Lab 12.1.7 Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance



Similar documents
Lab Configuring the PIX Firewall as a DHCP Server

Lab Configure IOS Firewall IDS

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Lab Developing ACLs to Implement Firewall Rule Sets

Lab Configure Cisco IOS Firewall CBAC

Lab Configuring Access Policies and DMZ Settings

Lab Diagramming Intranet Traffic Flows

Lab Configure Intrusion Prevention on the PIX Security Appliance

PIX/ASA 7.x: Enable FTP/TFTP Services Configuration Example

Lab Diagramming External Traffic Flows

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring the Cisco Secure PIX Firewall with a Single Intern

Virtual Fragmentation Reassembly

How To Monitor Cisco Secure Pix Firewall Using Ipsec And Snmp Through A Pix Tunnel

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

The information in this document is based on these software and hardware versions:

Lab Configuring Access Policies and DMZ Settings

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Lab Exercise Configure the PIX Firewall and a Cisco Router

Securing Networks with PIX and ASA

Lab Configure Remote Access Using Cisco Easy VPN

F-SECURE MESSAGING SECURITY GATEWAY

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Lab Analyzing Network Traffic

Network Security 1. Module 8 Configure Filtering on a Router

Firewalls. Chapter 3

Configuring the Cisco PIX Firewall for SSH by Brian Ford

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Application Notes SL1000/SL500 VPN with Cisco PIX 501

Lab Configure Basic AP Security through IOS CLI

SECURE FTP CONFIGURATION SETUP GUIDE

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

ASA 8.3 and Later: Mail (SMTP) Server Access on Inside Network Configuration Example

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Knowledgebase Solution

Overview - Using ADAMS With a Firewall

Multi-Homing Dual WAN Firewall Router

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

Overview - Using ADAMS With a Firewall

Cisco Secure PIX Firewall with Two Routers Configuration Example

Firewall Firewall August, 2003

1 You will need the following items to get started:

Remote PC Guide for Standalone PC Implementation

Application Note: Upgrading Interceptor software with FTP server on local PC

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Network Load Balancing

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Lab a Configure Remote Access Using Cisco Easy VPN

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

HOW TO CONFIGURE CISCO FIREWALL PART I

Firewall Stateful Inspection of ICMP

Lab 6.5.9b Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Broadband Phone Gateway BPG510 Technical Users Guide

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Network setup and troubleshooting

Lab assignment #1 Firewall operation and Access Control Lists

INTRODUCTION TO FIREWALL SECURITY

Source-Connect Network Configuration Last updated May 2009

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Blue Coat Security First Steps Transparent Proxy Deployments

Scenario: IPsec Remote-Access VPN Configuration

TABLE OF CONTENTS NETWORK SECURITY 1...1

MyPBX Security Configuration Guide

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Skills Assessment Student Training Exam

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

How To: Configure a Cisco ASA 5505 for Video Conferencing

Application Notes for the Ingate SIParator with Avaya Converged Communication Server (CCS) - Issue 1.0

QUICK START GUIDE. Cisco C170 Security Appliance

Lab 2.5.2a Configure SSH

Debugging Network Communications. 1 Check the Network Cabling

Savvius Insight Initial Configuration

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

Figure 41-1 IP Filter Rules

PIX/ASA 7.x with Syslog Configuration Example

IPPBX FAQ. For Firmware Version: V2.0/V

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

eprism Security Suite

Cisco ASA, PIX, and FWSM Firewall Handbook

Cisco Configuring Commonly Used IP ACLs

Configuring an IPSec Tunnel between a Firebox & a Cisco PIX 520

NETASQ MIGRATING FROM V8 TO V9

Proxies. Chapter 4. Network & Security Gildas Avoine

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Lab 3.4.2: Managing a Web Server

LAB THREE STATIC ROUTING

Best Practices: Pass-Through w/bypass (Bridge Mode)

Transcription:

Lab 12.1.7 Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance Objective Scenario Estimated Time: 20 minutes Number of Team Members: Two teams with four students per team In this lab exercise, students will complete the following tasks: Display the fixup protocol configurations Change the fixup protocol configurations Test the outbound File Transfer Protocol (FTP) fixup protocol Test the inbound FTP fixup protocol Set the fixup protocols to the default settings Some applications embed addressing information into the application data stream and negotiate randomly picked Transport Control Protocol (TCP) or User Datagram Protocol (UDP) port numbers or IP addresses. In these cases application aware inspection, fixup, must be performed. This is to ensure that only proper and expected traffic will be allowed through the filter inspection, in a secure manner. The fixup function on a PIX Security Appliance allows a network administrator to configure specific ports used by various applications. In this lab, students will configure fixup for FTP. 1-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

Topology This figure illustrates the lab network environment. Preparation Begin with the standard lab topology and verify the standard configuration on the pod PIX Security Appliances. Access the PIX Security Appliance console port using the terminal emulator on the student PC. If desired, save the PIX Security Appliance configuration to a text file for later analysis. Tools and resources In order to complete the lab, the standard lab topology is required: Two pod PIX Security Appliances Two student PCs One SuperServer Backbone switch and one backbone router Two console cables HyperTerminal Additional materials Further information about the objectives covered in this lab can be found at, http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/fixup.pdf. Additional information on configuring firewalls can be found in, Cisco Secure PIX Firewall by David Chapman and Andy Fox (ISBN 1587050358). Command list In this lab exercise, the following commands will be used. Refer to this list if assistance or help is needed during the lab exercise. 2-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

Command clear fixup fixup protocol no fixup protocol show fixup protocol Description Resets fixup protocol command statements to their default values. Modifies PIX Security Appliance protocol fixups to add, delete, or change services and feature defaults. Configuration mode. Delete the PIX Security Appliance protocol fixups services. Displays the port values for the individual protocol specified. Step 1 List the Fixup Protocols Complete the following step and enter the command as directed to see the current configurations of the PIX Security Appliance: a. List the fixup protocols that are running on the PIX Security Appliance: PixP(config)# show fixup protocol 1. Complete the table with the ports assigned to the fixup protocols: ftp http h323 h225 h323 ras ils rsh rtsp smtp sqlnet sip skinny 3-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

Step 2 Disable the Fixup Protocols Complete the following steps and enter the commands as directed to change some of the current configurations of the PIX Security Appliance: a. Disable the following fixup protocols: PixP(config)# no fixup protocol http 80 PixP(config)# no fixup protocol smtp 25 PixP(config)# no fixup protocol h323 h225 1720 PixP(config)# no fixup protocol sqlnet 1521 b. Define a range of ports for SQL*Net connections: PixP(config)# fixup protocol sqlnet 66-76 c. Verify the fixup protocol settings using the show fixup protocol command: PixP(config)# show fixup protocol fixup protocol ftp 21 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol skinny 2000 no fixup protocol http 80 no fixup protocol smtp 25 no fixup protocol h323 h225 1720 fixup protocol sqlnet 66-76 Step 3 Test the Outbound FTP Fixup Protocol Complete the following steps and enter the commands as directed to test the outbound FTP fixup protocol: a. Enable console logging on the PIX Security Appliance: PixP(config)# logging console debug PixP(config)# logging on b. FTP to the backbone server from the student PC using the Windows FTP client: C:\> ftp 172.26.26.50 User (172.26.26.50:(none)): anonymous Password: user@ c. Do a directory listing at the FTP prompt: ftp> dir 2. What logging messages were generated on the PIX Security Appliance console? 4-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

d. Quit the FTP session: ftp> quit e. Turn off the FTP fixup protocol on the PIX Security Appliance: PixP(config)# no fixup protocol ftp f. Again, FTP to the backbone server from the student PC using the Windows FTP client: C:\> ftp 172.26.26.50 User (172.26.26.50:(none)): anonymous Password: user@ 3. Was logging into the server successful? Why or why not? g. Do a directory listing at the FTP prompt: ftp> dir 4. Was the file listing displayed? Why or why not? h. Quit the FTP session: ftp> quit i. If the FTP client has stopped, press Ctrl + C to break back to the C:\ prompt or close the command prompt window. j. FTP to the backbone server from the student PC using the web browser. To do this, enter the following in the URL field: ftp://172.26.26.50 5. Was the connection successful? Why or why not? 6. Was the file listing available? Why or why not? k. Close the web browser. 5-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

Step 4 Test the Inbound FTP Fixup Protocol Complete the following steps and enter the commands as directed to test the inbound FTP fixup protocol: a. Re-enable the FTP fixup protocol on the PIX Security Appliance: PixP(config)# fixup protocol ftp 21 b. FTP to a peer pod bastion host from the student PC using the web browser. To do this, enter the following in the URL field: ftp://192.168.q.11 (where Q = peer pod) The instructor assigns the peer pod number. 7. What logging messages were generated on the PIX Security Appliance console? c. Close the web browser. d. Turn off the FTP fixup protocol on the PIX Security Appliance: PixP(config)# no fixup protocol ftp e. FTP to a peer pod bastion host from the student PC using the web browser. To do this, enter the following in the URL field: ftp://192.168.q.11 (where Q = peer pod) The instructor assigns the peer pod number. 8. Was the connection to the peer pod inside FTP server successful? Why or why not? 9. Was the file listing available? Why or why not? Step 5 Set All Fixups to the Factory Default Complete the following steps and enter the commands as directed to set all fixups to the factory default: a. Set all fixup protocols to the factory defaults: PixP(config)# clear fixup b. Verify the fixup protocol settings: PixP(config)# show fixup protocol fixup protocol ftp 21 fixup protocol http 80 6-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 7-7 Fundamentals of Network Security v 1.1 - Lab 12.1.7 Copyright 2003, Cisco Systems, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information