User Account

All Pages

Configure the basic device settings

Assignment Help Computer Networking
Reference no: EM132010107

Securing Company Network - Network Topology

1926_Network topology.jpg

Note: ISR G1 devices have Fast Ethernet interfaces instead of Gigabit Ethernet Interfaces.

In this lab, you will perform the following tasks: Part 2: Configure Basic Device Settings
Part 3: Configure Secure Router Administrative Access

- Configure encrypted passwords and a login banner.

- Configure the EXEC timeout value on console and VTY lines.

- Configure login failure rates and VTY login enhancements.

- Configure Secure Shell (SSH) access and disable Telnet.

- Configure local authentication, authorization, and accounting (AAA) user authentication.

- Secure the router against login attacks, and secure the IOS image and the configuration file.

- Configure a router NTP server and router NTP clients.

- Configure router syslog reporting and a syslog server on a local host.

Part 4: Configure a Zone-Based Policy Firewall and Intrusion Prevention System

- Configure a Zone-Based Policy Firewall (ZPF) on an ISR using the CLI.

- Configure an intrusion prevention system (IPS) on an ISR using the CLI.

Part 5: Secure Network Switches

- Configure passwords and a login banner.

- Configure management VLAN access.

- Secure access ports.

- Protect against Spanning Tree Protocol (STP) attacks.

- Configure port security and disable unused ports.

Part 6: Configure ASA Basic Settings and Firewall

- Configure basic settings, passwords, date, and time.

- Configure the inside and outside VLAN interfaces.

- Configure port address translation (PAT) for the inside network.

- Configure a Dynamic Host Configuration Protocol (DHCP) server for the inside network.

- Configure administrative access via Telnet and SSH.

- Configure a static default route for the Adaptive Security Appliance (ASA).

- Configure Local AAA user authentication.

- Configure a DMZ with a static NAT and ACL.

- Verify address translation and firewall functionality.

Part 7 Configure a DMZ, Static NAT, and ACLs on an ASA

Part 8: Configure ASA Clientless SSL VPN Remote Access Using ASDM

- Configure a remote access SSL VPN using the Cisco Adaptive Security Device Manager (ASDM).

- Verify SSL VPN access to the portal.

Part 9: Configure a Site-to-Site VPN between the ASA and ISR

- Configure an IPsec site-to-site VPN between the ASA and R3-S0000 using ASDM and the CLI.

- Activate and verify the IPsec site-to-site VPN tunnel between the ASA and R3.

BACKGROUND

This comprehensive pratical is divided into parts. The parts should be completed sequentially. In Part 1, you will configure the basic device settings. In Part 2, you will secure a network router using the command-line interface (CLI) to configure IOS features, including AAA and SSH. In Part 3, you will configure a ZPF and IPS on an ISR. In Part 4, you will configure a network switch using the CLI. In Parts 6 and 7, you will configure the ASA firewall functionality and clientless SSL VPN remote access. In Part 8, you will configure a site-to-site VPN between the ASA and R3.

Note: The router commands and output in this lab are from a Cisco 1941 with Cisco IOS Release 15.4(3)M2 (UniversalK9-M). Other routers and Cisco IOS versions can be used. See the Router Interface Summary Table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab. Depending on the router model and Cisco IOS version, the commands available and output produced might vary from what is shown in this lab.

The ASA used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version 9.2(3) and the Adaptive Security Device Manager (ASDM) version 7.4(1) and comes with a Base license that allows a maximum of three VLANs.

Note: Before beginning, ensure that the routers and switches have been erased and have no startup configurations.

Task 1: Configure Basic Device Settings
The desktop system assigned to you serves as an end-user terminal. You access and manage the lab environment from the student desktop system using GNS3 Software.

Students should perform the steps in this task individually.

In Part 1 of this lab, you set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.

Part 2: Configure Secure Router Administrative Access (Chapters 2 and 3)
You will use the CLI to configure passwords and device access restrictions.

Task 1: Configure Settings for R1-S0000 and R3

Task 2: Configure the SSH Server on R1-S0000 and R3

Task 3: Secure against Login Attacks and Secure the IOS and Configuration File on R1 (Optional)

Task 4: Configure a Synchronized Time Source Using NTP
R2-S0000 will be the master NTP clock source for R1-S0000 and R3.
Optional: Task 5: Configure Syslog Support on R3-S0000 and PC-C

Part 4: Configure a Zone-Based Policy Firewall and Intrusion Prevention System (Chapters 4 and 5)
In Part 4, you will configure a ZPF and IPS on R3-S0000 using the CLI.

Task 1: Configure a ZPF on R3-S0000 using the CLI

Task 2: Configure IPS on R3-S0000 using the CLI.

Part 5: Secure Network Switches (Chapter 6)
Note: Not all security features in this part of the lab will be configured on all switches. However, in a production network all security features would be configured on all switches.

Part 6: Configure ASA Basic Settings and Firewall (Chapter 9) (Optional)
Task 1: Prepare the ASA for ASDM Access

Task 2: Configure Basic ASA Settings Using the ASDM Startup Wizard (Optional)
Task 3: Configuring ASA Settings from the ASDM Configuration Menu
Task 4: Modify the Default Modular Policy Framework using ASDM.

Part 7: Configuring a DMZ, Static NAT, and ACLs (Chapter 10) (Optional)
In Part 6 of this lab, you configured address translation using PAT for the inside network using ASDM. In this part, you will use ASDM to configure the DMZ, Static NAT, and ACLs on the ASA.

To accommodate the addition of a DMZ and a web server, you will use another address from the ISP range assigned (209.165.200.224/29). R1-S0000 G0/0 and the ASA outside interface already use 209.165.200.225 and
.226. You will use public address 209.165.200.227 and static NAT to provide address translation access to the server.

Part 8: Configure ASA Clientless SSL VPN Remote Access (Chapter 10)
In Part 8 of this lab, you will use ASDM's Clientless SSL VPN wizard to configure the ASA to support clientless SSL VPN remote access. You will verify your configuration by using a browser from PC-C.

Part 9: Configure a Site-to-Site IPsec VPN between R3-S0000 and the ASA. (Chapters 8 & 10)

In Part 9 of this lab, you will use the CLI to configure an IPsec VPN tunnel on R3-S0000 and use ASDM's Site-to-Site Wizard to configure the other side of the IPsec tunnel on the ASA.

Task 1: Configure the Site -to-Site IPsec VPN Tunnel on R3

Task 2: Configure Site -to-Site VPN on ASA using ASDM

Task 3: Test the Site -to-Site IPsec VPN Connection between the ASA and R3

Attachment:- Assignment.rar

Verified Expert

In the given assignment ASA firewall is usedd and to run that firewall ASDM version 7.8 is used.also in the given assignment configuration of router switch and asa device are required. Static routing is used to configure routing operation. Secure communications channel has been created between R3 and ASA for the communication.

Reference no: EM132010107

Questions Cloud

Create barriers to opportunity and participation in daily : Even for English as a second language speakers, can language comprehension create barriers to opportunity and participation in daily life?
Create barriers to opportunity and participation in daily : Even for English as a second language speakers, can language comprehension create barriers to opportunity and participation in daily life?
The culture of the urban school as a teacher : Explore the problems and opportunities for impacting the culture of the urban school as a teacher.
Persecution of a social group : Are there contemporary examples of institutionalized prejudice and discrimination that can lead to the persecution of a social group?
Configure the basic device settings : IT NE 2005 - Securing Company Network - Victorian institute of technology - The desktop system assigned to you serves as an end-user terminal.
What are the total assets of the company : Please select a publicly traded company, and Obtain the 10K report of the company for the immediate past year. What are the total assets of the company
Explain the issue of robotics from a conflict theory : Explain the issue of robotics from a conflict theory perspective. Do they have a negative or positive impact on our society, provide an example.
What are some examples of structural racism : What are some examples of structural racism? Explain why it is structural racism?
How has it changed the manner in which relationship work : Briefly summarize the main points made in the resource list for this discussion. Focus particularly on the works of Turkle (video), Broadbent (video).

Reviews

urv2010107

10/10/2018 9:40:25 PM

I got the solution one day prior to the submission date. The assignment was very large and complex but still, the expert has completed it within the given deadline and all the points and specifications were covered. I was quite worried about my grades the moment I saw the assignment but now I am quite satisfied that I got it done from you. Thanks.

urv2010107

10/10/2018 9:36:51 PM

I want full-screen screenshots and not the cropped ones with student id 39382 in them. In topology, routers, switches, and pc should have student id 39382 written on them. For the screenshots which are part of an assignment, I want full window screenshots and not cropped ones and every device should have student id 39382 written in them which is part of requirements. make sure that screenshots are proper. Use packet tracer and make it tomorrow evening. Use whatever software but I need full window screenshots.

Write a Review

Computer Networking Questions & Answers

  What is the protocol overhead stated as a percentage

What is the protocol overhead (stated as a percentage)? Perform the same calculation, this time assuming both clients are using IPv6.

  What routes are present in the routing table of hq router

What routes are present in the routing table of the HQ router? What networks are present in the routing table of the ISP router? What networks, including the metric, are present in the RIP updates sent from the HQ router?

  A company with headquarters at 1 talavera rd north ryde

a company with headquarters at 1 talavera rd north ryde wishes to obtain internet access. they require unlimited data

  Explain why ftp does not have a message format

Why should there be limitations on anonymous FTP? What could an unscrupulous user do? Explain why FTP does not have a message format.

  Explain the network design executive powerpoint presentation

the Network Design Executive PowerPoint Presentation- You are a small network design company called Wide-IP that is looking for that big break. As the CTO of the Wide-IP company, you recently made a persuasive presentation of your company's approa..

  Compare four gui features of the chosen tool with wireshark

Students need to download, install, use and compare another free network performance. Compare at least four GUI features of the chosen tool with Wireshark.

  Based on the following background information and project

based on the following background information and project requirements complete a project making use of opnetbackground

  Prepare a business cover letter

Prepare a business cover letter to the school district superintendent - An introductory paragraph that states the purpose of the letter.

  Explain how is data transmitted across from his local

data transmission can occur by way of analog signal or digital signal.bullin your own words discuss digital data signal

  Explain four different kinds of wireless technologies

Explain four different kinds of wireless technologies in a 350- to 700-word paper in APA format. Explain the characteristics and properties of each signal type, and how each can be utilized.

  List at least five capabilities and give a short description

Network Management solution offer many capabilities. List at least 5 capabilities and give a short description for each.

  Which media type should you use to wire the network and why

Discuss how network standards such as the OSI help to ensure interoperability? Which media type should you use to wire the network and why?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd