Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 11 - Comprehensive Lab - txt-1

    Uploaded by

    Arwin Ilagan
    1K views7 pages
    The document contains configurations for several network devices, including routers R1, R2 and R3, switches S1 and S2, and a Cisco ASA firewall. Key configurations include interface IP addresses, routing, NTP, SSH, AAA, and VPN settings on the routers. Switch port security and VLAN configurations are shown for S1. The ASA is configured with interfaces for inside, outside and DMZ networks, and HTTP management access is enabled on the inside interface.

    Original Description:

    Case Study - CCNA Security Comprehensive Lab

    Original Title

    Chapter 11 - Comprehensive Lab.txt-1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains configurations for several network devices, including routers R1, R2 and R3, switches S1 and S2, and a Cisco ASA firewall. Key configurations include interface IP addresses, routing, NTP, SSH, AAA, and VPN settings on the routers. Switch port security and VLAN configurations are shown for S1. The ASA is configured with interfaces for inside, outside and DMZ networks, and HTTP management access is enabled on the inside interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views7 pages

    Chapter 11 - Comprehensive Lab - txt-1

    Uploaded by

    Arwin Ilagan
    The document contains configurations for several network devices, including routers R1, R2 and R3, switches S1 and S2, and a Cisco ASA firewall. Key configurations include interface IP addresses, routing, NTP, SSH, AAA, and VPN settings on the routers. Switch port security and VLAN configurations are shown for S1. The ASA is configured with interfaces for inside, outside and DMZ networks, and HTTP management access is enabled on the inside interface.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    =========================================================

    ======================
    R1

    #no ip domain-lookup

    #int g0/0
    #ip add 209.165.200.225 255.255.255.248
    #no shut

    #int s0/0/0
    #ip add 10.1.1.1 255.255.255.252
    #clock rate 128000
    #no shut

    #int lo1
    #ip add 172.20.1.1 255.255.255.0

    #ip route 0.0.0.0 0.0.0.0 10.1.1.2

    #security passwords min-length 10


    #service password-encryption
    #banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
    AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
    #enable algorithm-type scrypt secret cisco12345

    #username Admin01 privilege 15 secret Admin01pa55

    #line con 0
    #privilege 15
    #exec-timeout 15 0
    #logging synchronous
    #login
    #exi

    #line vty 0 4
    #privilege 15
    #exec-timeout 15 0
    #logging synchronous
    #transport input ssh
    #login
    #exi

    #aaa new-model
    #aaa authentication login default local

    #login on-success log


    #login on-failure log every 2
    #exi

    #ip http server


    #ip http authentication local

    #ip domain-name ccnasecurity.com


    #crypto key generate rsa general-keys modulus 1024

    #ip ssh version 2


    #ip ssh time-out 90
    #ip ssh authentication-retries 2

    #login block-for 60 attempts 2 within 30


    #login on-failure log every 2

    #secure boot-image
    #secure boot-config

    #copy running-config startup-config

    #no secure boot-image


    #no secure boot-config

    #ntp authenticate
    #ntp authentication-key 1 md5 NTPpassword
    #ntp trusted-key 1
    #ntp server 10.1.1.2
    #ntp update-calendar
    #do show ntp associations
    #do show ntp status

    #copy running-config startup-config


    =========================================================
    ======================
    R2

    #no ip domain-lookup

    #int s0/0/0
    #ip add 10.1.1.2 255.255.255.252
    #no shut

    #int s0/0/1
    #ip add 10.2.2.2 255.255.255.252
    #clock rate 128000
    #no shut

    #ip route 209.165.200.224 255.255.255.248 10.1.1.1


    #ip route 172.16.3.0 255.255.255.0 10.2.2.1

    #show clock
    #clock set 19:30:00 Jan 26 2017
    #show clock

    #ntp authenticate
    #ntp authentication-key 1 md5 NTPpassword
    #ntp trusted-key 1
    #ntp master 3

    #copy running-config startup-config

    =========================================================
    ======================
    R3

    #no ip domain-lookup

    #int g0/1
    #ip add 172.16.3.1 255.255.255.0
    #no shut

    #int s0/0/1
    #ip add 10.2.2.1 255.255.255.252
    #no shut

    #ip route 0.0.0.0 0.0.0.0 10.2.2.2

    #security passwords min-length 10


    #service password-encryption
    #banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
    AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
    #enable algorithm-type scrypt secret cisco12345

    #username Admin01 privilege 15 secret Admin01pa55

    #line con 0
    #privilege 15
    #exec-timeout 15 0
    #logging synchronous
    #login
    #exi

    #line vty 0 4
    #privilege 15
    #exec-timeout 15 0
    #logging synchronous
    #transport input ssh
    #login
    #exi

    #aaa new-model
    #aaa authentication login default local

    #login on-success log


    #login on-failure log every 2
    #exi

    #ip http server


    #ip http authentication local

    #ip domain-name ccnasecurity.com


    #crypto key generate rsa general-keys modulus 1024

    #ip ssh version 2


    #ip ssh time-out 90
    #ip ssh authentication-retries 2

    #ntp authenticate
    #ntp authentication-key 1 md5 NTPpassword
    #ntp trusted-key 1
    #ntp server 10.2.2.1
    #ntp update-calendar
    #do show ntp associations
    #do show ntp status

    #service timestamps log datetime msec


    #logging 172.16.3.3

    #logging trap 4
    #show logging

    #zone security INSIDE


    #zone security OUTSIDE

    #class-map type inspect match-any INSIDE_PROTOCOLS


    #match protocol tcp
    #match protocol udp
    #match protocol icmp

    #policy-map type inspect INSIDE_TO_OUTSIDE


    #class type inspect INSIDE_PROTOCOLS
    #inspect

    #zone-pair security INSIDE_TO_OUTSIDE source INSIDE


    destination OUTSIDE

    #zone-pair security INSIDE_TO_PROTOCOLS


    #service-policy type inspect INSIDE_TO_OUTSIDE

    #int g0/1
    #zone-member security INSIDE

    #int s0/0/1
    #zone-member security OUTSIDE

    #do show zone-pair security


    #do show policy-map type inspect zone-pair
    #do show zone security

    #crypto isakmp enable


    #crypto isakmp policy 1
    #authentication pre-share
    #encryption 3des
    #hash sha
    #group 2
    #end

    #crypto isakmp Site2SiteKEY1 address 209.165.200.226


    #do show crypto isakmp policy

    #crypto ipsec transform-set TRNSFRM-SET esp-aes (256)


    esp-sha-hmac

    #ip access-list extended 101


    #permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255
    #exi

    #crypto map CMAP 1


    #match address 101
    #set peer 209.165.200.226
    #set transform-set TRNSFRM-SET

    #int s0/0/1
    #crypto map CMAP
    #end

    #do show crypto map


    #do show crypto ipsec sa

    #copy running-config startup-config

    =========================================================
    ======================
    S1

    #no ip domain-lookup

    #int vlan1
    #ip add 192.168.2.11 255.255.255.0
    #ip default-gateway 192.168.2.1
    #no shut

    #no ip http server


    #no ip http secure-server

    #enable algorithm-type scrypt secret cisco12345


    #banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED$

    #ip domain-name ccnasecurity.com


    #username Admin01 privilege 15 secret Admin01pa55

    #crypto key generate rsa general-keys modulus 1024

    #ip ssh version 2


    #ip ssh time-out 90
    #ip ssh authentication-retries 2

    #line con 0
    #privilege 15
    #exec-timeout 5 0
    #logging synchronous
    #login
    #exi

    #line vty 0 4
    #privilege 15
    #exec-timeout 5 0
    #logging synchronous
    #transport input ssh
    #login
    #exi

    #int f0/6
    #switchport mode access
    #switchport nonegotiate
    #switchport port-security
    #switchport port-security maximum 1
    #switchport port-security mac-address sticky
    #switchport port-security violation shutdown
    #spanning-tree portfast
    #spanning-tree portfast bpduguard default
    #int range f0/1-5
    #shut
    #spanning-tree loopguard
    #int range f0/7-23
    #shut
    #spanning-tree loopguard

    #copy running-config startup-config

    =========================================================
    ======================
    S2

    #no ip domain-lookup

    #int vlan1
    #ip add 192.168.1.11 255.255.255.0
    #ip default-gateway 192.168.1.1
    #no shut

    #copy running-config startup-config

    =========================================================
    ======================
    S3

    #no ip domain-lookup

    #int vlan1
    #ip add 172.16.1.11 255.255.255.0
    #ip default-gateway 172.30.3.1
    #no shut

    #copy running-config startup-config

    =========================================================
    ======================
    ASA

    #write erase
    #reload

    #int vlan1
    #nameif inside
    #ip address 192.168.1.1 255.255.255.0
    #security-level 100
    #no shut

    #int vlan2
    #nameif outside
    #ip address 209.165.200.226 255.255.255.248
    #security-level 0
    #no shut

    #int vlan3
    #nameif dmz
    #ip address 192.168.2.1 255.255.255.0
    #security-level 70
    #no shut

    #int e0/0
    #switchport access vlan 2
    #no shut

    #int e0/1
    #switchport access vlan 1
    #no shut

    #int e0/2
    #switchport access vlan 3
    #no shut

    #do sh int ip br
    #do sh ip add
    #do sh switch vlan

    #http server enable


    #http 192.168.1.0 255.255.255.0

    =========================================================
    ============================

    You might also like