0% found this document useful (0 votes)

44 views

Practical 6

Uploaded by

riyevas163

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

44 views

Practical 6

Uploaded by

riyevas163

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 13

Shaikh Mumsad Ahmed Security in Computing IT21066

Practical 6
Configuring a Zone-Based Policy Firewall (ZPF)

Topology
Shaikh Mumsad Ahmed Security in Computing IT21066
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 1 Configuration
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#
R1(config)#interface GigabitEthernet0/1
R1(config-if)#no ip address
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#ex

Configure Rip on Router 1

R1(config)#router rip
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.1.1.0
R1(config-router)#ex
R1(config)#
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 2 configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0/0/0
Router(config-if)#no ip address
Router(config-if)#ip address 10.1.1.2 255.0.0.0
Router(config-if)#ip address 10.1.1.2 255.0.0.0
Router(config-if)#ip address 10.1.1.2 255.255.255.252
Router(config-if)#ip address 10.1.1.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#end
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface Serial0/0/1
R2(config-if)#ip address 10.2.2.2 255.255.255.252
R2(config-if)#ip address 10.2.2.2 255.255.255.252
R2(config-if)#no shutdown
Configure Rip on Router 2
R2(config-if)#ex
R2(config)#router rip
R2(config-router)#network 10.1.1.0
R2(config-router)#network 10.2.2.0
R2(config-router)#ex
R2(config)#
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 3 configuration
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#
R3(config)#
R3(config)#
R3(config)#interface GigabitEthernet0/1
R3(config-if)#no ip address
R3(config-if)#ip address 192.168.3.1 255.255.255.0
R3(config-if)#ip address 192.168.3.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface Serial0/0/0
R3(config-if)#
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#ip address 10.2.2.1 255.0.0.0
R3(config-if)#ip address 10.2.2.1 255.0.0.0
R3(config-if)#ip address 10.2.2.1 255.255.255.252
R3(config-if)#ip address 10.2.2.1 255.255.255.252
R3(config-if)#no shutdown
Rip configuration on Router 3
R3(config-if)#ex
R3(config)#router rip
Shaikh Mumsad Ahmed Security in Computing IT21066

R3(config-router)#network 192.168.3.0
R3(config-router)#network 10.2.2.0
R3(config-router)#ex
R3(config)#

Configure SSH On Router 2

R2(config)#ip domain-name securityincomputing.com
R2(config)#username admin secret pwd
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config-line)#crypto key zeroize rsa
% No Signature RSA Keys found in configuration.

R2(config)#crypto key generate rsa

The name for the keys will be: R2.securityincomputing.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

R2(config)#ip ssh authentication-retries 2

*Mar 1 0:20:53.121: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#ip ssh version 2
R2(config)#^Z
R2#
Shaikh Mumsad Ahmed Security in Computing IT21066

Verify Basic Network Connectivity

Step 1: Check connectivity from PCA to PCC
Shaikh Mumsad Ahmed Security in Computing IT21066

Step 2: Access R2 using SSH.

PCC>ssh –l admin 10.2.2.2
Password:pwd
R2>exit

Step 3: From PC-C, open a web browser to the PC-A server.

Desktop -> Web Browser
Shaikh Mumsad Ahmed Security in Computing IT21066

URL: http://192.168.1.3
(Successful)

Create the Firewall Zones on R3

Enable the Security Technology package on R3

R2>
R2>en
R2#show version

Technology Package License Information for Module:'c1900'

----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None

Configuration register is 0x2102

R2#

R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#license boot module c1900 technology-package securityk9

ACCEPT? [yes/no]: yes

% use 'write' command to make license boot config take effect on next boot

R3(config)#: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module

name = C1900 Next reboot level = securityk9 and License = securityk9
Shaikh Mumsad Ahmed Security in Computing IT21066

R3(config)#ex
R3#
%SYS-5-CONFIG_I: Configured from console by console

R3#reload
System configuration has been modified. Save? [yes/no]:yes
Building configuration...
[OK]
Proceed with reload? [confirm]

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1524KW47-

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

Create a Firewall zones,class Map and ACL on Router 3

R3>
R3>enable
R3#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#zone security IN-ZONE
R3(config-sec-zone)#exit
R3(config)#zone security OUT-ZONE
R3(config-sec-zone)#exit
R3(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 any
R3(config)#class-map type inspect match-all IN-NET-CLASS-MAP
R3(config-cmap)#match access-group 101
R3(config-cmap)#exit
R3(config)#policy-map type inspect IN-2-OUT-PMAP
R3(config-pmap)#class type inspect IN-NET-CLASS-MAP
R3(config-pmap-c)#inspect
Shaikh Mumsad Ahmed Security in Computing IT21066

%No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All

protocols will be inspected
R3(config-pmap-c)#exit
R3(config-pmap)#exit
R3(config)#zone-pair security IN-2-OUT-ZPAIR source IN-ZONE destination OUT-ZONE
R3(config-sec-zone-pair)#service-policy type inspect IN-2-OUT-PMAP
R3(config-sec-zone-pair)#exit
R3(config)#interface GigabitEthernet0/0
R3(config)#interface GigabitEthernet0/0
R3(config-if)#zone-member security IN-ZONE
R3(config-if)#ex
R3(config)#interface serial0/0/0
R3(config-if)#zone-member security OUT-ZONE
R3(config-if)#exit
R3(config)#
R3(config)#
R3(config)#exit
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Test FireWall Functionality From IN-ZONE to OUT-ZONE

Shaikh Mumsad Ahmed Security in Computing IT21066
Shaikh Mumsad Ahmed Security in Computing IT21066

2019FS026 Communicate With FusionSolar Through An openAPI Account
No ratings yet
2019FS026 Communicate With FusionSolar Through An openAPI Account
13 pages
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
SIC practical print
No ratings yet
SIC practical print
61 pages
Practical Walk Through
No ratings yet
Practical Walk Through
9 pages
SIC Practical5 by STUD - Talks
No ratings yet
SIC Practical5 by STUD - Talks
7 pages
Practical 8
No ratings yet
Practical 8
8 pages
routing and ..
No ratings yet
routing and ..
36 pages
Practice SBA w90
No ratings yet
Practice SBA w90
6 pages
Lab 3
No ratings yet
Lab 3
8 pages
5 - Basic Config
No ratings yet
5 - Basic Config
40 pages
Configuration Cisco Router CCNA Introduction To Networks V7.02
No ratings yet
Configuration Cisco Router CCNA Introduction To Networks V7.02
6 pages
Basic Router Configuration
No ratings yet
Basic Router Configuration
29 pages
Configuring ASA-5506X, Final
No ratings yet
Configuring ASA-5506X, Final
26 pages
Basic Cisco IOS Commands
No ratings yet
Basic Cisco IOS Commands
20 pages
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls-ALDO PUGLIESE
No ratings yet
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls-ALDO PUGLIESE
21 pages
CCNA Descovery 2 Lacture 1&2
No ratings yet
CCNA Descovery 2 Lacture 1&2
5 pages
5-Basic config
No ratings yet
5-Basic config
40 pages
COMANDOS Cisco
No ratings yet
COMANDOS Cisco
9 pages
SIC Manual
No ratings yet
SIC Manual
22 pages
Vlan
No ratings yet
Vlan
5 pages
SIC Final Prac Manual
No ratings yet
SIC Final Prac Manual
60 pages
CN_LAB_Assignment1
No ratings yet
CN_LAB_Assignment1
61 pages
Sic Practical
No ratings yet
Sic Practical
49 pages
CN Lab 7-10
No ratings yet
CN Lab 7-10
22 pages
Basic Configuration
No ratings yet
Basic Configuration
29 pages
Apuntes CCNA Security
No ratings yet
Apuntes CCNA Security
7 pages
Configuring CBAC and Zone-Base Firewalls
No ratings yet
Configuring CBAC and Zone-Base Firewalls
33 pages
Cisco Network Academy Ccna 1 Introduction To Networks: Ipv4 Addressing
No ratings yet
Cisco Network Academy Ccna 1 Introduction To Networks: Ipv4 Addressing
12 pages
Ccna Ios Commands
No ratings yet
Ccna Ios Commands
17 pages
Configuracion SSH en Gns3
No ratings yet
Configuracion SSH en Gns3
8 pages
CCNA Khaled Marzouk
No ratings yet
CCNA Khaled Marzouk
54 pages
Router
No ratings yet
Router
3 pages
SIC Practical4 by STUD - Talks
No ratings yet
SIC Practical4 by STUD - Talks
13 pages
14.3.5 Packet Tracer - Basic Router Configuration Review
No ratings yet
14.3.5 Packet Tracer - Basic Router Configuration Review
10 pages
Using The Commands On The Router: Show Version Show Ip Interface Brief (Or Show Interface)
No ratings yet
Using The Commands On The Router: Show Version Show Ip Interface Brief (Or Show Interface)
8 pages
Comandos de Clase
No ratings yet
Comandos de Clase
10 pages
Cisco Router Switch Security Hardening
No ratings yet
Cisco Router Switch Security Hardening
9 pages
SIC Practical 5
No ratings yet
SIC Practical 5
8 pages
CCNA Security Lab Manual by Yasir Imran
100% (4)
CCNA Security Lab Manual by Yasir Imran
178 pages
1 - How To Install Tacacs
No ratings yet
1 - How To Install Tacacs
11 pages
Data Com Test
No ratings yet
Data Com Test
11 pages
KN-2310_stable_4.00.C.7.0-0_router_startup-config
No ratings yet
KN-2310_stable_4.00.C.7.0-0_router_startup-config
7 pages
7.9.3.2.13 Lab - Configuring and Verifying Extended ACLs
No ratings yet
7.9.3.2.13 Lab - Configuring and Verifying Extended ACLs
9 pages
Configure Admistrative Roles
No ratings yet
Configure Admistrative Roles
20 pages
Cisco Command Summary: Cisco Router Configuration Commands
No ratings yet
Cisco Command Summary: Cisco Router Configuration Commands
13 pages
Cisco Commands - 2016-05-19
No ratings yet
Cisco Commands - 2016-05-19
26 pages
KN-1611 Stable 3.08.C.2.0-0 Router Startup-Config
No ratings yet
KN-1611 Stable 3.08.C.2.0-0 Router Startup-Config
6 pages
ITNB02 11.2.4.6 Securing Network Devices
No ratings yet
ITNB02 11.2.4.6 Securing Network Devices
8 pages
CCNA Commands
No ratings yet
CCNA Commands
16 pages
PT Script
No ratings yet
PT Script
5 pages
14-Module-3 Notes-14-03-2024
No ratings yet
14-Module-3 Notes-14-03-2024
32 pages
CCNA (1)
No ratings yet
CCNA (1)
5 pages
Lab - Configure Basic Router Settings Topology: Addressing Table
No ratings yet
Lab - Configure Basic Router Settings Topology: Addressing Table
14 pages
Comandos Packet Treacer de Cisco
No ratings yet
Comandos Packet Treacer de Cisco
3 pages
PT 5.2.3.6
No ratings yet
PT 5.2.3.6
4 pages
Lab 1.6.2
No ratings yet
Lab 1.6.2
22 pages
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
From Everand
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
Mulayam Singh
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Network with Practical: ALL PACKET TRACER LABS
From Everand
Network with Practical: ALL PACKET TRACER LABS
MULAYAM SINGH
No ratings yet
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
From Everand
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
Steve Brown
No ratings yet
AE461 ARM SYSTEM ARCHITECTURE (Careeryuga) PDF
No ratings yet
AE461 ARM SYSTEM ARCHITECTURE (Careeryuga) PDF
2 pages
Elmeasure Gateway Catalog
No ratings yet
Elmeasure Gateway Catalog
2 pages
HLHJ
No ratings yet
HLHJ
2 pages
MNC6ConstructionManualRev1
No ratings yet
MNC6ConstructionManualRev1
20 pages
IBM HTTP Server Questions and Answers
No ratings yet
IBM HTTP Server Questions and Answers
48 pages
Lecture 1-Introduction To Inheritance in C++
No ratings yet
Lecture 1-Introduction To Inheritance in C++
24 pages
Assignment of Fundamental of Computer (Vicky)
90% (10)
Assignment of Fundamental of Computer (Vicky)
16 pages
9 Thevenin & Norton Circuits
No ratings yet
9 Thevenin & Norton Circuits
11 pages
Ñ Î Íø - Gigabyte GA-P67A-UD3R-B3 r1.1
No ratings yet
Ñ Î Íø - Gigabyte GA-P67A-UD3R-B3 r1.1
38 pages
Book Automation Software
No ratings yet
Book Automation Software
8 pages
Chapter 6 - Pointers
No ratings yet
Chapter 6 - Pointers
17 pages
Course: Electronic Circuit Design Lab No: 08 Title: Characterization of The MOS Transistor CID: - Date
No ratings yet
Course: Electronic Circuit Design Lab No: 08 Title: Characterization of The MOS Transistor CID: - Date
6 pages
W3af - A Framework To Own The Web
No ratings yet
W3af - A Framework To Own The Web
28 pages
MH-C9000 Manual Rev1
No ratings yet
MH-C9000 Manual Rev1
4 pages
C# Keywords and Definitions With Examples
50% (2)
C# Keywords and Definitions With Examples
130 pages
Multiphase PWM Regulator For Amd Fusion™ Mobile Cpus Using Svi 2.0
No ratings yet
Multiphase PWM Regulator For Amd Fusion™ Mobile Cpus Using Svi 2.0
37 pages
Huawei Optixstar Eg8010Hv6 Datasheet 02
No ratings yet
Huawei Optixstar Eg8010Hv6 Datasheet 02
3 pages
IBAN Maintenance and The BICplusIBAN Directory
No ratings yet
IBAN Maintenance and The BICplusIBAN Directory
2 pages
AP-500 Install Guide en
No ratings yet
AP-500 Install Guide en
15 pages
airOS UG
No ratings yet
airOS UG
148 pages
Cronos Current Interrupter User Manual - Version 10
No ratings yet
Cronos Current Interrupter User Manual - Version 10
51 pages
ABSTRACT
No ratings yet
ABSTRACT
18 pages
Download ebooks file Computing Essentials 2019 27th Edition (eBook PDF) all chapters
100% (4)
Download ebooks file Computing Essentials 2019 27th Edition (eBook PDF) all chapters
56 pages
Lab2-Gpio An
No ratings yet
Lab2-Gpio An
28 pages
Kho sách dành cho kỹ sư Điện Tử Viễn Thông
No ratings yet
Kho sách dành cho kỹ sư Điện Tử Viễn Thông
11 pages
Controlling Inrush Current in High Demanding Applications
No ratings yet
Controlling Inrush Current in High Demanding Applications
10 pages
Compaq Alphaserver Es40 Systems: Technical Summary
No ratings yet
Compaq Alphaserver Es40 Systems: Technical Summary
18 pages
Measure Water Flow Rate and Volume Using Arduino
No ratings yet
Measure Water Flow Rate and Volume Using Arduino
6 pages
Verilog I: Dr. Paul D. Franzon
No ratings yet
Verilog I: Dr. Paul D. Franzon
29 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Practical 6

Uploaded by

Practical 6

Uploaded by

Shaikh Mumsad Ahmed Security in Computing IT21066

Configure Rip on Router 1

Configure SSH On Router 2

R2(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024

R2(config)#ip ssh authentication-retries 2

Verify Basic Network Connectivity

Step 2: Access R2 using SSH.

Step 3: From PC-C, open a web browser to the PC-A server.

Create the Firewall Zones on R3

Enable the Security Technology package on R3

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

ACCEPT? [yes/no]: yes

R3(config)#: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

Create a Firewall zones,class Map and ACL on Router 3

%No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All

Test FireWall Functionality From IN-ZONE to OUT-ZONE

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.