Configure the basic device settings

Assignment Help Computer Networking
Reference no: EM132010107

Securing Company Network - Network Topology

1926_Network topology.jpg

Note: ISR G1 devices have Fast Ethernet interfaces instead of Gigabit Ethernet Interfaces.

In this lab, you will perform the following tasks: Part 2: Configure Basic Device Settings
Part 3: Configure Secure Router Administrative Access

- Configure encrypted passwords and a login banner.

- Configure the EXEC timeout value on console and VTY lines.

- Configure login failure rates and VTY login enhancements.

- Configure Secure Shell (SSH) access and disable Telnet.

- Configure local authentication, authorization, and accounting (AAA) user authentication.

- Secure the router against login attacks, and secure the IOS image and the configuration file.

- Configure a router NTP server and router NTP clients.

- Configure router syslog reporting and a syslog server on a local host.

Part 4: Configure a Zone-Based Policy Firewall and Intrusion Prevention System

- Configure a Zone-Based Policy Firewall (ZPF) on an ISR using the CLI.

- Configure an intrusion prevention system (IPS) on an ISR using the CLI.

Part 5: Secure Network Switches

- Configure passwords and a login banner.

- Configure management VLAN access.

- Secure access ports.

- Protect against Spanning Tree Protocol (STP) attacks.

- Configure port security and disable unused ports.

Part 6: Configure ASA Basic Settings and Firewall

- Configure basic settings, passwords, date, and time.

- Configure the inside and outside VLAN interfaces.

- Configure port address translation (PAT) for the inside network.

- Configure a Dynamic Host Configuration Protocol (DHCP) server for the inside network.

- Configure administrative access via Telnet and SSH.

- Configure a static default route for the Adaptive Security Appliance (ASA).

- Configure Local AAA user authentication.

- Configure a DMZ with a static NAT and ACL.

- Verify address translation and firewall functionality.

Part 7 Configure a DMZ, Static NAT, and ACLs on an ASA

Part 8: Configure ASA Clientless SSL VPN Remote Access Using ASDM

- Configure a remote access SSL VPN using the Cisco Adaptive Security Device Manager (ASDM).

- Verify SSL VPN access to the portal.

Part 9: Configure a Site-to-Site VPN between the ASA and ISR

- Configure an IPsec site-to-site VPN between the ASA and R3-S0000 using ASDM and the CLI.

- Activate and verify the IPsec site-to-site VPN tunnel between the ASA and R3.

BACKGROUND

This comprehensive pratical is divided into parts. The parts should be completed sequentially. In Part 1, you will configure the basic device settings. In Part 2, you will secure a network router using the command-line interface (CLI) to configure IOS features, including AAA and SSH. In Part 3, you will configure a ZPF and IPS on an ISR. In Part 4, you will configure a network switch using the CLI. In Parts 6 and 7, you will configure the ASA firewall functionality and clientless SSL VPN remote access. In Part 8, you will configure a site-to-site VPN between the ASA and R3.

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

The ASA used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version 9.2(3) and the Adaptive Security Device Manager (ASDM) version 7.4(1) and comes with a Base license that allows a maximum of three VLANs.

Note: Before beginning, ensure that the routers and switches have been erased and have no startup configurations.

Task 1: Configure Basic Device Settings
The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Students should perform the steps in this task individually.

In Part 1 of this lab, you set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.

Part 2: Configure Secure Router Administrative Access (Chapters 2 and 3)
You will use the CLI to configure passwords and device access restrictions.

Task 1: Configure Settings for R1-S0000 and R3

Task 2: Configure the SSH Server on R1-S0000 and R3

Task 3: Secure against Login Attacks and Secure the IOS and Configuration File on R1 (Optional)

Task 4: Configure a Synchronized Time Source Using NTP
R2-S0000 will be the master NTP clock source for R1-S0000 and R3.
Optional: Task 5: Configure Syslog Support on R3-S0000 and PC-C

Part 4: Configure a Zone-Based Policy Firewall and Intrusion Prevention System (Chapters 4 and 5)
In Part 4, you will configure a ZPF and IPS on R3-S0000 using the CLI.

Task 1: Configure a ZPF on R3-S0000 using the CLI

Task 2: Configure IPS on R3-S0000 using the CLI.

Part 5: Secure Network Switches (Chapter 6)
Note: Not all security features in this part of the lab will be configured on all switches. However, in a production network all security features would be configured on all switches.

Part 6: Configure ASA Basic Settings and Firewall (Chapter 9) (Optional)
Task 1: Prepare the ASA for ASDM Access

Task 2: Configure Basic ASA Settings Using the ASDM Startup Wizard (Optional)
Task 3: Configuring ASA Settings from the ASDM Configuration Menu
Task 4: Modify the Default Modular Policy Framework using ASDM.

Part 7: Configuring a DMZ, Static NAT, and ACLs (Chapter 10) (Optional)
In Part 6 of this lab, you configured address translation using PAT for the inside network using ASDM. In this part, you will use ASDM to configure the DMZ, Static NAT, and ACLs on the ASA.

To accommodate the addition of a DMZ and a web server, you will use another address from the ISP range assigned (209.165.200.224/29). R1-S0000 G0/0 and the ASA outside interface already use 209.165.200.225 and
.226. You will use public address 209.165.200.227 and static NAT to provide address translation access to the server.

Part 8: Configure ASA Clientless SSL VPN Remote Access (Chapter 10)
In Part 8 of this lab, you will use ASDM's Clientless SSL VPN wizard to configure the ASA to support clientless SSL VPN remote access. You will verify your configuration by using a browser from PC-C.

Part 9: Configure a Site-to-Site IPsec VPN between R3-S0000 and the ASA. (Chapters 8 & 10)

In Part 9 of this lab, you will use the CLI to configure an IPsec VPN tunnel on R3-S0000 and use ASDM's Site-to-Site Wizard to configure the other side of the IPsec tunnel on the ASA.

Task 1: Configure the Site -to-Site IPsec VPN Tunnel on R3

Task 2: Configure Site -to-Site VPN on ASA using ASDM

Task 3: Test the Site -to-Site IPsec VPN Connection between the ASA and R3

Attachment:- Assignment.rar

Verified Expert

In the given assignment ASA firewall is usedd and to run that firewall ASDM version 7.8 is used.also in the given assignment configuration of router switch and asa device are required. Static routing is used to configure routing operation. Secure communications channel has been created between R3 and ASA for the communication.

Reference no: EM132010107

Questions Cloud

Create barriers to opportunity and participation in daily : Even for English as a second language speakers, can language comprehension create barriers to opportunity and participation in daily life?
Create barriers to opportunity and participation in daily : Even for English as a second language speakers, can language comprehension create barriers to opportunity and participation in daily life?
The culture of the urban school as a teacher : Explore the problems and opportunities for impacting the culture of the urban school as a teacher.
Persecution of a social group : Are there contemporary examples of institutionalized prejudice and discrimination that can lead to the persecution of a social group?
Configure the basic device settings : IT NE 2005 - Securing Company Network - Victorian institute of technology - The desktop system assigned to you serves as an end-user terminal.
What are the total assets of the company : Please select a publicly traded company, and Obtain the 10K report of the company for the immediate past year. What are the total assets of the company
Explain the issue of robotics from a conflict theory : Explain the issue of robotics from a conflict theory perspective. Do they have a negative or positive impact on our society, provide an example.
What are some examples of structural racism : What are some examples of structural racism? Explain why it is structural racism?
How has it changed the manner in which relationship work : Briefly summarize the main points made in the resource list for this discussion. Focus particularly on the works of Turkle (video), Broadbent (video).

Reviews

urv2010107

10/10/2018 9:40:25 PM

I got the solution one day prior to the submission date. The assignment was very large and complex but still, the expert has completed it within the given deadline and all the points and specifications were covered. I was quite worried about my grades the moment I saw the assignment but now I am quite satisfied that I got it done from you. Thanks.

urv2010107

10/10/2018 9:36:51 PM

I want full-screen screenshots and not the cropped ones with student id 39382 in them. In topology, routers, switches, and pc should have student id 39382 written on them. For the screenshots which are part of an assignment, I want full window screenshots and not cropped ones and every device should have student id 39382 written in them which is part of requirements. make sure that screenshots are proper. Use packet tracer and make it tomorrow evening. Use whatever software but I need full window screenshots.

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd