Need Help Doing a Cisco Packet Tracer Lab

User Generated

lryybjfhoznevar123

Computer Science

Cal Poly Pomona

Description

So, basically the lap is set up with a topology. Your job is to configure it according to the given instructions, see the attached file.

Unformatted Attachment Preview

CIS 467 NETWORK SECURITY LAB #3 Overview: Using two Cisco routers and an ASA firewall complete the tasks below and answer the questions. You may use reference materials obtained from Cisco Systems website, books from Cisco Press, or material obtained from 3rd party training institutions. Additionally, you may team up with one other student for this lab! Lab Topology: CIS 467 Lab #3 Detailed Network Topology ISP Fa0/1 .33 .34 Fa0/0 Static Routing ISP Transport 204.184.21.32/30 R1 Static Routing Transport Network 204.184.21.28/30 Fa0/1 .29 Gi0 .30 .1 DMZ NAT IP Space 134.68.123.0/26 Gi2 DMZ Server Network 192.168.0.0/26 SW 1 FW1 .1 Gi1 .29 .13 .22 .25 .53 Inside Network 10.0.0.0/24 .10 Server Web Mail FTP DNS Local IP 192.168.0.13 192.168.0.21 192.168.0.25 192.168.0.53 NAT IP 134.68.123.13 134.68.123.21 134.68.123.25 134.68.123.53 AD/ACS Project: CIS 467 Lab #3 Detailed Network Topology Author: Dr. Brown Rev 1.0 Revised 11/23/15 Page 1 of 1 Lab Tasks: 1. Configure all equipment with the hostnames depicted in the diagram. 2. Configure all equipment with the IP addressing depicted in the diagram. 3. No routing protocols are used for this lab so ensure you have the proper static routes for ALL devices. Ensure you have full, 100% connectivity between DMZ and INSIDE Networks. Remember that routing is also required for the NAT range. 4. On R1 configure and apply an access control list that will prevent all RFC 1918 networks from being sent out to the Internet as a source address in either direction. 5. NAT your DMZ Servers to the public IP NAT range provided in the diagram (134.68.123.0/26). 6. Create an overload PAT address that is tied to your FW1’s OUTSIDE interface and allow the workstation subnet to use it. 7. Have FW-1 serve up a DHCP pool for its inside interface. ALL DNS request traffic for your scope will use 4.2.2.2. Ensure they use the INSIDE interface as the IP gateway. 8. Set your firewall and router(s) with the following credentials a. Username: Administrator – Password: changeme b. Have your router and firewall log to the AD/ACS server at 10.0.0.10 9. Create an Access List on FW1 as follows: (Remember you used NAT previously!!!) a. Allow standard SMTP relay, SMTP submission, and POP3/POP3S to the Mail server. b. Allow standard HTTP and HTTPS from the Internet to your web server. c. Allow access to your FTP server for anonymous FTP access. Ensure that you have FTP application inspection enabled in strict mode on the ASA. d. Allow DNS zone transfers from 4.2.2.2 and 8.8.8.8 to your DNS server. e. Deny and log all other incoming connection attempts, and ensure that your logs are sent to the AD/ACS server. 10. Create an Access List on FW1 as follows: a. Allow servers on the DMZ to access the AD server for SMB/CIFS, LDAP, Kerberos, and DNS. AD should be blocked to ALL other systems except the INSIDE network. Note that some services may need more than one port opened. 11. Lock down all devices with best practices used in LABs 1-2. 12. Create a remote access VPN by using the CLI per the guide in the following section. This remote access VPN will be for user access. Note that some commands will not be accepted by the ASA within PacketTracer. Copy in as much as you can. Guide for Remote Access VPNs (CLI) ASA 8.4: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_remote _access.html Submission Instructions: Once you have completed the lab, save it in softcopy, (the configuration files or the packet tracer file). Upload it to Blackboard.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Student’s Name...


Anonymous
Really great stuff, couldn't ask for more.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags