CCNP2 ISCW Case Study 2

All credit goes to my teachers, who are always source of inspiration for me!!
Using the Cisco IOS CLI:
• Configure all interfaces using the addressing scheme shown in the topology
diagram.
For HQ Router:
HQ(config)#int lo 0
HQ(config-if)#ip add 172.16.4.1 255.255.255.0
HQ(config-if)#exit
HQ(config)#int fa0/0
HQ(config-if)#ip add 172.16.34.4 255.255.255.0
HQ(config-if)#no sh
HQ(config-if)#exit
For FW Router:
FW(config)#int lo 0
FW(config-if)#ip add 172.16.3.1 255.255.255.0
FW(config-if)#exit
FW(config)#int fa0/0
FW(config-if)#no sh
FW(config-if)#exit
FW(config)#int s0/1/1
FW(config-if)#no sh
FW(config-if)#exit
For BRANCH Router:
BRANCH(config)#int lo 0
BRANCH(config-if)#ip add 172.16.1.1 255.255.255.0
BRANCH(config-if)#exit
BRANCH(config)#int s0/1/0
BRANCH(config-if)#ip add 192.168.12.1 255.255.255.0
Arbab Nazar
BRANCH(config-if)#clock rate 64000
BRANCH(config-if)#no sh
BRANCH(config-if)#exit
For BRANCH Router:
ISP(config)#int s0/1/0
ISP(config-if)#ip add 192.168.12.2 255.255.255.0
ISP(config-if)#no sh
ISP(config-if)#exit
ISP(config)#int s0/1/1
ISP(config-if)#ip add 192.168.23.2 255.255.255.0
ISP(config-if)#clock rate 64000
ISP(config-if)#no sh
ISP(config-if)#exit
• Configure HQ, FW, and BRANCH to run EIGRP in AS 1. (Until the tunnel is
created, BRANCH will not have any EIGRP adjacencies.)
• Add the major 172.16.0.0 network to EIGRP and disable automatic

summarization.
HQ(config)#router eigrp 1
HQ(config-router)#network 172.16.0.0
HQ(config-router)#no auto-summary
FW(config)#router eigrp 1
FW(config-router)#network 172.16.0.0
FW(config-router)#no auto-summary
BRANCH(config)#router eigrp 1
BRANCH(config-router)#network 172.16.0.0
BRANCH(config-router)#no auto-summary
• Configure a static default route on FW towards ISP, and redistribute this into
EIGRP.
FW(config)#ip route 0.0.0.0 0.0.0.0 192.168.23.2

FW(config)#router eigrp 1
FW(config-router)#redistribute static
• Configure a static default route on BRANCH toward ISP.
BRANCH(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2
• Create a static route on ISP for 172.16.0.0/16 toward FW.
ISP(config)#ip route 172.16.0.0 255.255.0.0 192.168.23.3
• After configuring the static routes, make sure you can ping between FW and
BRANCH.
FW#ping 192.168.12.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
Arbab Nazar
BRANCH#ping 192.168.23.3
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
• Configure the host with the IP address shown in the topology diagram and make
FW its default gateway.
Arbab Nazar
• Configure FW and BRANCH for SDM access from the host.
FW(config)#username Arbab privilege level 15 password casestudy2

FW(config)#ip domain-name www.hh.se
FW(config)#crypto key generate rsa
FW(config)#ip http server
FW(config)#ip http authentication local
FW(config)#line vty 0 4
FW(config-line)#login local
FW(config-line)#transport input ssh
FW(config-line)#exit
BRANCH(config)#username Arbab privilege level 15 password casestudy2

BRANCH(config)#ip domain-name www.hh.se
BRANCH(config)#crypto key generate rsa
BRANCH(config)#ip http server
BRANCH(config)#ip http authentication local
BRANCH(config)#line vty 0 4
BRANCH(config-line)#login local
BRANCH(config-line)#transport input ssh
BRANCH(config-line)#exit
Using Cisco SDM:

• Create a secure GRE tunnel between FW and BRANCH using IPsec.
• Use the addressing shown on the diagram for the tunnel addressing.
• Run EIGRP across the tunnel.
• You should use the tunnel wizard to configure one end of the tunnel, and
generate a mirror configuration using Cisco SDM for the other end. You may use
the command-line interface (CLI) to implement the mirror tunnel configuration on
BRANCH.
• Apply any encryption algorithms desired for the secure GRE tunnel.
FW Router:
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
BRANCH Router:
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
• Configure FW as a firewall using the basic firewall wizard. Assign the interface
facing the ISP router to be the outside interface. Trust traffic from all other
interfaces.
Arbab Nazar
Arbab Nazar
Arbab Nazar
Arbab Nazar
• If SDM does not automatically allow IPsec traffic through the firewall, explicitly
allow it.
• Use the SDM IPS wizard to configure BRANCH to enable the intrusion prevention
system (IPS) on the ingress interface facing the ISP router.
Arbab Nazar
Arbab Nazar
Arbab Nazar

CCNP2 ISCW Case Study 2

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CCNP2 ISCW Case Study 2

Încărcat de

Drepturi de autor:

Formate disponibile

All credit goes to my teachers, who are always source of inspiration for me!!

Using the Cisco IOS CLI:

For BRANCH Router:

For BRANCH Router:

• Add the major 172.16.0.0 network to EIGRP and disable automatic

FW(config)#ip route 0.0.0.0 0.0.0.0 192.168.23.2

• Configure a static default route on BRANCH toward ISP.

BRANCH(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2

• Create a static route on ISP for 172.16.0.0/16 toward FW.

ISP(config)#ip route 172.16.0.0 255.255.0.0 192.168.23.3

Type escape sequence to abort.

Type escape sequence to abort.

FW(config)#username Arbab privilege level 15 password casestudy2

BRANCH(config)#username Arbab privilege level 15 password casestudy2

Using Cisco SDM:

S-ar putea să vă placă și