CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio / Edition 1
  • Alternative view 1 of CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio / Edition 1
  • Alternative view 2 of CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio / Edition 1

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio / Edition 1

by David Kotfila, Joshua Moorhouse, Ross Wolfson
     
 

ISBN-10: 158713215X

ISBN-13: 9781587132155

Pub. Date: 04/11/2008

Publisher: Cisco Press

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio

David Kotfila • Joshua Moorhouse • Ross G. Wolfson, CCIE® No. 16696

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio provides you with opportunities for hands-on practice to secure and expand the

…  See more details below

Overview

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio

David Kotfila • Joshua Moorhouse • Ross G. Wolfson, CCIE® No. 16696

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio provides you with opportunities for hands-on practice to secure and expand the reach of an enterprise-class network to teleworkers and branch sites.

The labs reinforce your understanding of how to secure and expand the reach of an enterprise network with a focus on VPN configuration and securing network access to remote sites. The book’s primary focus includes teleworker configuration and access, Frame Mode MPLS, site-to-site IPsec VPN, Cisco® EZVPN, strategies used to mitigate network attacks, Cisco device hardening, and Cisco IOS® firewall features.

Those preparing for the Implementing Secured Converged Wide-Area Networks (ISCW 642-825) certification exam should work through this book cover to cover. If you need to quickly review configuration examples, you can go directly to the relevant chapter.

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio includes

  • 27 Labs built to support v5 of the Implementing Secured Converged Wide-Area Networks course within the Cisco Networking Academy® curriculum providing ample opportunity for practice.
  • 2 Challenge and Troubleshooting Labs added to the core curriculum labs to test your mastery of the topics.
  • 2 Case Studies to give you a taste of what is involved in a fully functioning network covering all the technologies taught in this course. Even if you do not have the actualequipment to configure these more complex topologies, it is worth reading through these labs to expand your thinking into more complex networking solutions.

David Kotfila, CCNP®, CCAI, is the director of the Cisco Networking Academy at Rensselaer Polytechnic Institute (RPI), Troy, New York.

Joshua Moorhouse, CCNP, recently graduated from Rensselaer Polytechnic Institute with a bachelor of science degree in computer science, where he also worked as a teaching assistant in the Cisco Networking Academy. He currently works as a network engineer at Factset Research Systems.

Ross Wolfson, CCIE® No. 16696, recently graduated from Rensselaer Polytechnic Institute with a bachelor of science degree in computer science. He currently works as a network engineer at Factset Research Systems.

Use this Lab Portfolio with:

CCNP ISCW Official Exam Certification Guide

This book is part of the Cisco Networking Academy Series from Cisco Press®. Books in this series support and complement the Cisco Networking Academy curriculum.

 

Read More

Product Details

ISBN-13:
9781587132155
Publisher:
Cisco Press
Publication date:
04/11/2008
Series:
Lab Companion
Edition description:
New Edition
Pages:
374
Product dimensions:
8.40(w) x 10.80(h) x 0.90(d)

Table of Contents

Introduction

Chapter 1 Remote Network Connectivity Requirements

Lab 1-1: Lab Configuration Guide

Chapter 2 Teleworker Connectivity

Scenario: Configuring the CPE as the PPPoE Client

Scenario: Configuring the CPE as the PPPoE Client over the ATM Interface

Chapter 3 IPsec VPNs

Lab 3-1: Configuring SDM on a Router (3.10.1)

Scenario 7

Step 1: Lab Preparation 7

Step 2: Prepare the Router for SDM 7

Step 3: Configure Addressing 8

Step 4: Extract SDM on the Host 10

Step 5: Install SDM on the PC 13

Step 6: Run SDM from the PC 16

Step 7: Install SDM to the Router 19

Step 8: Run SDM from the Router 23

Step 9: Monitor an Interface in SDM 24

Lab 3-2: Configuring a Basic GRE Tunnel (3.10.2) 26

Scenario 26

Step 1: Configure Loopbacks and Physical Interfaces 26

Step 2: Configure EIGRP AS 1 27

Step 3: Configure a GRE Tunnel 28

Step 4: Routing EIGRP AS 2 over the Tunnel 30

Lab 3-3: Configuring Wireshark and SPAN (3.10.3) 33

Scenario 33

Step 1: Configure the Router 33

Step 2: Install Wireshark and WinPcap 33

Step 3: Configure SPAN on a Switch 39

Step 4: Sniff Packets Using Wireshark 40

Lab 3-4: Configuring Site-to-Site IPsec VPNs with SDM (3.10.4) 43

Scenario 43

Step 1: Configure Addressing 43

Step 2: Configure EIGRP 44

Step 3: Connect to the Routers via SDM 45

Step 4: Configure Site-to-Site IPsec VPN via SDM 45

Step 5:Generate a Mirror Configuration for R3 53

Step 6: Verify the VPN Configuration Using SDM 56

Step 7: Verify the VPN Configuration Using the IOS CLI 59

Challenge: Use Wireshark to Monitor Encryption of Traffic 65

TCL Script Output 70

Lab 3-5: Configuring Site-to-Site IPsec VPNs with the IOS CLI (3.10.5) 74

Scenario 74

Step 1: Configure Addressing 74

Step 2: Configure EIGRP 75

Step 3: Create IKE Policies 76

Step 4: Configure Preshared Keys 78

Step 5: Configure the IPsec Transform Set and Lifetimes 78

Step 6: Define Interesting Traffic 80

Step 7: Create and Apply Crypto Maps 81

Step 8: Verify IPsec Configuration 82

Step 9: Verify IPsec Operation 83

Step 10: Interpret IPsec Event Debugging 85

Challenge: Use Wireshark to Monitor Encryption of Traffic 97

TCL Script Output 103

Lab 3-6: Configuring a Secure GRE Tunnel with SDM (3.10.6) 106

Scenario 106

Step 1: Configure Addressing 106

Step 2: Configure EIGRP AS 1 107

Step 3: Connect to the Router Using SDM 108

Step 4: Configure an IPsec VTI Using SDM 108

Step 5: Generate a Mirror Configuration for R3 117

Step 6: Verify Tunnel Configuration Through SDM 120

Challenge: Use Wireshark to Monitor Encryption of Traffic 124

TCL Script Output 128

Lab 3-7: Configuring a Secure GRE Tunnel with the IOS CLI (3.10.7) 133

Scenario 133

Step 1: Configure Addressing 133

Step 2: Configure EIGRP AS 1 134

Step 3: Configure the GRE Tunnel 134

Step 4: Configure EIGRP AS 2 over the Tunnel 135

Step 5: Create IKE Policies and Peers 136

Step 6: Create IPsec Transform Sets 136

Step 7: Define the Traffic to Be Encrypted 137

Step 8: Create and Apply Crypto Maps 137

Step 9: Verify Crypto Operation 138

Challenge: Use Wireshark to Monitor Encryption of Traffic 139

Lab 3-8: Configuring IPsec VTIs (3.10.8) 144

Scenario 144

Step 1: Configure Addressing 144

Step 2: Configure EIGRP AS 1 145

Step 3: Configure Static Routing 145

Step 4: Create IKE Policies and Peers 147

Step 5: Create IPsec Transform Sets 148

Step 6: Create an IPsec Profile 148

Step 7: Create the IPsec VTI 149

Step 8: Verify Proper EIGRP Behavior 151

Lab 3-9: Configuring Easy VPN with SDM (3.10.9) 154

Scenario 154

Step 1: Configure Addressing 154

Step 2: Configure EIGRP AS 1 155

Step 3: Configure a Static Default Route 156

Step 4: Connect to HQ Through SDM 156

Step 5: Configure Easy VPN Server Through SDM 156

Step 6: Install the Cisco VPN Client 166

Step 7: Test Access from Client Without VPN Connection 169

Step 8: Connect to the VPN 169

Step 9: Test Network Access with VPN Connectivity 175

Step 10: Verify Easy VPN Functionality with SDM 176

Step 11: Disconnect the VPN Client 178

Lab 3-10: Configuring Easy VPN with the IOS CLI 180

Scenario 180

Step 1: Configure Addressing 180

Step 2: Configure EIGRP AS 1 181

Step 3: Configure a Static Default Route 181

Step 4: Enable AAA on HQ 182

Step 5: Create the IP Pool 182

Step 6: Configure the Group Authorization 182

Step 7: Create an IKE Policy and Group 182

Step 8: Configure the IPsec Transform Set 184

Step 9: Create a Dynamic Crypto Map 184

Step 10: Enable IKE DPD and User Authentication 184

Step 11: Install the Cisco VPN Client 185

Step 12: Test Access from Client Without VPN Connection 187

Step 13: Connect to the VPN 188

Step 14: Test Inside VPN Connectivity 193

Step 15: Verify VPN Operation Using the CLI 194

Step 16: Disconnect the VPN Client 195

Lab 3-11: IPsec Challenge Lab 196

Lab 3-12: IPsec Troubleshooting Lab 198

Initial Configurations 199

Chapter 4 Frame Mode MPLS Implementation 205

Lab 4-1: Configuring Frame Mode MPLS (4.5.1) 205

Scenario 205

Step 1: Configure Addressing 206

Step 2: Configure EIGRP AS 1 206

Step 3: Observe CEF Operation 207

Step 4: Enable MPLS on All Physical Interfaces 209

Step 5: Verify MPLS Configuration 210

Step 6: Change MPLS MTU 215

Lab 4-2: Challenge Lab: Implementing MPLS VPNs (4.5.2) 217

Scenario 218

Step 1: Configure Addressing 219

Step 2: Configure Routing in the Service-Provider Domain 219

Step 3: Configure MPLS in the SP Domain 220

Step 4: Configure a VRF 221

Step 5: Configure EIGRP AS 1 225

Step 6: Configure BGP 227

Step 7: Investigate Control Plane Operation 229

Step 8: Investigate Forwarding Plane Operation 235

Conclusion 238

Chapter 5 Cisco Device Hardening 241

Lab 5-1: Using SDM One-Step Lockdown (5.12.1) 241

Scenario 241

Step 1: Configure Addressing 241

Step 2: Install Nmap on the Host 242

Step 3: Run a Port Scan with Nmap 245

Step 4: Prepare a Router for SDM 245

Step 5: Use SDM One-Step Lockdown 246

Step 6: Use Nmap to See Changes 249

Conclusion 250

Lab 5-2: Securing a Router with Cisco AutoSecure (5.12.2) 251

Scenario 251

Step 1: Configure the Physical Interface 251

Step 2: Configure AutoSecure 251

Lab 5-3: Disabling Unneeded Services (5.12.3) 259

Scenario 259

Step 1: Configure the Physical Interface 259

Step 2: Ensure Services Are Disabled 259

Step 3: Manage Router Access 260

Step 4: Disable CDP 261

Step 5: Disable Other Unused Services 261

Step 6: Disabling Unneeded Interface Services 262

Lab 5-4: Enhancing Router Security (5.12.4) 263

Scenario 263

Step 1: Configure the Physical Interfaces 263

Step 2: Telnet to R1 264

Step 3: Configure Cisco IOS Login Enhancements 265

Step 4: Enforce a Minimum Password Length 269

Step 5: Modify Command Privilege Levels 270

Step 6: Create a Banner 273

Step 7: Enable SSH 273

Step 8: Encrypt Passwords 275

Lab 5-5: Configuring Logging (5.12.5) 276

Scenario 276

Step 1: Configure the Interface 276

Step 2: Install the Kiwi Syslog Daemon 276

Step 3: Run the Kiwi Syslog Service Manager 277

Step 4: Configure the Router for Logging 277

Step 5: Verify Logging 279

Step 6: Configure Buffered Logging 280

Lab 5-6a: Configuring AAA and TACACS+ (5.12.6a) 283

Scenario 283

Step 1: Configure the Interface 283

Step 2: Install CiscoSecure ACS 283

Step 3: Configure Users in CiscoSecure ACS 288

Step 4: Configure AAA Services on R1 292

Lab 5-6b: Configuring AAA and RADIUS (5.12.6b) 294

Scenario 294

Step 1: Configure the Interface 294

Step 2: Install CiscoSecure ACS 294

Step 3: Configure Users in CiscoSecure ACS 299

Step 4: Configure AAA Services on R1 303

Lab 5-6c: Configuring AAA Using Local Authentication (5.12.6c) 305

Step 1: Configure the Interface 305

Step 2: Configure the Local User Database 305

Step 3: Implement AAA Services 305

Lab 5-7: Configuring Role-Based CLI Views (5.12.7) 307

Scenario 307

Step 1: Configure an Enable Secret Password 307

Step 2: Enable AAA 307

Step 3: Change to the Root View 308

Step 4: Create Views 309

Step 5: Create a Superview 312

Lab 5-8: Configuring NTP (5.12.8) 313

Scenario 313

Step 1: Configure the Physical Interfaces 313

Step 2: Set Up the NTP Master 314

Step 3: Configure an NTP Client 314

Step 4: Configure NTP Peers with MD5 Authentication 315

Chapter 6 Cisco IOS Threat Defense Features 319

Lab 6-1: Configuring a Cisco IOS Firewall Using SDM (6.6.1) 319

Scenario 319

Step 1: Configure Loopbacks and Physical Interfaces 320

Step 2: Configure Routing Protocols 320

Step 3: Configure Static Routes to Reach the Internet 321

Step 4: Connect to FW Using SDM 322

Step 5: Use the SDM Advanced Firewall Wizard 323

Step 6: Modify the Firewall Configuration 331

Step 7: Monitor Firewall Activity 334

Conclusion 337

Lab 6-2: Configuring CBAC (6.6.2) 338

Scenario 338

Step 1: Configure the Physical Interfaces 338

Step 2: Configure Static Default Routes 339

Step 3: Enable Telnet Access 339

Step 4: Create IP Inspect Rules 339

Step 5: Block Unwanted Outside Traffic 341

Step 6: Verify CBAC Operation 341

Lab 6-3: Configuring IPS with SDM (6.6.3) 344

Scenario 344

Step 1: Configure the Physical Interfaces 344

Step 2: Configure Static Default Routes 345

Step 3: Enable Telnet Access 345

Step 4: Connect to FW Using SDM 345

Step 5: Use the SDM IPS Rule Wizard 346

Step 6: Verify and Modify IPS Behavior 353

Challenge: Add a Signature 358

Lab 6-4: Configuring IPS with CLI (6.6.4) 364

Scenario 364

Step 1: Configure Addressing 364

Step 2: Configure Static Default Routes 365

Step 3: Create and Apply an IPS Rule 365

Step 4: Modify Default IPS Behavior 366

Chapter 7 Case Studies 371

Case Study 1: CLI IPsec and Frame-Mode MPLS 371

Questions 372

Case Study 2: Device Hardening and VPNs 373

158713215x TOC 2/28/2008

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >