netacad cp from Pastebin
Netacad.com Pastebin Netacad courses paste Netacad c programming details Netacad connexion code What is cpython netacad snippet Netacad cisco text Netacad course ui source Netacad comunidad sharing Ne
During the past month, Always Food Available (AFA) was the talk of the town! Vacationers, with cabins in the hills on the other side of the lake, praised the expanded delivery service. No longer did people on the far side of the lake need to travel around the lake to enjoy their favorite food. The local farmers are even special ordering small items they need for work around the farm. AFA’s employees are happy with the network and the great job your team has done to meet their software, hardware, and networking needs. Your best friend’s sister approved an upgrade to the drone GPS system so that the deliveries can be more precise. A new drone maintenance station is needed to keep the fleet of drones running. In order for this to happen a new remote network connection needs to be added to the HQ network. You will be responsible for configuring the connections to the new site. During a recent security audit you found that your network is not as secure as it could be. Your task will be to start to secure the administration of the network as well as review other new security solutions. You will build and test the new security solutions such as IPSEC and AAA in a lab environment. Instructions SAVE YOUR PACKET TRACER FILE OFTEN. NOTE: Exact commands will be in quotation marks to help you know when the command starts and stops. Please do not type the quotation marks when you are instructed to type a command. Configure the enable secret password on all production Routers and Switches = C1sc0R0cks NOTE: Some configuration will already exist on certain devices. Modify existing configuration as needed. IP addresses to note: Internal DNS: 192.168.50.2 Internal Web Server: IP = 192.168.50.2 URL = www.afainternal.com External DNS: 18.104.22.168 External Web Server: IP = 22.214.171.124 URL = www-afa.com Configuration · Access network devices securely using SSH o Configure all production switches and routers with the following § Use SSHv2 § Generate the crypto rsa key at modulus1024 § Domain name = afa.com § Configure VTY line 0 to 4 · Transport input to be ssh · Login should be local § Configure a local user for logging remotely · User = admin · Secret Password = C1sc0R0cks · Create a message that will display when login into all production switches and routers. o The message-of-the-day banner needs to say exactly the following: § “ KEEP OUT ----- AUTHORIZED USERS ONLY “ · Does it work? o Make sure you can SSH to each router and switch on the AFA HQ network from the Network Admin PC. Make sure you see the message-of-the-day. “ssh –l
” · A new Firewall has been installed at the new Warehouse. Configure the ASA as follows. o Hostname = afa-remote-asa o Interface E0/0 = vlan 2 o Interface E0/1 = vlan 1 o Interface vlan 1: § Nameif = inside § Security level = 100 § IP address = 192.168.1.1/24 o Interface vlan 2: § Nameif = outside § Security level = 0 § IP address = 126.96.36.199/24 o Configure NAT (aka: PAT or NAT Overload) § Network object name = “nat” § Subnet = allow only the inside network. § NAT should allow host from the inside to the outside dynamically using the outside interface. o Routing § Configure a default route pointing to 188.8.131.52 o MPF configuration. Ensure that HTTP and DNS are inspected § Class map name = inspection_default · Class map needs to match “default-inspection-traffic” § Policy map name = global_policy · Class = inspection_default o Inspect HTTP and DNS § Service policy = “global_policy global” o The ASA needs to give out IP address through DHCP § DNS server = 184.108.40.206 on the inside interface § Lease time = 2 hours on the inside interface § Domain = afa.com on the inside interface § Enable on the inside § DHCP address pool should be from .5 to .36 on the inside interface o Configure an access-list for return ICMP traffic § Access-list name = out_in § Permit any source and any destination § Limit it to icmp echo-reply § Apply it inbound on the outside interface o Does it work? § See if you can browse from a Maintenance PC to the web server. (IP = 220.127.116.11 or www.afa.com) Troubleshoot as needed if it doesn’t work. · Testing Security solutions in the lab NOTE: Basic IP connectivity on the lab network devices were previously configured by a high school intern. It is recommended that you check it before starting. NOTE: All passwords used in the lab are “cisco12345” unless otherwise stated. o Configure a Lan-to-Lan tunnel between Lab Router 1 and Lab Router 2 IPSEC Lab Router 1 IPSEC Lab Router 2 Crypto ISAKMP Policy number 10 10 Crypto ISAKMP Policy: Encryption AES 256 AES 256 Crypto ISAKMP Policy: authentication Pre-share Pre-share Crypto ISAKMP Policy: group 5 5 Crypto ISAKMP Policy: Life time 3600 3600 Crypto ISAKMP key and address: Key:cisco123 IP:18.104.22.168 Key:cisco123 IP:10.1.1.253 Crypto ipsec security-association life time in seconds 1800 1800 Crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac 50 esp-aes 256 esp-sha-hmac Crypto map: name CMAP 10 ipsec-isakmp CMAP 10 ipsec-isakmp Crypto map CMAP: peer 22.214.171.124 10.1.1.253 Crypto map CMAP: pfs Group 5 Group 5 Crypto map CMAP: security association lifetime 900 900 Crypto map CMAP: transform set 50 50 Crypto map CMAP: match address 101 101 Access-list name 101 101 Access-list 101 permit source 192.168.1.0 0.0.0.255 126.96.36.199 0.0.0.255 Access-list 101 permit destination 188.8.131.52 0.0.0.255 192.168.1.0 0.0.0.255 Access-list 101 permit protocol IP IP Apply crypto map “CMAP” to interface GigabitEthernet 0 GigabitEthernet 0 § Does it work? · Use ping to test from IPSEC Lab Server 2 to IPSEC Lab Server 1. Remember, basic IP connectivity was already working. You need to determine if the traffic is going over the encrypted tunnel or over the clear. Hint. “show crypto ipsec sa” look at the “encaps and decaps” are they going up as you send traffic? Or “show crypto isakmp sa” do you see a connection with an ACTIVE status? o Configure the Authentication and Accounting. § Configure AAA-Lab-Router1 & AAA-Lab-Switch1 to allow remote access using Telnet, authenticating the user using TACACS. HINT: Don’t lock yourself out. Wait to save the configuration until after you verify that you can access the device remotely with AAA configured. This way you can simply reload the router to recover the CLI access if needed. · Enable AAA · AAA authentication = Configure logins to use a default method of the group TACACS+. Also, use local login for a fall back. · TACACS server host and key = 184.108.40.206 key cisco123 (use the command that combines the host and key on the same line) · Configure the VTY line 0 to 4 to use transport input for telnet and login authentication should be default. · Configure a local user name and encrypted password. o Username = localadmin o Encrypted Password = cisco12345 This should only be used if the TACACS server is not reachable. § Configure AAA-Lab-Router1 & AAA-Lab-Switch1 to use Accounting services · Accounting for exec sessions should have a default method for start and stop messages that uses the group tacacs+ § Configure Lab Server1 as a TACACS server. · Enable the AAA service under the “Services Tab” · Configure the AAA server to allow both the AAA Lab Router1 and AAA Lab Switch1 to use it for authenticate. There will be two entries. o Client Name = Host name of AAA Lab Router1 and AAA Lab Switch1 o Client IP = IP address of AAA Lab Router1 and AAA Lab Switch1 o Secret = cisco123 o ServerType = TACACS o Add a user: § Username = admin § Password = cisco12345 § Configure logging on AAA-Lab-Router1 & AAA-Lab-Switch1 · Enable logging and log to 220.127.116.11. · Trap debug logs and userinfo § Configure Lab Server1 syslog server · Enable the syslog service under the “Services Tab” · Return here to see if AAA accounting is working. § Does it work? · From the Lab Server1 see if you can telnet to AAA-Lab-Router1 & AAA-Lab-Switch1. You should be prompted to login with a username and then a password. Use the username and password that you set in the AAA server. (admin:cisco12345) · Troubleshooting o Users at East Lake are complaining that they can’t get to the www.afa.com or www.afainternal.com. Troubleshoot and fix the problem. Submit Packet Tracer Activity Submit your Packet Tracer file using the instructions found on the Netacad CP-IX Regional Round assignment. 1. Save the Packet Tracer config file to your desktop following this naming convention. "PT- Round2_ .pka" Example: PT-Round2_09-9758.pka 2. Complete the assignment by clicking on the "Submit Assignment" button on the right side of this page. Then you will have the option to upload the Packet Tracer file and Submit the Assignment. If you upload the wrong file you will get zero points for the exercise.