CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)
Cisco Press (Verlag)
978-1-58713-215-5 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
David Kotfila • Joshua Moorhouse • Ross G. Wolfson, CCIE® No. 16696
CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio provides you with opportunities for hands-on practice to secure and expand the reach of an enterprise-class network to teleworkers and branch sites.
The labs reinforce your understanding of how to secure and expand the reach of an enterprise network with a focus on VPN configuration and securing network access to remote sites. The book’s primary focus includes teleworker configuration and access, Frame Mode MPLS, site-to-site IPsec VPN, Cisco® EZVPN, strategies used to mitigate network attacks, Cisco device hardening, and Cisco IOS® firewall features.
Those preparing for the Implementing Secured Converged Wide-Area Networks (ISCW 642-825) certification exam should work through this book cover to cover. If you need to quickly review configuration examples, you can go directly to the relevant chapter.
CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio includes
27 Labs built to support v5 of the Implementing Secured Converged Wide-Area Networks course within the Cisco Networking Academy® curriculum providing ample opportunity for practice.
2 Challenge and Troubleshooting Labs added to the core curriculum labs to test your mastery of the topics.
2 Case Studies to give you a taste of what is involved in a fully functioning network covering all the technologies taught in this course. Even if you do not have the actual equipment to configure these more complex topologies, it is worth reading through these labs to expand your thinking into more complex networking solutions.
David Kotfila, CCNP®, CCAI, is the director of the Cisco Networking Academy at Rensselaer Polytechnic Institute (RPI), Troy, New York.
Joshua Moorhouse, CCNP, recently graduated from Rensselaer Polytechnic Institute with a bachelor of science degree in computer science, where he also worked as a teaching assistant in the Cisco Networking Academy. He currently works as a network engineer at Factset Research Systems.
Ross Wolfson, CCIE® No. 16696, recently graduated from Rensselaer Polytechnic Institute with a bachelor of science degree in computer science. He currently works as a network engineer at Factset Research Systems.
Use this Lab Portfolio with:
CCNP ISCW Official Exam Certification Guide
ISBN-10: 1-58720-150-X
ISBN-13: 978-1-58720-150-9
CCNP ISCW Portable Command Guide
ISBN-10: 1-58720-186-0
ISBN-13: 978-1-58720-186-8
This book is part of the Cisco Networking Academy Series from Cisco Press®. Books in this series support and complement the Cisco Networking Academy curriculum.
David Kotfila, CCNP, CCAI, is the director of the Cisco Academy at Rensselaer Polytechnic Institute (RPI) in Troy, New York. Under his direction, 350 students have received their CCNA, 150 students have received their CCNP, and 8 students have obtained their CCIE. David is a consultant for Cisco, working as a member of the CCNP assessment group. His team at RPI has authored the four new CCNP lab books for the Academy program. David has served on the National Advisory Council for the Academy program for four years. Previously, he was the senior training manager at PSINet, a Tier 1 global ISP. When David is not staring at his beautiful wife, Kate, or talking with his two wonderful children, Chris and Charis, he likes to kayak, hike in the mountains, and lift weights. Joshua Moorhouse, CCNP, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science, where he also worked as a teaching assistant in the Cisco Academy. He currently works as a network engineer at Factset Research Systems in Norwalk, Connecticut. Josh enjoys spending time with his wife Laura, his family, and friends. Ross Wolfson, CCIE No. 16696, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science. He currently works as a network engineer at Factset Research Systems. Ross enjoys spending time with his friends, running, and biking.
Introduction
Chapter 1 Remote Network Connectivity Requirements
Lab 1-1: Lab Configuration Guide
Chapter 2 Teleworker Connectivity
Scenario: Configuring the CPE as the PPPoE Client
Scenario: Configuring the CPE as the PPPoE Client over the ATM Interface
Chapter 3 IPsec VPNs
Lab 3-1: Configuring SDM on a Router (3.10.1)
Scenario 7
Step 1: Lab Preparation 7
Step 2: Prepare the Router for SDM 7
Step 3: Configure Addressing 8
Step 4: Extract SDM on the Host 10
Step 5: Install SDM on the PC 13
Step 6: Run SDM from the PC 16
Step 7: Install SDM to the Router 19
Step 8: Run SDM from the Router 23
Step 9: Monitor an Interface in SDM 24
Lab 3-2: Configuring a Basic GRE Tunnel (3.10.2) 26
Scenario 26
Step 1: Configure Loopbacks and Physical Interfaces 26
Step 2: Configure EIGRP AS 1 27
Step 3: Configure a GRE Tunnel 28
Step 4: Routing EIGRP AS 2 over the Tunnel 30
Lab 3-3: Configuring Wireshark and SPAN (3.10.3) 33
Scenario 33
Step 1: Configure the Router 33
Step 2: Install Wireshark and WinPcap 33
Step 3: Configure SPAN on a Switch 39
Step 4: Sniff Packets Using Wireshark 40
Lab 3-4: Configuring Site-to-Site IPsec VPNs with SDM (3.10.4) 43
Scenario 43
Step 1: Configure Addressing 43
Step 2: Configure EIGRP 44
Step 3: Connect to the Routers via SDM 45
Step 4: Configure Site-to-Site IPsec VPN via SDM 45
Step 5: Generate a Mirror Configuration for R3 53
Step 6: Verify the VPN Configuration Using SDM 56
Step 7: Verify the VPN Configuration Using the IOS CLI 59
Challenge: Use Wireshark to Monitor Encryption of Traffic 65
TCL Script Output 70
Lab 3-5: Configuring Site-to-Site IPsec VPNs with the IOS CLI (3.10.5) 74
Scenario 74
Step 1: Configure Addressing 74
Step 2: Configure EIGRP 75
Step 3: Create IKE Policies 76
Step 4: Configure Preshared Keys 78
Step 5: Configure the IPsec Transform Set and Lifetimes 78
Step 6: Define Interesting Traffic 80
Step 7: Create and Apply Crypto Maps 81
Step 8: Verify IPsec Configuration 82
Step 9: Verify IPsec Operation 83
Step 10: Interpret IPsec Event Debugging 85
Challenge: Use Wireshark to Monitor Encryption of Traffic 97
TCL Script Output 103
Lab 3-6: Configuring a Secure GRE Tunnel with SDM (3.10.6) 106
Scenario 106
Step 1: Configure Addressing 106
Step 2: Configure EIGRP AS 1 107
Step 3: Connect to the Router Using SDM 108
Step 4: Configure an IPsec VTI Using SDM 108
Step 5: Generate a Mirror Configuration for R3 117
Step 6: Verify Tunnel Configuration Through SDM 120
Challenge: Use Wireshark to Monitor Encryption of Traffic 124
TCL Script Output 128
Lab 3-7: Configuring a Secure GRE Tunnel with the IOS CLI (3.10.7) 133
Scenario 133
Step 1: Configure Addressing 133
Step 2: Configure EIGRP AS 1 134
Step 3: Configure the GRE Tunnel 134
Step 4: Configure EIGRP AS 2 over the Tunnel 135
Step 5: Create IKE Policies and Peers 136
Step 6: Create IPsec Transform Sets 136
Step 7: Define the Traffic to Be Encrypted 137
Step 8: Create and Apply Crypto Maps 137
Step 9: Verify Crypto Operation 138
Challenge: Use Wireshark to Monitor Encryption of Traffic 139
Lab 3-8: Configuring IPsec VTIs (3.10.8) 144
Scenario 144
Step 1: Configure Addressing 144
Step 2: Configure EIGRP AS 1 145
Step 3: Configure Static Routing 145
Step 4: Create IKE Policies and Peers 147
Step 5: Create IPsec Transform Sets 148
Step 6: Create an IPsec Profile 148
Step 7: Create the IPsec VTI 149
Step 8: Verify Proper EIGRP Behavior 151
Lab 3-9: Configuring Easy VPN with SDM (3.10.9) 154
Scenario 154
Step 1: Configure Addressing 154
Step 2: Configure EIGRP AS 1 155
Step 3: Configure a Static Default Route 156
Step 4: Connect to HQ Through SDM 156
Step 5: Configure Easy VPN Server Through SDM 156
Step 6: Install the Cisco VPN Client 166
Step 7: Test Access from Client Without VPN Connection 169
Step 8: Connect to the VPN 169
Step 9: Test Network Access with VPN Connectivity 175
Step 10: Verify Easy VPN Functionality with SDM 176
Step 11: Disconnect the VPN Client 178
Lab 3-10: Configuring Easy VPN with the IOS CLI 180
Scenario 180
Step 1: Configure Addressing 180
Step 2: Configure EIGRP AS 1 181
Step 3: Configure a Static Default Route 181
Step 4: Enable AAA on HQ 182
Step 5: Create the IP Pool 182
Step 6: Configure the Group Authorization 182
Step 7: Create an IKE Policy and Group 182
Step 8: Configure the IPsec Transform Set 184
Step 9: Create a Dynamic Crypto Map 184
Step 10: Enable IKE DPD and User Authentication 184
Step 11: Install the Cisco VPN Client 185
Step 12: Test Access from Client Without VPN Connection 187
Step 13: Connect to the VPN 188
Step 14: Test Inside VPN Connectivity 193
Step 15: Verify VPN Operation Using the CLI 194
Step 16: Disconnect the VPN Client 195
Lab 3-11: IPsec Challenge Lab 196
Lab 3-12: IPsec Troubleshooting Lab 198
Initial Configurations 199
Chapter 4 Frame Mode MPLS Implementation 205
Lab 4-1: Configuring Frame Mode MPLS (4.5.1) 205
Scenario 205
Step 1: Configure Addressing 206
Step 2: Configure EIGRP AS 1 206
Step 3: Observe CEF Operation 207
Step 4: Enable MPLS on All Physical Interfaces 209
Step 5: Verify MPLS Configuration 210
Step 6: Change MPLS MTU 215
Lab 4-2: Challenge Lab: Implementing MPLS VPNs (4.5.2) 217
Scenario 218
Step 1: Configure Addressing 219
Step 2: Configure Routing in the Service-Provider Domain 219
Step 3: Configure MPLS in the SP Domain 220
Step 4: Configure a VRF 221
Step 5: Configure EIGRP AS 1 225
Step 6: Configure BGP 227
Step 7: Investigate Control Plane Operation 229
Step 8: Investigate Forwarding Plane Operation 235
Conclusion 238
Chapter 5 Cisco Device Hardening 241
Lab 5-1: Using SDM One-Step Lockdown (5.12.1) 241
Scenario 241
Step 1: Configure Addressing 241
Step 2: Install Nmap on the Host 242
Step 3: Run a Port Scan with Nmap 245
Step 4: Prepare a Router for SDM 245
Step 5: Use SDM One-Step Lockdown 246
Step 6: Use Nmap to See Changes 249
Conclusion 250
Lab 5-2: Securing a Router with Cisco AutoSecure (5.12.2) 251
Scenario 251
Step 1: Configure the Physical Interface 251
Step 2: Configure AutoSecure 251
Lab 5-3: Disabling Unneeded Services (5.12.3) 259
Scenario 259
Step 1: Configure the Physical Interface 259
Step 2: Ensure Services Are Disabled 259
Step 3: Manage Router Access 260
Step 4: Disable CDP 261
Step 5: Disable Other Unused Services 261
Step 6: Disabling Unneeded Interface Services 262
Lab 5-4: Enhancing Router Security (5.12.4) 263
Scenario 263
Step 1: Configure the Physical Interfaces 263
Step 2: Telnet to R1 264
Step 3: Configure Cisco IOS Login Enhancements 265
Step 4: Enforce a Minimum Password Length 269
Step 5: Modify Command Privilege Levels 270
Step 6: Create a Banner 273
Step 7: Enable SSH 273
Step 8: Encrypt Passwords 275
Lab 5-5: Configuring Logging (5.12.5) 276
Scenario 276
Step 1: Configure the Interface 276
Step 2: Install the Kiwi Syslog Daemon 276
Step 3: Run the Kiwi Syslog Service Manager 277
Step 4: Configure the Router for Logging 277
Step 5: Verify Logging 279
Step 6: Configure Buffered Logging 280
Lab 5-6a: Configuring AAA and TACACS+ (5.12.6a) 283
Scenario 283
Step 1: Configure the Interface 283
Step 2: Install CiscoSecure ACS 283
Step 3: Configure Users in CiscoSecure ACS 288
Step 4: Configure AAA Services on R1 292
Lab 5-6b: Configuring AAA and RADIUS (5.12.6b) 294
Scenario 294
Step 1: Configure the Interface 294
Step 2: Install CiscoSecure ACS 294
Step 3: Configure Users in CiscoSecure ACS 299
Step 4: Configure AAA Services on R1 303
Lab 5-6c: Configuring AAA Using Local Authentication (5.12.6c) 305
Step 1: Configure the Interface 305
Step 2: Configure the Local User Database 305
Step 3: Implement AAA Services 305
Lab 5-7: Configuring Role-Based CLI Views (5.12.7) 307
Scenario 307
Step 1: Configure an Enable Secret Password 307
Step 2: Enable AAA 307
Step 3: Change to the Root View 308
Step 4: Create Views 309
Step 5: Create a Superview 312
Lab 5-8: Configuring NTP (5.12.8) 313
Scenario 313
Step 1: Configure the Physical Interfaces 313
Step 2: Set Up the NTP Master 314
Step 3: Configure an NTP Client 314
Step 4: Configure NTP Peers with MD5 Authentication 315
Chapter 6 Cisco IOS Threat Defense Features 319
Lab 6-1: Configuring a Cisco IOS Firewall Using SDM (6.6.1) 319
Scenario 319
Step 1: Configure Loopbacks and Physical Interfaces 320
Step 2: Configure Routing Protocols 320
Step 3: Configure Static Routes to Reach the Internet 321
Step 4: Connect to FW Using SDM 322
Step 5: Use the SDM Advanced Firewall Wizard 323
Step 6: Modify the Firewall Configuration 331
Step 7: Monitor Firewall Activity 334
Conclusion 337
Lab 6-2: Configuring CBAC (6.6.2) 338
Scenario 338
Step 1: Configure the Physical Interfaces 338
Step 2: Configure Static Default Routes 339
Step 3: Enable Telnet Access 339
Step 4: Create IP Inspect Rules 339
Step 5: Block Unwanted Outside Traffic 341
Step 6: Verify CBAC Operation 341
Lab 6-3: Configuring IPS with SDM (6.6.3) 344
Scenario 344
Step 1: Configure the Physical Interfaces 344
Step 2: Configure Static Default Routes 345
Step 3: Enable Telnet Access 345
Step 4: Connect to FW Using SDM 345
Step 5: Use the SDM IPS Rule Wizard 346
Step 6: Verify and Modify IPS Behavior 353
Challenge: Add a Signature 358
Lab 6-4: Configuring IPS with CLI (6.6.4) 364
Scenario 364
Step 1: Configure Addressing 364
Step 2: Configure Static Default Routes 365
Step 3: Create and Apply an IPS Rule 365
Step 4: Modify Default IPS Behavior 366
Chapter 7 Case Studies 371
Case Study 1: CLI IPsec and Frame-Mode MPLS 371
Questions 372
Case Study 2: Device Hardening and VPNs 373
158713215x TOC 2/28/2008
Erscheint lt. Verlag | 3.4.2008 |
---|---|
Reihe/Serie | Cisco Networking Academy - Mind Wide Open |
Verlagsort | Indianapolis |
Sprache | englisch |
Maße | 274 x 216 mm |
Gewicht | 928 g |
Themenwelt | Mathematik / Informatik ► Informatik ► Netzwerke |
Informatik ► Weitere Themen ► Zertifizierung | |
ISBN-10 | 1-58713-215-X / 158713215X |
ISBN-13 | 978-1-58713-215-5 / 9781587132155 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich