0% found this document useful (0 votes)

50 views13 pages

Practical 6

Uploaded by

riyevas163

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

50 views13 pages

Practical 6

Uploaded by

riyevas163

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 13

Shaikh Mumsad Ahmed Security in Computing IT21066

Practical 6
Configuring a Zone-Based Policy Firewall (ZPF)

Topology
Shaikh Mumsad Ahmed Security in Computing IT21066
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 1 Configuration
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#
R1(config)#interface GigabitEthernet0/1
R1(config-if)#no ip address
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#ex

Configure Rip on Router 1

R1(config)#router rip
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.1.1.0
R1(config-router)#ex
R1(config)#
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 2 configuration
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0/0/0
Router(config-if)#no ip address
Router(config-if)#ip address 10.1.1.2 255.0.0.0
Router(config-if)#ip address 10.1.1.2 255.0.0.0
Router(config-if)#ip address 10.1.1.2 255.255.255.252
Router(config-if)#ip address 10.1.1.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#end
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface Serial0/0/1
R2(config-if)#ip address 10.2.2.2 255.255.255.252
R2(config-if)#ip address 10.2.2.2 255.255.255.252
R2(config-if)#no shutdown
Configure Rip on Router 2
R2(config-if)#ex
R2(config)#router rip
R2(config-router)#network 10.1.1.0
R2(config-router)#network 10.2.2.0
R2(config-router)#ex
R2(config)#
Shaikh Mumsad Ahmed Security in Computing IT21066

Router 3 configuration
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R3
R3(config)#
R3(config)#
R3(config)#
R3(config)#interface GigabitEthernet0/1
R3(config-if)#no ip address
R3(config-if)#ip address 192.168.3.1 255.255.255.0
R3(config-if)#ip address 192.168.3.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface Serial0/0/0
R3(config-if)#
R3(config-if)#exit
R3(config)#interface Serial0/0/1
R3(config-if)#ip address 10.2.2.1 255.0.0.0
R3(config-if)#ip address 10.2.2.1 255.0.0.0
R3(config-if)#ip address 10.2.2.1 255.255.255.252
R3(config-if)#ip address 10.2.2.1 255.255.255.252
R3(config-if)#no shutdown
Rip configuration on Router 3
R3(config-if)#ex
R3(config)#router rip
Shaikh Mumsad Ahmed Security in Computing IT21066

R3(config-router)#network 192.168.3.0
R3(config-router)#network 10.2.2.0
R3(config-router)#ex
R3(config)#

Configure SSH On Router 2

R2(config)#ip domain-name securityincomputing.com
R2(config)#username admin secret pwd
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config-line)#crypto key zeroize rsa
% No Signature RSA Keys found in configuration.

R2(config)#crypto key generate rsa

The name for the keys will be: R2.securityincomputing.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

R2(config)#ip ssh authentication-retries 2

*Mar 1 0:20:53.121: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#ip ssh version 2
R2(config)#^Z
R2#
Shaikh Mumsad Ahmed Security in Computing IT21066

Verify Basic Network Connectivity

Step 1: Check connectivity from PCA to PCC
Shaikh Mumsad Ahmed Security in Computing IT21066

Step 2: Access R2 using SSH.

PCC>ssh –l admin 10.2.2.2
Password:pwd
R2>exit

Step 3: From PC-C, open a web browser to the PC-A server.

Desktop -> Web Browser
Shaikh Mumsad Ahmed Security in Computing IT21066

URL: http://192.168.1.3
(Successful)

Create the Firewall Zones on R3

Enable the Security Technology package on R3

R2>
R2>en
R2#show version

Technology Package License Information for Module:'c1900'

----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None

Configuration register is 0x2102

R2#

R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#license boot module c1900 technology-package securityk9

ACCEPT? [yes/no]: yes

% use 'write' command to make license boot config take effect on next boot

R3(config)#: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module

name = C1900 Next reboot level = securityk9 and License = securityk9
Shaikh Mumsad Ahmed Security in Computing IT21066

R3(config)#ex
R3#
%SYS-5-CONFIG_I: Configured from console by console

R3#reload
System configuration has been modified. Save? [yes/no]:yes
Building configuration...
[OK]
Proceed with reload? [confirm]

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1524KW47-

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

Create a Firewall zones,class Map and ACL on Router 3

R3>
R3>enable
R3#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#zone security IN-ZONE
R3(config-sec-zone)#exit
R3(config)#zone security OUT-ZONE
R3(config-sec-zone)#exit
R3(config)#access-list 101 permit ip 192.168.3.0 0.0.0.255 any
R3(config)#class-map type inspect match-all IN-NET-CLASS-MAP
R3(config-cmap)#match access-group 101
R3(config-cmap)#exit
R3(config)#policy-map type inspect IN-2-OUT-PMAP
R3(config-pmap)#class type inspect IN-NET-CLASS-MAP
R3(config-pmap-c)#inspect
Shaikh Mumsad Ahmed Security in Computing IT21066

%No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All

protocols will be inspected
R3(config-pmap-c)#exit
R3(config-pmap)#exit
R3(config)#zone-pair security IN-2-OUT-ZPAIR source IN-ZONE destination OUT-ZONE
R3(config-sec-zone-pair)#service-policy type inspect IN-2-OUT-PMAP
R3(config-sec-zone-pair)#exit
R3(config)#interface GigabitEthernet0/0
R3(config)#interface GigabitEthernet0/0
R3(config-if)#zone-member security IN-ZONE
R3(config-if)#ex
R3(config)#interface serial0/0/0
R3(config-if)#zone-member security OUT-ZONE
R3(config-if)#exit
R3(config)#
R3(config)#
R3(config)#exit
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Test FireWall Functionality From IN-ZONE to OUT-ZONE

Shaikh Mumsad Ahmed Security in Computing IT21066
Shaikh Mumsad Ahmed Security in Computing IT21066

SIC Practical Print
No ratings yet
SIC Practical Print
61 pages
Practical Walk Through
No ratings yet
Practical Walk Through
9 pages
SIC Practical5 by STUD - Talks
No ratings yet
SIC Practical5 by STUD - Talks
7 pages
Practical 8
No ratings yet
Practical 8
8 pages
Routing and ..
No ratings yet
Routing and ..
36 pages
Practice SBA w90
No ratings yet
Practice SBA w90
6 pages
Lab 3
No ratings yet
Lab 3
8 pages
Configuration Cisco Router CCNA Introduction To Networks V7.02
No ratings yet
Configuration Cisco Router CCNA Introduction To Networks V7.02
6 pages
5 - Basic Config
No ratings yet
5 - Basic Config
40 pages
Router Configuration Guide
No ratings yet
Router Configuration Guide
29 pages
Configuring ASA-5506X, Final
No ratings yet
Configuring ASA-5506X, Final
26 pages
Basic Cisco IOS Commands
No ratings yet
Basic Cisco IOS Commands
20 pages
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls-ALDO PUGLIESE
No ratings yet
4.4.1.2 Lab - Configuring Zone-Based Policy Firewalls-ALDO PUGLIESE
21 pages
CCNA Descovery 2 Lacture 1&2
No ratings yet
CCNA Descovery 2 Lacture 1&2
5 pages
Configure Basic Router Security
No ratings yet
Configure Basic Router Security
7 pages
5-Basic Config
No ratings yet
5-Basic Config
40 pages
COMANDOS Cisco
No ratings yet
COMANDOS Cisco
9 pages
SIC Manual
No ratings yet
SIC Manual
22 pages
Vlan
No ratings yet
Vlan
5 pages
Cisco Router Configuration Guide
No ratings yet
Cisco Router Configuration Guide
60 pages
CN LAB Assignment1
No ratings yet
CN LAB Assignment1
61 pages
Sic Practical
No ratings yet
Sic Practical
49 pages
CN Lab 7-10
No ratings yet
CN Lab 7-10
22 pages
Basic Configuration
No ratings yet
Basic Configuration
29 pages
Apuntes CCNA Security
No ratings yet
Apuntes CCNA Security
7 pages
Configuring CBAC and Zone-Base Firewalls
No ratings yet
Configuring CBAC and Zone-Base Firewalls
33 pages
Final Exam
No ratings yet
Final Exam
8 pages
Cisco CCNA 1 Packet Tracer Lab Guide
No ratings yet
Cisco CCNA 1 Packet Tracer Lab Guide
12 pages
Configuracion SSH en Gns3
No ratings yet
Configuracion SSH en Gns3
8 pages
CCNA Khaled Marzouk
No ratings yet
CCNA Khaled Marzouk
54 pages
Router
No ratings yet
Router
3 pages
SIC Practical4 by STUD - Talks
No ratings yet
SIC Practical4 by STUD - Talks
13 pages
Complete CCNA CLI Reference Guide - Comprehensive Edition: Router Boot Process and Initial Configuration
No ratings yet
Complete CCNA CLI Reference Guide - Comprehensive Edition: Router Boot Process and Initial Configuration
109 pages
Chapter 6
No ratings yet
Chapter 6
23 pages
Using The Commands On The Router: Show Version Show Ip Interface Brief (Or Show Interface)
No ratings yet
Using The Commands On The Router: Show Version Show Ip Interface Brief (Or Show Interface)
8 pages
14.3.5 Packet Tracer - Basic Router Configuration Review
No ratings yet
14.3.5 Packet Tracer - Basic Router Configuration Review
10 pages
Complete CCNA CLI Reference Guide - Expanded With Every Detail and Variation
No ratings yet
Complete CCNA CLI Reference Guide - Expanded With Every Detail and Variation
93 pages
Comandos de Clase
No ratings yet
Comandos de Clase
10 pages
Zone-Based Firewall Setup Guide
No ratings yet
Zone-Based Firewall Setup Guide
8 pages
Cisco Router Switch Security Hardening
No ratings yet
Cisco Router Switch Security Hardening
9 pages
CCNA Security Lab Manual by Yasir Imran
100% (4)
CCNA Security Lab Manual by Yasir Imran
178 pages
Configure Secure Administrative Access-1
No ratings yet
Configure Secure Administrative Access-1
13 pages
1 - How To Install Tacacs
No ratings yet
1 - How To Install Tacacs
11 pages
Data Com Test
No ratings yet
Data Com Test
11 pages
Packet Tracer - Configuring A Zone-Based Policy Firewall (ZPF)
No ratings yet
Packet Tracer - Configuring A Zone-Based Policy Firewall (ZPF)
9 pages
20200211台中
No ratings yet
20200211台中
95 pages
KN-2310 Stable 4.00.C.7.0-0 Router Startup-Config
No ratings yet
KN-2310 Stable 4.00.C.7.0-0 Router Startup-Config
7 pages
Configure Admistrative Roles
No ratings yet
Configure Admistrative Roles
20 pages
7.9.3.2.13 Lab - Configuring and Verifying Extended ACLs
No ratings yet
7.9.3.2.13 Lab - Configuring and Verifying Extended ACLs
9 pages
Cisco Router Command Guide
No ratings yet
Cisco Router Command Guide
13 pages
Cisco Commands - 2016-05-19
No ratings yet
Cisco Commands - 2016-05-19
26 pages
KN-1611 Stable 3.08.C.2.0-0 Router Startup-Config
No ratings yet
KN-1611 Stable 3.08.C.2.0-0 Router Startup-Config
6 pages
ITNB02 11.2.4.6 Securing Network Devices
No ratings yet
ITNB02 11.2.4.6 Securing Network Devices
8 pages
OpenVPN Configuration Step by Step
No ratings yet
OpenVPN Configuration Step by Step
24 pages
Project of Networking
100% (1)
Project of Networking
5 pages
Routing Policy
No ratings yet
Routing Policy
2,936 pages
IPSec VPN With Certificate Based Authentication 1736067186
No ratings yet
IPSec VPN With Certificate Based Authentication 1736067186
45 pages
Commissioning Checklist
No ratings yet
Commissioning Checklist
42 pages
Osr H63735 102120 PDF
No ratings yet
Osr H63735 102120 PDF
2 pages
Routing 2
No ratings yet
Routing 2
39 pages
21-Ethernet Shared Media and Point
No ratings yet
21-Ethernet Shared Media and Point
2 pages
Esp at en v2.3.0.0 - Esp32c3 414 Gacc4d219 Esp32
No ratings yet
Esp at en v2.3.0.0 - Esp32c3 414 Gacc4d219 Esp32
399 pages
Case Study All Units - CN
No ratings yet
Case Study All Units - CN
20 pages
OSI Model Layers Explained
No ratings yet
OSI Model Layers Explained
30 pages
RCS Over LTE Using Diameter Based Policy Control
No ratings yet
RCS Over LTE Using Diameter Based Policy Control
18 pages
Network Protocol (CSE - 306) (Makeup) PDF
No ratings yet
Network Protocol (CSE - 306) (Makeup) PDF
2 pages
B Cisco Nexus 7000 NX-OS Security Configuration Guide Release 5-x Chapter 01000
No ratings yet
B Cisco Nexus 7000 NX-OS Security Configuration Guide Release 5-x Chapter 01000
24 pages
Network Interface Overview
No ratings yet
Network Interface Overview
3 pages
Azure Network Security Guide
No ratings yet
Azure Network Security Guide
41 pages
Serverlink Pdu
No ratings yet
Serverlink Pdu
19 pages
Alienvault Data Source Integration - Cisco ASA
No ratings yet
Alienvault Data Source Integration - Cisco ASA
4 pages
Java Chat App Development Report
No ratings yet
Java Chat App Development Report
12 pages
Show Answer
No ratings yet
Show Answer
23 pages
Radware Linkproof User Guide 200-101 - LP - Level1-V9
33% (3)
Radware Linkproof User Guide 200-101 - LP - Level1-V9
169 pages
User Guide VyOS Wiki
No ratings yet
User Guide VyOS Wiki
45 pages
Firewall
No ratings yet
Firewall
12 pages
TMN Networking PDF
100% (4)
TMN Networking PDF
113 pages
Configurar Eventos Issabel
No ratings yet
Configurar Eventos Issabel
3 pages
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
No ratings yet
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
7 pages
Bulk Logging & Port Block Allocation
No ratings yet
Bulk Logging & Port Block Allocation
10 pages
DoS and DDoS Attack Tools Guide
No ratings yet
DoS and DDoS Attack Tools Guide
30 pages
Subneting Workbook
No ratings yet
Subneting Workbook
42 pages
Ru RG Ap520 - Datasheet
No ratings yet
Ru RG Ap520 - Datasheet
14 pages

Practical 6

Uploaded by

Practical 6

Uploaded by

Shaikh Mumsad Ahmed Security in Computing IT21066

Configure Rip on Router 1

Configure SSH On Router 2

R2(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024

R2(config)#ip ssh authentication-retries 2

Verify Basic Network Connectivity

Step 2: Access R2 using SSH.

Step 3: From PC-C, open a web browser to the PC-A server.

Create the Firewall Zones on R3

Enable the Security Technology package on R3

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

ACCEPT? [yes/no]: yes

R3(config)#: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module

Technology Package License Information for Module:'c1900'

Configuration register is 0x2102

Create a Firewall zones,class Map and ACL on Router 3

%No specific protocol configured in class IN-NET-CLASS-MAP for inspection. All

Test FireWall Functionality From IN-ZONE to OUT-ZONE

You might also like