Lab Configure Cisco IOS Firewall CBAC on a Cisco Router
|
|
- Trevor Fletcher
- 8 years ago
- Views:
Transcription
1 Lab Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab exercise, students will complete the following tasks: Configure logging and audit trails. Define and apply inspection rules access control lists (ACLs). Test and verify Context-based Access Control (CBAC). The task in this exercise is to configure CBAC on a Cisco router. Student groups will work individually to perform the following steps in this lab exercise: Step 1 Configure logging and audit trails Step 2 Define and apply inspection rules for ACLs Step 3 Test and verify CBAC This figure illustrates the network environment students will create: 1-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
2 Preparation Begin with the standard lab topology and verify the standard router configuration on pod routers. Test the connectivity between the pod routers. Access the perimeter router console port using the terminal emulator on the student PC. If desired, save the router configuration to a text file for later analysis. Refer back to the Student Lab Orientation if more help is needed. Tools and resources In order to complete this lab, the following resources are required: Two pod routers Two inside hosts One SuperServer Additional materials One switch and one backbone router Further information about the objectives covered in this lab can be found at the following websites: Command list apter09186a00800d981a.html shtml These commands will be used throughout the lab. Students should be familiar with these commands. Command access-list ip accessgroup ip inspect audit-trail ip inspect name logging show accesslists show ip inspect write memory Description Command used to configure an ACL. Command used to assign an ACL to an interface. Command used to configure a CBAC audit trail. Command used to define a CBAC rule. Command used to enable logging. Command used to display configured access lists. Command used to verify CBAC operation. Command used to save the running configuration to the 2-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
3 Command Description startup configuration. Step 1 Configure Logging and Audit Trails To configure logging and audit trails, complete the following steps: a. Enable logging to the console and the Syslog server. RouterP(config)# logging on RouterP(config)# logging 10.0.P.12 (where P = pod number) b. Enable the audit trail. Router(config)# ip inspect audit-trail c. Save the configuration and return to global configuration mode. RouterP(config)# end RouterP# write memory 1. What command shows detailed logging information? 2. What command will erase the entries in the logging buffer? Step 2 Define and Apply Inspection Rules ACLs a. Define a CBAC rule to inspect all TCP and FTP traffic. RouterP(config)# ip inspect name FWRULE tcp timeout 300 RouterP(config)# ip inspect name FWRULE ftp timeout 300 b. Define the ACLs to allow outbound Internet Control Message Protocol (ICMP) traffic and CBAC traffic. Block all other inside initiated traffic. RouterP(config)# access-list 101 permit icmp any any RouterP(config)# access-list 101 permit ip 10.0.P any RouterP(config)# access-list 101 deny ip any any (where P = pod number) c. Define ACLs to allow inbound ICMP traffic and CBAC traffic such as FTP and WWW to the inside web or FTP server. Block all other outside initiated traffic. RouterP(config)# access-list 102 permit eigrp any any RouterP(config)# access-list 102 permit icmp any any (where P = pod number) d. Apply the inspection rule and the ACL to the inside interface. RouterP(config)# interface fa 0/0 3-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
4 RouterP(config-if)# ip inspect FWRULE in RouterP(config-if)# ip access-group 101 in e. Apply the ACL to the outside interface. RouterP(config-if)# interface fa 0/1 RouterP(config-if)# ip access-group 102 in f. Save the configuration and return to global configuration mode. RouterP(config-if)# end RouterP# write memory Step 3 Test and Verify CBAC a. Complete the following steps to test and verify CBAC: i. Check the ACLs. RouterP# show access-lists 3. In the output for the show access-lists command, how many matches for Enhanced Interior Gateway Routing Protocol (EIGRP) packets are in access list 102? ii. From the MS command prompt, ping the SuperServer. C:\>ping Pinging with 32 bytes of data: iii. Use the web browser to connect to the SuperServer. Enter in the URL field. iv. Connect to the SuperServer by using an anonymous FTP: C:\> ftp User (10.0.P.12:(none)): anonymous... Password: user@ (where Q = peer pod number) v. Use the following show commands to verify CBAC configuration: RouterP# show ip inspect name FWRULE Inspection name FWRULE 4-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
5 RouterP# show ip inspect config Session audit trail is enabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name FWRULE RouterP# show ip inspect interfaces Interface Configuration Interface FastEthernet0/0 Inbound inspection rule is FWRULE Outgoing inspection rule is not set Inbound access list is 101 Outgoing access list is not set vi. Use the following show commands to verify CBAC operation: RouterP# show ip inspect sessions Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp Session 82A69FB4 (10.0.P.12:1312)=>( :21) ftp RouterP# show ip inspect sessions detail Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp Created 00:00:09, Last heard 00:00:09 Bytes sent (initiator:responder) [0:0] acl created 1 Inbound access-list 102 applied to interface FastEthernet0/1 Session 82A69FB4 (10.0.P.12:1312)=>( :21) ftp Created 00:00:23, Last heard 00:00:18 Bytes sent (initiator:responder) [0:0] acl created Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
6 Inbound access-list 102 applied to interface FastEthernet0/1 RouterP# show ip inspect all Session audit trail is enabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time is 3600 sec -- udp idle-time is 30 sec dns-timeout is 5 sec Inspection Rule Configuration Inspection name FWRULE Interface Configuration Interface FastEthernet0/0 Inbound inspection rule is FWRULE Outgoing inspection rule is not set Inbound access list is 101 Outgoing access list is not set Half-open Sessions Session 82A6A284 (10.0.P.12:1314)=>( :80) tcp vii. Use the show access-list command to display the Context-based Access List. Notice the access lists differs from that of Step 3a. CBAC has analyzed the traffic and created FTP and WWW permit statements. CBAC has created the permit statements because the traffic is permitted in the configured access lists (101 and 102). The statements will be removed after the ip inspect timeout value have expired. RouterP#show access-list Extended IP access list 101 permit icmp any any permit ip 10.0.P any (354 matches) deny ip any any Extended IP access list 102 permit tcp host eq ftp host 10.0.P.12 eq 1315 permit tcp host eq www host 10.0.P.12 eq 1320 permit eigrp any any (57 matches) permit icmp any any 6-6 Fundamentals of Network Security v Lab Copyright 2003, Cisco Systems, Inc.
Lab 8.3.13 Configure Cisco IOS Firewall CBAC
Lab 8.3.13 Configure Cisco IOS Firewall CBAC Objective Scenario Topology In this lab, the students will complete the following tasks: Configure a simple firewall including CBAC using the Security Device
More informationConfigure Cisco IOS Firewall to use stateful packet inspection for IPv6. Configure Cisco IOS Firewall to use packet filtering for IPv6.
Lab 7-3 Configuring Cisco IOS Firewall In this activity, you will configure various types of ACLs, to achieve the desired filtering objectives. After completing this activity, you will be able to meet
More informationLab 5.2.5 Configure IOS Firewall IDS
Lab 5.2.5 Configure IOS Firewall IDS Objective Scenario Topology: Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, the student will learn how to perform
More informationLab 12.1.7 Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance
Lab 12.1.7 Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance Objective Scenario Estimated Time: 20 minutes Number of Team Members: Two teams with four students per team
More informationSecurizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei
Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei Firewall
More informationNetwork Security 1. Module 8 Configure Filtering on a Router
Network Security 1 Module 8 Configure Filtering on a Router Module 8 Configure Filtering on a Router 8.1 Filtering Technologies Packet Filtering Stateful Packet Filtering URL Filtering Module 8 Configure
More informationClassic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1
Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,
More informationFirewall Stateful Inspection of ICMP
The feature addresses the limitation of qualifying Internet Control Management Protocol (ICMP) messages into either a malicious or benign category by allowing the Cisco IOS firewall to use stateful inspection
More informationThe Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series
Cisco IOS Firewall Feature Set Feature Summary The Cisco IOS Firewall feature set is available in Cisco IOS Release 12.0. This document includes information that is new in Cisco IOS Release 12.0(1)T, including
More informationCentral America Workshop - Guatemala City Guatemala 30 January - 1 February 07. IPv6 Security
City Guatemala 30 January - 1 February 07 Pedro Lorga (lorga@fccn.pt) Simon Muyal (muyal@renater.pt) Piers O'Hanlon (p.ohanlon@cs.ucl.ac.uk) Laboratory Exercise: Objectives In this laboratory exercise
More informationLab Exercise Configure the PIX Firewall and a Cisco Router
Lab Exercise Configure the PIX Firewall and a Cisco Router Scenario Having worked at Isis Network Consulting for two years now as an entry-level analyst, it has been your hope to move up the corporate
More informationTable of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others
Cisco IOS Firewall to Allow Java Applets From Known Sites w Table of Contents Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others...1 Introduction...1 To Deny Java
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationVirtual Fragmentation Reassembly
Virtual Fragmentation Reassembly Currently, the Cisco IOS Firewall specifically context-based access control (CBAC) and the intrusion detection system (IDS) cannot identify the contents of the IP fragments
More informationLab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM
Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)
More informationFIREWALLS & CBAC. philip.heimer@hh.se
FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
More informationLab 8.5.3 Configuring the PIX Firewall as a DHCP Server
Lab 8.5.3 Configuring the PIX Firewall as a DHCP Server Objective Scenario Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, students will learn the
More informationCCNA Access List Sim
1 P a g e CCNA Access List Sim Question An administrator is trying to ping and telnet from Switch to Router with the results shown below: Switch> Switch> ping 10.4.4.3 Type escape sequence to abort. Sending
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationRSA Security Analytics
RSA Security Analytics Event Source Log Configuration Guide Cisco IOS Last Modified: Thursday, February 19, 2015 Event Source Product Information: Vendor: Cisco Event Source: IOS Versions: IOS 12.4, 15.x
More informationChapter 4: Lab A: Configuring CBAC and Zone-Based Firewalls
Chapter 4: Lab A: Configuring CBAC and Zone-Based Firewalls Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1 192.168.1.1 255.255.255.0 N/A S1 FA0/5
More informationLab 7: Firewalls Stateful Firewalls and Edge Router Filtering
Lab 7: Firewalls Stateful Firewalls and Edge Router Filtering 7.1 Details Aim: Rich Macfarlane The aim of this lab is to introduce the concepts of stateful firewalls, using Cisco Contextbased Access Control
More informationLab 5.5 Configuring Logging
Lab 5.5 Configuring Logging Learning Objectives Configure a router to log to a Syslog server Use Kiwi Syslog Daemon as a Syslog server Configure local buffering on a router Topology Diagram Scenario In
More informationLab 8.9.3 QoS Classification and Policing Using CAR
Lab 8.9.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More informationLab 4.1.2 Characterizing Network Applications
Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1
More informationFirewall Support for SIP
Firewall Support for SIP The Firewall Support for SIP feature integrates Cisco IOS firewalls, Voice over IP (VoIP) protocol, and Session Initiation Protocol (SIP) within a Cisco IOS-based platform, enabling
More informationInternetwork Expert s CCNA Security Bootcamp. IOS Firewall Feature Set. Firewall Design Overview
Internetwork Expert s CCNA Security Bootcamp IOS Firewall Feature Set http:// Firewall Design Overview Firewall defines traffic interaction between zones or trust levels e.g. ASA security-level Common
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationIOS Zone Based Firewall Step-by-Step Basic Configuration
IOS Zone Based Firewall Step-by-Step Basic Configuration Introduction The Cisco IOS Zone Based Firewall is one of the most advanced form of Stateful firewall used in the Cisco IOS devices. The zone based
More informationLab14.8.1 Configure a PIX Firewall VPN
Lab14.8.1 Configure a PIX Firewall VPN Complete the following lab exercise to practice what you learned in this chapter. Objectives In this lab exercise you will complete the following tasks: Visual Objective
More informationLab 4.5.2 Diagramming Intranet Traffic Flows
Lab 4.5.2 Diagramming Intranet Traffic Flows Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1
More informationFirewall Technologies. Access Lists Firewalls
Firewall Technologies Access Lists Firewalls ACLs Standard Extended Numbered Named Stateful Tables to track real-time state of end-end sessions Session oriented nature of network traffic TCP established
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationLab 6.1 Configuring a Cisco IOS Firewall Using SDM
Lab 6.1 Configuring a Cisco IOS Firewall Using SDM Learning Objectives Use SDM to configure a router as a firewall Understand basic firewall operation Configure basic routing through a firewall Verify
More informationPRACTICE WAY TO TEACHING OF NETWORK SECURITY ONE YEAR AFTER. Used devices and their topology. JAROSLAV DOČKAL, PhD 1
JAROSLAV DOČKAL, PhD 1 PRACTICE WAY TO TEACHING OF NETWORK SECURITY ONE YEAR AFTER Last year our first Cisco academy network security teaching experiences was explained at this conference. After one year
More informationFirewall Authentication Proxy for FTP and Telnet Sessions
Firewall Authentication Proxy for FTP and Telnet Sessions First Published: May 14, 2003 Last Updated: August 10, 2010 Before the introduction of the Firewall Authentication Proxy for FTP and Telnet Sessions
More informationLab 4.5.4 Diagramming External Traffic Flows
Lab 4.5.4 Diagramming External Traffic Flows Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 R2 R3 FC-CPE-1 FC-CPE-2 ISP Fa0/1 172.17.0.1
More informationHow To Lower Data Rate On A Network On A 2Ghz Network On An Ipnet 2 (Net 2) On A Pnet 2 On A Router On A Gbnet 2.5 (Net 1) On An Uniden Network On
Lab 8.1.10.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More informationCisco Firewall Technology
Section 1 Firewall...3 Section 2...19 Section 3 Advancements in the ASA...44 Technology Andrew Mason ciscopress.com [ 19 ] Section 2 Technology by Andrew Mason Products Currently, Cisco offers four products
More informationLab 4.2.3 Analyzing Network Traffic
Lab 4.2.3 Analyzing Network Traffic Objective Device Designation Device Name Address Subnet Mask Discovery Server Network Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 255.255.0.0
More informationTroubleshooting the Firewall Services Module
25 CHAPTER This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page
More informationLAB II: Securing The Data Path and Routing Infrastructure
LAB II: Securing The Data Path and Routing Infrastructure 8. Create Packet Filters a. Create a packet filter which will deny packets that have obviously bogus IP source addresses but permit everything
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationTable of Contents. Configuring IP Access Lists
Table of Contents...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...2 Understanding ACL Concepts...2 Using Masks...2 Summarizing ACLs...3 Processing ACLs...4 Defining Ports and Message
More informationPT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations
PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1
More informationFirewall Stateful Inspection of ICMP
The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated
More informationLab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance
Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Configure the use of Cisco Intrusion
More informationLab 6.2.12a Configure Remote Access Using Cisco Easy VPN
Lab 6.2.12a Configure Remote Access Using Cisco Easy VPN Objective Scenario Topology In this lab, the students will complete the following tasks: Enable policy lookup via authentication, authorization,
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationConnect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.
Lab 1.2.2 Capturing and Analyzing Network Traffic Host Name IP Address Fa0/0 Subnet Mask IP Address S0/0/0 Subnet Mask Default Gateway RouterA 172.17.0.1 255.255.0.0 192.168.1.1 (DCE) 255.255.255.0 N/A
More informationSchool of Information Science (IS 2935 Introduction to Computer Security, 2003)
Student Name : School of Information Science (IS 2935 Introduction to Computer Security, 2003) Firewall Configuration Part I: Objective The goal of this lab is to allow students to exploit an active attack
More informationLab 11.5.6.1 Configure Syslog on AP
Lab 11.5.6.1 Configure Syslog on AP Estimated Time: 25 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will configure and use syslog logging to monitor
More informationAdding an Extended Access List
CHAPTER 11 This chapter describes how to configure extended access lists (also known as access control lists), and it includes the following topics: Information About Extended Access Lists, page 11-1 Licensing
More informationTABLE OF CONTENTS NETWORK SECURITY 1...1
Network Security 1 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationLab 7.2.9 Load Balancing Across Multiple Paths
Lab 7.2.9 Load Balancing Across Multiple Paths Objective Configure Load balance across multiple paths. Observe the load balancing process. Background/Preparation Cable a network similar to the one in the
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationConfiguring Static and Dynamic NAT Simultaneously
Configuring Static and Dynamic NAT Simultaneously Document ID: 13778 Contents Introduction Prerequisites Requirements Components Used Conventions Configuring NAT Related Information Introduction In some
More informationConfiguring Denial of Service Protection
24 CHAPTER This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches,
More informationLab 8.3.1.2 Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationLab 8: Confi guring QoS
Lab 8: Objective Implement QoS, mark traffi c, and display and interpret QoS output. Lab Topology For this lab, your network design will include two pods of devices. You will be responsible for confi guring
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationCCIE R&S Lab Workbook Volume I Version 5.0
Copyright Information, Inc. All rights reserved. The following publication, CCIE R&S Lab Workbook Volume I Version 5.0, was developed by Internetwork Expert, Inc. All rights reserved. No part of this publication
More informationSmart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
More informationOutput Interpreter. SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - FW Analysis. Back to top
Output Interpreter You have chosen to display errors warnings general information, and helpful references. Headings are displayed for all supported commands that you submitted. SHOW RUNNING-CONFIG SECURITY
More informationSecurity and Access Control Lists (ACLs)
Security and Access Control Lists (ACLs) Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Security Threats Access Control List Fundamentals Access
More informationLab: Basic Router Configuration
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Def. Gateway R1 Fa0/0 192.168.1.1 255.255.255.0 N/A S0/0/0 192.168.2.1 255.255.255.0 N/A R2 Fa0/0 192.168.3.1 255.255.255.0 N/A
More informationCisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software
LiveAction Application Note Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software January 2013 http://www.actionpacked.com Table of Contents 1. Introduction... 1 2. ASA NetFlow Security
More informationTroubleshooting the Firewall Services Module
CHAPTER 25 This chapter describes how to troubleshoot the FWSM, and includes the following sections: Testing Your Configuration, page 25-1 Reloading the FWSM, page 25-6 Performing Password Recovery, page
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (8 points, 5 minutes) Part 2: Configure Device Basic Settings (28 points, 30 minutes) Part 3: Configure
More informationConfiguring NetFlow Secure Event Logging (NSEL)
75 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More information1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router
1 Basic Configuration of Cisco 2600 Router Basic Configuration Cisco 2600 Router I decided to incorporate the Cisco 2600 into my previously designed network. This would give me two seperate broadcast domains
More informationThis Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.
TECHNICAL SUPPORT NOTE Introduction to the Firewall Menu in the Web GUI Featuring ADTRAN OS and the Web GUI Introduction This Technical Support Note shows the different options available in the Firewall
More informationHow To Block On A Network With A Group Control On A Router On A Linux Box On A Pc Or Ip Access Group On A Pnet 2 On A 2G Router On An Ip Access-Group On A Ip Ip-Control On A Net
Using Access-groups to Block/Allow Traffic in AOS When setting up an AOS unit, it is important to control which traffic is allowed in and out. In many cases, the built-in AOS firewall is the most efficient
More informationNote: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
More informationProcedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch
University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab. 2 Network Devices & Packet Tracer Objectives 1. To become familiar with
More informationIntegrated Cisco Products
Installation Guide Supplement for use with Integrated Cisco Products Websense Web Security Websense Web Filter v7.5 1996 2010, Websense Inc. All rights reserved. 10240 Sorrento Valley Rd., San Diego, CA
More informationLab 2.5.2a Configure SSH
Lab 2.5.2a Configure SSH Objective Scenario Topology In this lab, the students will complete the following tasks: Configuring a router as a Secure Shell (SSH) server Version 1. Install and configure a
More informationTable of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall
Table of Contents Blocking Peer to Peer File Sharing Programs with the PIX Firewall...1 Document ID: 42700...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...2 PIX
More informationASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example
ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example Document ID: 113110 Contents Introduction Prerequisites Requirements Components Used Network Diagram Related Products Conventions Background
More informationLab Objectives & Turn In
Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for
More informationNetwork Security 2. Module 2 Configure Network Intrusion Detection and Prevention
1 1 Network Security 2 Module 2 Configure Network Intrusion Detection and Prevention 2 Learning Objectives 2.1 Cisco IOS Intrusion Prevention System 2.2 Configure Attack Guards on the PIX Security Appliance
More informationTROUBLESHOOTING FIREWALLS
TROUBLESHOOTING FIREWALLS SESSION 1 Agenda Understanding the Concepts PIX and FWSM Troubleshooting Tools PIX and FWSM Common Issues Cisco IOS Firewall Concepts Cisco IOS Firewall Common Issues and Troubleshooting
More informationCisco ASA, PIX, and FWSM Firewall Handbook
Cisco ASA, PIX, and FWSM Firewall Handbook David Hucaby, CCIE No. 4594 Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA Contents Foreword Introduction xxii xxiii Chapter 1 Firewall
More informationLAB Configuring NAT. Objective. Background/Preparation
LAB Configuring NAT Objective Configure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses. Configure static
More informationFirewall Design Principles
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region
More informationChapter 11 Network Address Translation
Chapter 11 Network Address Translation You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationObjectives. Router as a Computer. Router components and their functions. Router components and their functions
2007 Cisco Systems, Inc. All rights reserved. Cisco Public Objectives Introduction to Routing and Packet Forwarding Routing Protocols and Concepts Chapter 1 Identify a router as a computer with an OS and
More informationLab 4.2.4 Advanced Telnet Operations
Lab 4.2.4 Advanced Telnet Operations Objective Use the telnet command to remotely access other routers. Verify that the application layer between the source and the destination is working properly. Suspend
More informationConfiguring the Content Routing Software
CHAPTER 2 This chapter describes the basic steps for configuring the Content Router software. Performing a Basic Startup Configuration After you physically install the Content Router hardware, configure
More informationObjectives. Background. Required Resources. CCNA Security
Chapter 8 Lab B, Configuring a Remote Access VPN Server and Client Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1 192.168.1.1 255.255.255.0 N/A
More informationPIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example
PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example Document ID: 69374 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
More informationLab assignment #1 Firewall operation and Access Control Lists
University of Pittsburgh School of Information Science IS2820/TEL2813 - Security Management Lab GSA: Carlos Caicedo Document version: 1.0 / 2008 I. Lab resources for this assignment Lab assignment #1 Firewall
More informationLab 7.3.6 Configure Remote Access Using Cisco Easy VPN
Lab 7.3.6 Configure Remote Access Using Cisco Easy VPN Objective Scenario Estimated Time: 20 minutes Number of Team Members: Two teams with four students per team In this lab, the student will learn the
More informationLab 1.2.3 Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips
Lab 1.2.3 Review of Basic Router Configuration with RIP Objective Cable and configure workstations and routers Setup IP addressing scheme using Class B networks Configure Routing Information Protocol (RIP)
More informationPIX/ASA 7.x with Syslog Configuration Example
PIX/ASA 7.x with Syslog Configuration Example Document ID: 63884 Introduction Prerequisites Requirements Components Used Conventions Basic Syslog Configure Basic Syslog using ASDM Send Syslog Messages
More informationConfiguring a Backup Path Test Using Network Monitoring
6AOSCG0006-29B February 2011 Configuration Guide Configuring a Backup Path Test Using Network Monitoring This configuration guide describes how to configure a demand routing test call to test the availability
More informationP and FTP Proxy caching Using a Cisco Cache Engine 550 an
P and FTP Proxy caching Using a Cisco Cache Engine 550 an Table of Contents HTTP and FTP Proxy caching Using a Cisco Cache Engine 550 and a PIX Firewall...1 Introduction...1 Before You Begin...1 Conventions...1
More informationChapter 2 Lab 2-2, Configuring EtherChannel Instructor Version
Chapter 2 Lab 2-2, Configuring EtherChannel Instructor Version Topology Objective Background Configure EtherChannel. Four switches have just been installed. The distribution layer switches are Catalyst
More informationA Model Design of Network Security for Private and Public Data Transmission
2011, TextRoad Publication ISSN 2090-424X Journal of Basic and Applied Scientific Research www.textroad.com A Model Design of Network Security for Private and Public Data Transmission Farhan Pervez, Ali
More information