• No results found

Chapter 11 - Comprehensive Lab.txt-1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Chapter 11 - Comprehensive Lab.txt-1"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

=========== ======================================================================================================= ====================== ====================== R1 R1 #no ip domain-lookup #no ip domain-lookup #int g0/0 #int g0/0 #ip add 209.165.200.225 255.255.255.248 #ip add 209.165.200.225 255.255.255.248 #no shut #no shut #int s0/0/0 #int s0/0/0 #ip add 10.1.1.1 255.255.255.252 #ip add 10.1.1.1 255.255.255.252 #clock rate 128000 #clock rate 128000 #no shut #no shut #int lo1 #int lo1 #ip add 172.20.1.1 255.255.255.0 #ip add 172.20.1.1 255.255.255.0 #ip route 0.0.0.0 0.0.0.0 10.1.1.2 #ip route 0.0.0.0 0.0.0.0 10.1.1.2 #security passwords min-length 10 #security passwords min-length 10 #service password-encryption

#service password-encryption

#banner motd $UNAUTHORISED ACCESS IS

#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITEDSTRICTLY PROHIBITED AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$

AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$ #enable algorithm-type scrypt secret cisco12345 #enable algorithm-type scrypt secret cisco12345 #username Admin01 privilege 15 secret Admin01pa55 #username Admin01 privilege 15 secret Admin01pa55 #line con 0 #line con 0 #privilege 15 #privilege 15 #exec-timeout 15 0 #exec-timeout 15 0 #logging synchronous #logging synchronous #login #login #exi #exi #line vty 0 4 #line vty 0 4 #privilege 15 #privilege 15 #exec-timeout 15 0 #exec-timeout 15 0 #logging synchronous #logging synchronous #transport input ssh #transport input ssh #login #login #exi #exi #aaa new-model #aaa new-model

#aaa authentication login default local #aaa authentication login default local #login on-success log

#login on-success log

#login on-failure log every 2 #login on-failure log every 2 #exi

#exi

#ip http server #ip http server

#ip http authentication local #ip http authentication local #ip domain-name ccnasecurity.com #ip domain-name ccnasecurity.com

#crypto key generate rsa general-keys modulus 1024 #crypto key generate rsa general-keys modulus 1024 #ip ssh version 2

#ip ssh version 2 #ip ssh time-out 90 #ip ssh time-out 90

(2)

#ip ssh authentication-retries 2

#login block-for 60 attempts 2 within 30 #login on-failure log every 2

#secure boot-image #secure boot-config

#copy running-config startup-config #no secure boot-image

#no secure boot-config #ntp authenticate

#ntp authentication-key 1 md5 NTPpassword #ntp trusted-key 1

#ntp server 10.1.1.2 #ntp update-calendar

#do show ntp associations #do show ntp status

#copy running-config startup-config

========================================================= ====================== R2 #no ip domain-lookup #int s0/0/0 #ip add 10.1.1.2 255.255.255.252 #no shut #int s0/0/1 #ip add 10.2.2.2 255.255.255.252 #clock rate 128000 #no shut #ip route 209.165.200.224 255.255.255.248 10.1.1.1 #ip route 172.16.3.0 255.255.255.0 10.2.2.1 #show clock

#clock set 19:30:00 Jan 26 2017 #show clock

#ntp authenticate

#ntp authentication-key 1 md5 NTPpassword #ntp trusted-key 1

#ntp master 3

#copy running-config startup-config

========================================================= ======================

R3

#no ip domain-lookup #int g0/1

(3)

#ip add 172.16.3.1 255.255.255.0 #no shut #int s0/0/1 #ip add 10.2.2.1 255.255.255.252 #no shut #ip route 0.0.0.0 0.0.0.0 10.2.2.2 #security passwords min-length 10 #service password-encryption

#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$

#enable algorithm-type scrypt secret cisco12345 #username Admin01 privilege 15 secret Admin01pa55 #line con 0 #privilege 15 #exec-timeout 15 0 #logging synchronous #login #exi #line vty 0 4 #privilege 15 #exec-timeout 15 0 #logging synchronous #transport input ssh #login #exi #aaa new-model

#aaa authentication login default local #login on-success log

#login on-failure log every 2 #exi

#ip http server

#ip http authentication local #ip domain-name ccnasecurity.com

#crypto key generate rsa general-keys modulus 1024 #ip ssh version 2 #ip ssh time-out 90 #ip ssh authentication-retries 2 #ntp authenticate #ntp authentication-key 1 md5 NTPpassword #ntp trusted-key 1 #ntp server 10.2.2.1 #ntp update-calendar

#do show ntp associations #do show ntp status

(4)

#logging 172.16.3.3 #logging trap 4 #show logging

#zone security INSIDE #zone security OUTSIDE

#class-map type inspect match-any INSIDE_PROTOCOLS #match protocol tcp

#match protocol udp #match protocol icmp

#policy-map type inspect INSIDE_TO_OUTSIDE #class type inspect INSIDE_PROTOCOLS

#inspect

#zone-pair security INSIDE_TO_OUTSIDE source INSIDE destination OUTSIDE

#zone-pair security INSIDE_TO_PROTOCOLS

#service-policy type inspect INSIDE_TO_OUTSIDE #int g0/1

#zone-member security INSIDE #int s0/0/1

#zone-member security OUTSIDE #do show zone-pair security

#do show policy-map type inspect zone-pair #do show zone security

#crypto isakmp enable #crypto isakmp policy 1 #authentication pre-share #encryption 3des

#hash sha #group 2 #end

#crypto isakmp Site2SiteKEY1 address 209.165.200.226 #do show crypto isakmp policy

#crypto ipsec transform-set TRNSFRM-SET esp-aes (256) esp-sha-hmac

#ip access-list extended 101

#permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255 #exi

#crypto map CMAP 1 #match address 101

#set peer 209.165.200.226

#set transform-set TRNSFRM-SET #int s0/0/1

(5)

#end

#do show crypto map

#do show crypto ipsec sa

#copy running-config startup-config

========================================================= ====================== S1 #no ip domain-lookup #int vlan1 #ip add 192.168.2.11 255.255.255.0 #ip default-gateway 192.168.2.1 #no shut #no ip http server #no ip http secure-server

#enable algorithm-type scrypt secret cisco12345

#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED$ #ip domain-name ccnasecurity.com

#username Admin01 privilege 15 secret Admin01pa55 #crypto key generate rsa general-keys modulus 1024 #ip ssh version 2 #ip ssh time-out 90 #ip ssh authentication-retries 2 #line con 0 #privilege 15 #exec-timeout 5 0 #logging synchronous #login #exi #line vty 0 4 #privilege 15 #exec-timeout 5 0 #logging synchronous #transport input ssh #login #exi #int f0/6

#switchport mode access #switchport nonegotiate #switchport port-security

#switchport port-security maximum 1

#switchport port-security mac-address sticky #switchport port-security violation shutdown #spanning-tree portfast

(6)

#int range f0/1-5 #shut #spanning-tree loopguard #int range f0/7-23 #shut #spanning-tree loopguard

#copy running-config startup-config

========================================================= ====================== S2 #no ip domain-lookup #int vlan1 #ip add 192.168.1.11 255.255.255.0 #ip default-gateway 192.168.1.1 #no shut

#copy running-config startup-config

========================================================= ====================== S3 #no ip domain-lookup #int vlan1 #ip add 172.16.1.11 255.255.255.0 #ip default-gateway 172.30.3.1 #no shut

#copy running-config startup-config

========================================================= ====================== ASA #write erase #reload #int vlan1 #nameif inside #ip address 192.168.1.1 255.255.255.0 #security-level 100 #no shut #int vlan2 #nameif outside #ip address 209.165.200.226 255.255.255.248 #security-level 0 #no shut #int vlan3 #nameif dmz #ip address 192.168.2.1 255.255.255.0 #security-level 70

(7)

#no shut #int e0/0

#switchport access vlan 2 #no shut

#int e0/1

#switchport access vlan 1 #no shut

#int e0/2

#switchport access vlan 3 #no shut

#do sh int ip br #do sh ip add

#do sh switch vlan #http server enable

#http 192.168.1.0 255.255.255.0

========================================================= ============================

References

Download now ( PDF - 7 Page - 61.49 KB )

Related documents

ANNUAL STAFF DINNER CHRISTMAS MESSAGE

It is therefore fitting in recognition of the hard and innovative work we have done, and for its historical significance, that we will be signing the new Treaty of Basseterre to

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Create a rule to allow remote clients and the PCN McAfee Firewall Enterprise to access the ISAKMP server:.. 1 Select Policy

The relationship between employability and labour market participation

Therefore, the null hypothesis is not completely discarded, as understanding based on job search activities, skillful practises like communication skill and efficacious belief are

Autotuning based on frequency scaling toward energy efficiency of blockchain algorithms on graphics processing units

7 Hill Climbing: frequency optimization procedure of ZEC with starting points of minimal (above), medial (middle) and maximal (below) frequencies on the Titan X (left column)

Opinion on the ethical aspects of umbilical cord blood banking

2.1. The legitimacy of commercial cord blood banks for autologous use should be questioned as they sell a service, which has presently, no real use regarding therapeutic options.

FPGA implementation of the mix algorithm for state-of-charge estimation of Lithium-ion batteries

Future work will be the implementation of the parameter identification hardware block, which can improve the accuracy of SoC estimation by updating the cell model parameters in

MOTORCOACH LEAD * FOLLOW UP AS NEEDED

Area of interest: Open to Great Lakes Tour, suggested tour iteneraries, via Rt. 6 to Erie then south.. Tour Company: Catawese Coach Co.. If a second "stay" is noted

Wines - Henri Fluchere

Under the Sebastiani label a re produced table wines, aperitif, dessert wines and vermouths, as well as bottle·fer m e n ted s park­ ling wines.. There is also a