In this case study, the following concepts are covered: Asynchronous Dialup Connection AUX PPP (multilink and authentication) ISDN (PRI and BRI) Dialer Profiles Map Class 2-5 CCNP 2: Remote Access v3.1 Copyright 2003, Cisco Systems, Inc.

Scenario The Air Guitar Company wants to connect three remote sites via ISDN links. In addition they have asked that dialup access be enabled for remote users to access the Air Guitar network. Initial Configurations Physically connect the network devices according the network diagram. Be sure that the cables are connected to the appropriate Adtran ports as labeled in the diagram. The Air Guitar Company has decided to use the private address 10.0.0.0 /8 network. Configure Fa0/0 interface of R1, R2, and R3 to belong to the 10.x.x.x /24 network. The x refers to the router number. For example, the Fa0/0 interface of R1 should be IP address 10.1.1.1 /24, R2 should be 10.2.2.1, and R3 should be 10.3.3.1. Configure all three routers to use the password cisco to support Telnet services and privilege EXEC mode. Configure all three routers with a local username and password database where the username will be the remote router names and the password cisco. For example, the R1 router would include username R2 password cisco. Copyright 2003, Cisco Systems, Inc. Case Study 1: Configure ISDN Connectivity between Remote Sites 3-5

Asynchronous Configure an asynchronous dialup connection on the AUX port of R1, so that Host A can dial up R1 to access the Air Guitar corporate network. Configure the asynchronous interface so that it will share the Fa0/0 IP address of R1. Configure PPP dedicated mode on R1. The EXEC prompt should not appear and the router will not be available for EXEC mode access unless the user Telnets from the host. Configure R1 to always assign Host A the IP address 10.1.1.10. Configure a local database entry to authenticate Host A with the username HostA and password letmein. Configure the router to automatically discover the modem type and configure it. Configure Host A to dial 555-6001 to access the Air Guitar network. ISDN Configure ISDN PRI on R1. The ISDN switch type for the ISDN PRI connection is primary-ni. Configure the T1 controller on R1 to use esf framing, b8zs line coding, and set the T1 controller to use all timeslots. R1 belongs to the 10.1.2.0 /29 subnet. Configure the first valid IP address to R1. Configure the PRI channel on R1 for Dial-on-Demand Routing (DDR) to establish a call to both R2 and R3. Be sure to correctly map the dialer string to the appropriate IP address. Configure the PRI channel on R1 to use PPP multilink. Configure ISDN BRI on R2 and R3 to use the SPID information from the network diagram. The ISDN switch type for the ISDN BRI connection is basic-ni. Configure a pair of dialer interfaces (Dialer 0 and Dialer 1) on R2 and R3 for Dial-on-Demand Routing (DDR) to establish a call to R1 (Dialer 0) or between both BRI interfaces (Dialer 1). Configure Dialer 0 on both R2 and R3 to connect to the PRI interface of R1 by calling 555-5000. Configure the R2 and R3 Dialer 0 interface so that they belong to the same subnet as R1, 10.1.2.0 /29. All IP packets should be able to initiate an ISDN call. Configure Dialer 1 on both R2 and R3 to establish an ISDN connection between the two routers. 4-5 CCNP 2: Remote Access v3.1 Copyright 2003, Cisco Systems, Inc.

Configure the R2 and R3 dialer 1 interface so that they belong to the 10.1.2.16 /30 VLSM subnet. All IP packets should be able to initiate an ISDN call. Configure R2 and R3 to aggregate both ISDN B-channels when incoming or outgoing traffic exceeds a threshold of 3. Create a map class on R2 and R3 that will aggressively disconnect the ISDN connection when the link is not used. Set the idle-timeout to 30 seconds, fastidle timer to 10 seconds, and carrier wait time to 25 seconds. Configure R1, R2 and R3 to secure the ISDN connections with PPP CHAP. Configure static routes on all routers so that each router knows how to reach its neighbor remote LAN. Test the ISDN connection. Ping the R2 and R3 dialer 0 interface from R1 and vice versa. If the pings fail, troubleshoot as necessary. Ping the R2 dialer 1 interface from R3. If the pings fail, troubleshoot as necessary. Check List R1 should query its local username and password database to authenticate remote login attempts. Host A should be able to reach the entire Air Guitar network after a successful asynchronous connection is established to R1. R1 should be able to initiate an ISDN DDR connection with R2 and R3. R2 and R3 should use an aggressive map class to timeout the ISDN connection. R2 and R3 should be able to initiate a DDR connection using dialer profiles with R1 and with each other. Copyright 2003, Cisco Systems, Inc. Case Study 1: Configure ISDN Connectivity between Remote Sites 5-5

Case Study 2 Configure ISDN Backup and VPN Connection Cisco Networking Academy Program CCNP 2: Remote Access v3.1

Objectives In this case study, the following concepts are covered: AAA authentication Multipoint Frame Relay with Sub-interfaces ISDN dial backup Floating Static Routes Dynamic NAT Multipoint VPN with NAT QoS- Class Based Weighted Fair Queuing 2-6 CCNP 2: Remote Access v3.1 Copyright 2003, Cisco Systems, Inc.

Scenario The Air Guitar Company wants ISDN backup for the primary Frame Relay Links. In addition they have asked for a multipoint VPN connection to R3. Initial Configurations Physically connect the network devices according the above diagram. Be sure that the cables are connected to the appropriate Adtran ports as labeled in the diagram. Configure the F0/0 interface on R1 and R2, as well as their respective hosts so that they belong to the 10.x.x.x/24 network. The x represents the router number. OR Substitute the x for the router number. Example: R1 F0/0 = 10.1.1.1 /24. Be sure to configure the respective hosts on R1 and R2 to use the appropriate gateway IP. Configure Host B and the F0/0 interface on R3 so that they belongs to the 192.168.3.0 /24 network. Configure R1 with a Loopback interface using the IP address 1.1.1.1/24. The loopback address will be used to simulate a connection to an external network. Configure all three routers using the privilege EXEC mode password cisco. Copyright 2003, Cisco Systems, Inc. Case Study 2: Configure ISDN Backup and VPN Connection 3-6

Configure all three routers with a local username and password database where the username will be the remote router name and password cisco. Example: username r1 password cisco. Configure AAA authentication on all routers to query the local username and password database. Frame Relay The Atlas is preconfigured with multiple PVCs. For the purposes of this lab, the PVC between R1 and R3 will be ignored. After setting the Frame Relay encapsulation on R2, issue the following command: no frame-relay inversearp ip 203. After setting the Frame Relay encapsulation on R3, issue the following command: no frame-relay inverse-arp ip 302. The commands will prevent automatic mapping for this unused PVC. Configure Frame Relay on all three routers so that R2 and R3 will become spokes and R1 will be the Frame Relay Hub. Configure sub-interfaces on R1 to directly connect to R2 and R3. Configure the Frame Relay connection between each Hub and Spoke so that R1 and R2 belong to the 10.1.0.4/30 subnet and that R1 and R3 belong to the 10.1.0.8 /30 subnet. Configure default routes on R2 and R3 so that R1 will be the next hop router. Be sure to configure static routes on R1 to reach R2 connected LAN. Do not configure a static route on R1 to reach the R3 LAN. Use ping to verify connectivity between each router over the Frame Relay link. NAT Configure Dynamic NAT on R3 so that traffic sourced from its inside local address 192.168.3.0/24 will be translated with a global address of 10.1.3.0/24. Configure an access-list on R3 so that packets sourced from its inside local address will not be translated with NAT when destined for the R1 and R2 remote LANs. Traffic destined for any other destination will be translated with NAT. Be sure to configure a default route on R3 to use R1 as the next hop router to reach any destination networks. Configure a static route on R1 and R2 to reach the R3 inside local address 192.168.3.0/24. Ping the Lo0/0 interface on R1 from Host B. Use the appropriate show commands to verify that R3 has translated packets from its LAN with an inside global address. Ping Host A and Host C from Host B. Use the appropriate show commands to verify that R3 has not translated packets from its LAN with an inside global address. 4-6 CCNP 2: Remote Access v3.1 Copyright 2003, Cisco Systems, Inc.

ISDN Dial Backup Use the SPID information from the network diagram to configure ISDN BRI on R1 and R2. The ISDN switch type used for the ISDN BRI connection is basicni. Configure R1 and R2 to secure the ISDN dial up connection to use PPP CHAP. Be sure that the aaa authentication default is defined for PPP. Configure the BRI interface on R1 and R2 so that it belongs to the VLSM 10.1.2.0/30 network. Test the ISDN connection by initiating a DDR connection. Ping the BRI0/0 interface on R2 from R1. If the pings fail troubleshoot as necessary. Configure ISDN dialer backup on R1 to use the BRI interface to backup the primary Frame Relay interface. The backup line should come up 5 seconds after the primary link fails and go down 20 seconds after the primary link comes back up. IPSec Configure Hub and Spoke IPsec so that R2 will build an IPsec tunnel through R1 in order to reach R3. Configure a named access-list on all routers to define traffic from their respective LANs to be encrypted when traffic is destined for their neighboring remote LANs. Configure R1 and R2 so that traffic sourced from their FastEthernet LAN and destined for their respective neighboring remote LANs, is encrypted. Configure IPSec on R3 so that the inside local address will be encrypted and not be translated by NAT when traffic is destined for the R1 and R2 Ethernet networks. Packets destined for anywhere else will be translated with NAT. Configure the ISAKMP policy suite on R1 and R2 with the following parameters. Be sure to manually configure the same pre-shared key on both routers and to use pre-shared keys authentication. Configure the transform-set to use esp-des to build the IPSec security association. Be sure to configure and apply a crypto map to the defined parameters for IPSec protection on each routers s0/0 interface. To test your IPSec tunnel configuration enable the appropriate debug commands to monitor IPSec activity and ping Host C from Host B. QoS Configure class based weighted fair queuing (CBWFQ) on all three routers to guarantee 32 kbps of Frame Relay bandwidth usage for Telnet traffic from any source to any destination. Use the appropriate configurations to verify your QoS configurations. Copyright 2003, Cisco Systems, Inc. Case Study 2: Configure ISDN Backup and VPN Connection 5-6

Check List R1 should query its local username and password database to authenticate remote login attempts. R1 should be able to initiate an ISDN DDR connection with R2 and vice versa. The ISDN connection on R1 and R2 should be able to back up the primary Frame Relay link in the event of link failure. LAN traffic from all three routers should be encrypted with an IPSec tunnel using pre-shared keys over a multipoint topology. RFC 1918 internal IP address on R3 should be encrypted with an IPSec tunnel when traffic is destined for the FastEthernet networks of R1 and R2. Telnet traffic should be guaranteed 32 kbps of Frame Relay bandwidth using CBWFQ. 6-6 CCNP 2: Remote Access v3.1 Copyright 2003, Cisco Systems, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback