Documente Academic
Documente Profesional
Documente Cultură
• Configure all interfaces using the addressing scheme shown in the topology
diagram.
For HQ Router:
HQ(config)#int lo 0
HQ(config-if)#ip add 172.16.4.1 255.255.255.0
HQ(config-if)#exit
HQ(config)#int fa0/0
HQ(config-if)#ip add 172.16.34.4 255.255.255.0
HQ(config-if)#no sh
HQ(config-if)#exit
For FW Router:
FW(config)#int lo 0
FW(config-if)#ip add 172.16.3.1 255.255.255.0
FW(config-if)#exit
FW(config)#int fa0/0
FW(config-if)#ip add 172.16.34.3 255.255.255.0
FW(config-if)#no sh
FW(config-if)#exit
FW(config)#int s0/1/1
FW(config-if)#ip add 192.168.23.3 255.255.255.0
FW(config-if)#no sh
FW(config-if)#exit
BRANCH(config)#int lo 0
BRANCH(config-if)#ip add 172.16.1.1 255.255.255.0
BRANCH(config-if)#exit
BRANCH(config)#int s0/1/0
BRANCH(config-if)#ip add 192.168.12.1 255.255.255.0
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
BRANCH(config-if)#clock rate 64000
BRANCH(config-if)#no sh
BRANCH(config-if)#exit
ISP(config)#int s0/1/0
ISP(config-if)#ip add 192.168.12.2 255.255.255.0
ISP(config-if)#no sh
ISP(config-if)#exit
ISP(config)#int s0/1/1
ISP(config-if)#ip add 192.168.23.2 255.255.255.0
ISP(config-if)#clock rate 64000
ISP(config-if)#no sh
ISP(config-if)#exit
• Configure HQ, FW, and BRANCH to run EIGRP in AS 1. (Until the tunnel is
created, BRANCH will not have any EIGRP adjacencies.)
HQ(config)#router eigrp 1
HQ(config-router)#network 172.16.0.0
HQ(config-router)#no auto-summary
FW(config)#router eigrp 1
FW(config-router)#network 172.16.0.0
FW(config-router)#no auto-summary
BRANCH(config)#router eigrp 1
BRANCH(config-router)#network 172.16.0.0
BRANCH(config-router)#no auto-summary
• Configure a static default route on FW towards ISP, and redistribute this into
EIGRP.
• After configuring the static routes, make sure you can ping between FW and
BRANCH.
FW#ping 192.168.12.1
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
BRANCH#ping 192.168.23.3
• Configure the host with the IP address shown in the topology diagram and make
FW its default gateway.
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
• Configure FW and BRANCH for SDM access from the host.
FW Router:
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
BRANCH Router:
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
• Configure FW as a firewall using the basic firewall wizard. Assign the interface
facing the ISP router to be the outside interface. Trust traffic from all other
interfaces.
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
• If SDM does not automatically allow IPsec traffic through the firewall, explicitly
allow it.
• Use the SDM IPS wizard to configure BRANCH to enable the intrusion prevention
system (IPS) on the ingress interface facing the ISP router.
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks
Arbab Nazar
Network Engineer
B.Sc. CE, M.Sc. Computer Networks