Documente Academic
Documente Profesional
Documente Cultură
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+
aaa authentication ppp default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default
aaa accounting network default
tacacs-server host 172.16.111.88
tacacs-server key cisco@0211
ip tacacs source-interface vlan 1
============================
//add entry in ACS Server against Branch Vlan 1 IP Address.
ip ssh version 2
ip ssh authentication-retries 3
ip ssh time-out 10
line console 0
password n3tw0rkm@st3r
line vty 0 4
transport input ssh telnet
no line vty 5 15
no ip domain-lookup
no ip http server
no ip http access-class 23
no ip http authentication local
no ip http secure-server
no ip http timeout-policy idle 60 life 86400 requests 10000
banner login ^C
WARNING!!!*** Railway Rd Sheikhupura ***ACCESS IS RESTRICTED TO AUTHORIZED
PERSONNEL ONLY**
***************************************************************************
*
* WARNING:
* THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY!
* INDIVIDUALS USING THE COMPUTER NETWORK SYSTEM WITHOUT
* AUTHORIZATION, OR IN EXCESS OF THEIR AUTHORIZATION, ARE
* SUBJECT TO HAVING ALL THEIR ACTIVITY ON THIS COMPUTER
* NETWORK SYSTEM MONITORED AND RECORDED BY SYSTEM
* PERSONNEL.
* ACCESS IS RESTRICTED TO AUTHORIZED USERS ONLY!
**************************************************************************
^C
line con 0
password N3tw0rkm@st3r
line aux 0
no exec
no snmp server
ip domain name bop.com.pk
no ip bootp server
no service dhcp
service tcp-keepalives-in
no service pad
no ip source-route
+++++++++++++++++=====================
IN VPN
//sh run | i HO-
// sh run cryp map | i 'tunnel no'
no crypto map BOPVPN1 94 match address HO-0040
no crypto map BOPVPN1 94 set peer 10.0.4.0
no crypto map BOPVPN1 94 set ikev1 transform-set TSET
===========================================================
IN ROUTER
in router -------
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
IN ROUTER
ip access-list extended ssh+telnet
10 permit tcp host 172.16.111.14 any range 22 23
20 permit tcp host 172.16.111.9 any range 22 23
30 permit tcp host 172.16.111.35 any range 22 23
30 permit tcp host 172.16.111.220 any range 22 23
40 permit tcp host 172.16.111.80 any range 22 23
60 permit tcp host 172.16.111.61 any range 22 23
70 permit tcp host 172.16.119.60 any range 22 23
80 permit tcp host 172.16.119.62 any range 22 23
80 permit tcp host 172.16.111.188 0.0.0.3 any
90 permit tcp 192.168.211.0 0.0.0.31 any
//as per branch LAN IP
line vty 0 4
access-class ssh+telnet in
\\\\\\\\\\\\\\\\\
**********Baseline configurations*******************
1)
crypto isakmp policy 10
encryption aes 128
hash sha
exit
no line vty 5 15
no ip domain-lookup
no ip http server
no ip http access-class 23
no ip http authentication local
no ip http secure-server
no ip http timeout-policy idle 60 life 86400 requests 10000
4)confirmation of tset4
5) if on tset5:
write in excel sheet
*************************************************************
tset4 to tset