netacad cp

netacad cp from Pastebin Pastebin Netacad courses paste Netacad c programming details Netacad connexion code What is cpython netacad snippet Netacad cisco text Netacad course ui source Netacad comunidad sharing Ne
        During the past month, Always Food Available (AFA) was the talk of the town! Vacationers, with cabins in the hills on the other side of the lake, praised the expanded delivery service. No longer did people on the far side of the lake need to travel around the lake to enjoy their favorite food. The local farmers are even special ordering small items they need for work around the farm.
AFA’s employees are happy with the network and the great job your team has done to meet their software, hardware, and networking needs.  Your best friend’s sister approved an upgrade to the drone GPS system so that the deliveries can be more precise.
A new drone maintenance station is needed to keep the fleet of drones running. In order for this to happen a new remote network connection needs to be added to the HQ network.  You will be responsible for configuring the connections to the new site.   During a recent security audit you found that your network is not as secure as it could be.  Your task will be to start to secure the administration of the network as well as review other new security solutions.   You will build and test the new security solutions such as IPSEC and AAA in a lab environment.
NOTE: Exact commands will be in quotation marks to help you know when the command starts and stops.  Please do not type the quotation marks when you are instructed to type a command.
Configure the enable secret password on all production Routers and Switches = C1sc0R0cks
NOTE: Some configuration will already exist on certain devices.  Modify existing configuration as needed.
IP addresses to note:
Internal DNS:
Internal Web Server:
IP =
External DNS:
External Web Server:
IP =
·      Access network devices securely using SSH
o   Configure all production switches and routers with the following
§  Use SSHv2
§  Generate the crypto rsa key at modulus1024
§  Domain name =
§  Configure VTY line 0 to 4
·      Transport input to be ssh
·      Login should be local
§  Configure a local user for logging remotely
·      User = admin
·      Secret Password = C1sc0R0cks
·      Create a message that will display when login into all production switches and routers.
o   The message-of-the-day banner needs to say exactly the following:
·      Does it work?
o   Make sure you can SSH to each router and switch  on the AFA HQ network from the Network Admin PC.  Make sure you see the message-of-the-day.   “ssh –l  ”
·      A new Firewall has been installed at the new Warehouse.  Configure the ASA as follows.
o   Hostname = afa-remote-asa
o   Interface E0/0 = vlan 2
o   Interface E0/1 = vlan 1
o   Interface vlan 1:
§  Nameif = inside
§  Security level = 100
§  IP address =
o   Interface vlan 2:
§  Nameif = outside
§  Security level = 0
§  IP address =
o   Configure NAT (aka: PAT or NAT Overload)
§  Network object name = “nat”
§  Subnet = allow only the inside network.
§  NAT should allow host from the inside to the outside dynamically using the outside interface.
o   Routing
§  Configure a default route pointing to
o   MPF configuration.  Ensure that HTTP and DNS are inspected
§  Class map name = inspection_default
·      Class map needs to match “default-inspection-traffic”
§  Policy map name = global_policy
·      Class = inspection_default
o   Inspect HTTP and DNS
§  Service policy = “global_policy global”
o   The ASA needs to give out IP address through DHCP
§  DNS server = on the inside interface
§  Lease time = 2 hours on the inside interface
§  Domain = on the inside interface
§  Enable on the inside
§  DHCP address pool should be from .5 to .36 on the inside interface
o   Configure an access-list for return ICMP traffic
§  Access-list name = out_in
§  Permit any source and any destination
§  Limit it to icmp echo-reply
§  Apply it inbound on the outside interface
o   Does it work?
§  See if you can browse from a Maintenance PC to the web server.  (IP = or  Troubleshoot as needed if it doesn’t work.
·      Testing Security solutions in the lab
NOTE: Basic IP connectivity on the lab network devices were previously configured by a high school intern. It is recommended that you check it before starting.
NOTE:  All passwords used in the lab are “cisco12345” unless otherwise stated.
o   Configure a Lan-to-Lan tunnel between Lab Router 1 and Lab Router 2
IPSEC Lab Router 1
IPSEC Lab Router 2
Crypto ISAKMP Policy number
Crypto ISAKMP Policy: Encryption
AES 256
AES 256
Crypto ISAKMP Policy: authentication
Crypto ISAKMP Policy: group
Crypto ISAKMP Policy: Life time
Crypto ISAKMP key and address:
Key:cisco123 IP:
Key:cisco123 IP:
Crypto ipsec security-association life time in seconds
Crypto ipsec transform-set
50 esp-aes 256 esp-sha-hmac
50 esp-aes 256 esp-sha-hmac
Crypto map: name
CMAP 10 ipsec-isakmp
CMAP 10 ipsec-isakmp
Crypto map CMAP: peer
Crypto map CMAP: pfs
Group 5
Group 5
Crypto map CMAP: security association lifetime
Crypto map CMAP: transform set
Crypto map CMAP: match address
Access-list name
Access-list 101 permit source
Access-list 101 permit destination
Access-list 101 permit protocol
 Apply crypto map “CMAP” to interface
GigabitEthernet 0
GigabitEthernet 0
§  Does it work?
·      Use ping to test from IPSEC Lab Server 2 to IPSEC  Lab Server 1.  Remember, basic IP connectivity was already working.  You need to determine if the traffic is going over the encrypted tunnel or over the clear. Hint. “show crypto ipsec sa” look at the “encaps and decaps” are they going up as you send traffic? Or “show crypto isakmp sa” do you see a connection with an ACTIVE status?
o   Configure the Authentication and Accounting.
§  Configure AAA-Lab-Router1 & AAA-Lab-Switch1 to allow remote access using Telnet, authenticating the user using TACACS. HINT: Don’t lock yourself out.  Wait to save the configuration until after you verify that you can access the device remotely with AAA configured.  This way you can simply reload the router to recover the CLI access if needed.
·      Enable AAA
·      AAA authentication = Configure logins to use a default method of the group TACACS+. Also, use local login for a fall back.
·      TACACS server host and key = key cisco123 (use the command that combines the host and key on the same line)
·      Configure the VTY line 0 to 4 to use transport input for telnet and login authentication should be default.
·      Configure a local user name and encrypted password.
o   Username = localadmin
o   Encrypted Password = cisco12345
This should only be used if the TACACS server is not reachable.
§  Configure AAA-Lab-Router1 & AAA-Lab-Switch1 to use Accounting services
·      Accounting for exec sessions should have a default method for start and stop messages that uses the group tacacs+
§  Configure Lab Server1 as a TACACS server.
·      Enable the AAA service under the “Services Tab”
·      Configure the AAA server to allow both the AAA Lab Router1 and AAA Lab Switch1 to use it for authenticate. There will be two entries.
o   Client Name = Host name of AAA Lab Router1 and AAA Lab Switch1
o   Client IP = IP address of AAA Lab Router1 and AAA Lab Switch1
o   Secret = cisco123
o   ServerType = TACACS
o   Add a user:
§  Username = admin
§  Password = cisco12345
§  Configure logging on AAA-Lab-Router1 & AAA-Lab-Switch1
·      Enable logging and log to
·      Trap debug logs and userinfo
§  Configure Lab Server1 syslog server
·      Enable the syslog service under the “Services Tab”
·      Return here to see if AAA accounting is working. 
§  Does it work?
·      From the Lab Server1 see if you can telnet to AAA-Lab-Router1 & AAA-Lab-Switch1.  You should be prompted to login with a username and then a password.  Use the username and password that you set in the AAA server. (admin:cisco12345)
·      Troubleshooting
o   Users at East Lake are complaining that they can’t get to the or  Troubleshoot and fix the problem.
Submit Packet Tracer Activity                        

Submit your Packet Tracer file using the instructions found on the Netacad CP-IX Regional Round assignment.

1.     Save the Packet Tracer config file to your desktop following this naming convention.  "PT- Round2_.pka" Example: PT-Round2_09-9758.pka
2.     Complete the assignment by clicking on the "Submit Assignment" button on the right side of this page.  Then you will have the option to upload the Packet Tracer file and Submit the Assignment.
If you upload the wrong file you will get zero points for the exercise.