JNCIE-SEC-11.a - Lab Diagrams - Pps

Infrastructure and Zones Lab
2014 Juniper Networks, Inc. All rights reserved. Worldwide Education Services www.juniper.net
Group A: Infrastructure and Zones Lab
Address Table
Central-OfficeA1 Central-OfficeA2
Interface Address Zone VLAN Interface Address Zone VLAN
ge-0/0/0.0 10.210.xx.131/26 management
ge-0/0/0 10.210.xx.132/26 management
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-0/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 10.200.101.254/24 EMPLOYEE 101
ge-0/0/5 10.200.102.254/24 DMZ 102 ge-0/0/4 10.200.101.253/24 EMPLOYEE 101
ge-0/0/11 10.200.103.254/24 OPERATIONS 103 ge-0/0/5 10.200.102.253/24 DMZ 102
st0.0 172.20.101.1/24 VPN ge-0/0/11 10.200.103.253/24 OPERATIONS 103
st0.1 172.21.101.1/24 VPN
Hostname Host Address Host Zone VR Routing-Instance
Hostname Host Address Host Zone VR Routing-Instance hostA1-1 10.200.101.11 EMPLOYEE hostsA1
hostA1-1 10.200.101.11 EMPLOYEE hostsA1 hostA1-2 10.200.101.12 EMPLOYEE hostsA1
hostA1-2 10.200.101.12 EMPLOYEE hostsA1
file-serverA 10.200.102.100 DMZ file-serverA
ops-serverA 10.200.103.100 OPERATIONS ops-serverA ops-serverA 10.200.103.100 OPERATIONS ops-serverA
Branch-OfficeA2 Branch-OfficeA3
ge-0/0/0.0 10.210.xx.133/26 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/4 10.200.104.254/24 TRUST 104 ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/5 10.200.105.254/24 INTERNAL 105 ge-0/0/4 10.200.101.254/24 TRUST 106
st0.0 172.20.101.2/24 VPN st0.0 unnumbered VPN
hostA2-1 10.200.104.21 TRUST hostsA2
hostA2-2 10.200.104.22 TRUST hostsA2 hostA3-1 10.200.101.31 TRUST hostsA3
internal-serverA 10.200.105.100 INTERNAL internal-serverA
Group A: Infrastructure and Zones Lab EMPLOYEE DMZ OPERATIONS
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA
VLAN Assignments VLAN Assignments
Interface VLAN-ID Interface VLAN-ID
ge-0/0/4 101 ge-0/0/4 101
ge-0/0/5 102 ge-0/0/5 102
ge-0/0/11 103 ge-0/0/4 ge-0/0/4 ge-0/0/11 103
ge-0/0/11 ge-0/0/11
ge-0/0/5 ge-0/0/5
Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

1.1.1.2 2.2.2.2
1.1.1.1 2.2.2.1
VLAN Assignments
VLAN Assignments
Interface VLAN-ID
Interface VLAN-ID
3.3.3.1 4.4.4.1 ge-0/0/4 106
ge-0/0/4 104
ge-0/0/5 105
ge-0/0/3 ge-0/0/3
Branch-OfficeA2 3.3.3.2 4.4.4.2 Branch-OfficeA3
ge-0/0/4 ge-0/0/5 ge-0/0/4
hostA2-1 hostA2-2 internal-serverA hostA3-1
TRUST INTERNAL TRUST
Group B: Infrastructure and Zones Lab
Address Table
Central-OfficeB1 Central-OfficeB2
ge-0/0/0.0 10.210.xx.135/26 management
ge-0/0/0 10.210.xx.136/26 management
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-0/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 10.200.201.254/24 EMPLOYEE 201
ge-0/0/5 10.200.202.254/24 DMZ 202 ge-0/0/4 10.200.201.253/24 EMPLOYEE 201
ge-0/0/11 10.200.203.254/24 OPERATIONS 203 ge-0/0/5 10.200.202.253/24 DMZ 202
st0.0 172.20.201.1/24 VPN ge-0/0/11 10.200.203.253/24 OPERATIONS 203
st0.1 172.21.201.1/24 VPN
Hostname Host Address Host Zone VR Routing-Instance hostB1-1 10.200.201.11 EMPLOYEE hostsB1
hostB1-1 10.200.201.11 EMPLOYEE hostsB1 hostB1-2 10.200.201.12 EMPLOYEE hostsB1
hostB1-2 10.200.201.12 EMPLOYEE hostsB1 hostB1-3 10.200.201.13 EMPLOYEE hostsB1
hostB1-3 10.200.201.13 EMPLOYEE hostsB1
file-serverB 10.200.202.100 DMZ file-serverB
ops-serverB 10.200.203.100 OPERATIONS ops-serverB ops-serverB 10.200.203.100 OPERATIONS ops-serverB
Branch-OfficeB2 Branch-OfficeB3
ge-0/0/0.0 10.210.xx.137/26 management
ge-0/0/0 10.210.xx.138/26 management
ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/5 10.200.205.254/24 INTERNAL 205 ge-0/0/4 10.200.201.254/24 TRUST 206
st0.0 172.20.201.2/24 VPN st0.0 unnumbered VPN
Hostname Host Address Host Zone VR Routing-Instance Hostname Host Address Host Zone VR Routing-Instance
hostB2-1 10.200.204.21 TRUST hostsB2 hostB3-1 10.200.201.31 TRUST hostsB3
hostB2-2 10.200.204.22 TRUST hostsB2
internal-serverB 10.200.205.100 INTERNAL internal-serverB
Group B: Infrastructure and Zones Lab EMPLOYEE DMZ OPERATIONS
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB
VLAN Assignments VLAN Assignments
Interface VLAN-ID Interface VLAN-ID
ge-0/0/4 201 ge-0/0/4 201
ge-0/0/5 202 ge-0/0/5 202
ge-0/0/11 203 ge-0/0/4 ge-0/0/4 ge-0/0/11 203
ge-0/0/11 ge-0/0/11
ge-0/0/5 ge-0/0/5
Central-OfficeB1 ge-0/0/3 ge-0/0/3 Central-OfficeB2

1.1.1.2 2.2.2.2
1.1.1.1 2.2.2.1
VLAN Assignments
VLAN Assignments
Interface VLAN-ID
Interface VLAN-ID
3.3.3.1 4.4.4.1 ge-0/0/4 206
ge-0/0/4 204
ge-0/0/5 205
ge-0/0/3 ge-0/0/3
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3
ge-0/0/4 ge-0/0/5 ge-0/0/4
hostB2-1 hostB2-2 internal-serverB hostB3-1
Creating Clusters Lab
Group A: Creating Clusters Lab
Central-OfficeA Table
Central-OfficeA Cluster
Interface Address Redundant interface Zone VLAN
fxp0 (node0) 10.210.xx.131/26
fxp0 (node1) 10.210.xx.132/26
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-5/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
ge-0/0/6
ge-5/0/6
ge-0/0/10 reth1
ge-5/0/10 reth1
ge-0/0/11 reth1
ge-5/0/11 reth1
ge-0/0/12 reth1
ge-5/0/12 reth1
reth0 10.200.101.254/24 EMPLOYEE 101
reth1 10.200.102.254/24 DMZ 102
reth1 10.200.103.254/24 OPERATIONS 103
st0.0 172.20.101.1/24 VPN
st0.1 172.21.101.1/24 VPN
Hostname Address Zone VR Routing-Instance

ops-serverA 10.200.103.100 OPERATIONS Worldwide ops-serverA
Education Services
2014 Juniper Networks, Inc. All rights reserved. www.juniper.net
Group A: Creating Clusters Lab
Branch-OfficeA Table
Branch-OfficeA Cluster
fxp0 (node0) 10.210.XX.133/26 management
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 3.3.3.2/24 EXTERNAL
ge-5/0/3 4.4.4.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
reth0 10.200.104.254/24 TRUST 104
reth1 10.200.105.254/24 INTERNAL 105

Group A: Creating Clusters Lab EMPLOYEE DMZ OPERATIONS
Cluster ID 1 ge-0/0/10 ge-0/0/10

ge-0/0/4 ge-0/0/1 ge-0/0/4
ge-0/0/11 ge-0/0/11
ge-0/0/2
ge-0/0/5 ge-0/0/12 ge-0/0/5 ge-0/0/12
ge-0/0/6

1.1.1.2 2.2.2.2
ISP 1 ISP 2
1.1.1.1 2.2.2.1
3.3.3.1 4.4.4.1
Cluster ID 1
ge-0/0/3 ge-0/0/3
ge-0/0/1
ge-0/0/4 ge-0/0/5 ge-0/0/2 ge-0/0/4 ge-0/0/5
hostA2-1 hostA2-2 internal-serverA
TRUST INTERNAL
Group B: Creating Clusters Lab
Central-OfficeB Table
Central-OfficeB Cluster
fxp0 (node0) 10.210.xx.135/27
fxp0 (node1) 10.210.xx.136/27
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 1.1.1.2/24 EXTERNAL
ge-5/0/3 2.2.2.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
ge-0/0/6
ge-5/0/6
ge-0/0/10 reth1
ge-5/0/10 reth1
ge-0/0/11 reth1
ge-5/0/11 reth1
ge-0/0/12 reth1
ge-5/0/12 reth1
reth0 10.200.201.254/24 EMPLOYEE 201
reth1 10.200.202.254/24 DMZ 202
reth1 10.200.203.254/24 OPERATIONS 203
st0.0 172.20.201.1/24 VPN
st0.1 172.21.201.1/24 VPN

ops-serverB 10.200.203.100 OPERATIONS Worldwide ops-serverB
Education Services
2014 Juniper Networks, Inc. All rights reserved. www.juniper.net
Branch-OfficeB Table
Branch-OfficeB Cluster
ge-0/0/1
ge-5/0/1
ge-0/0/2
ge-5/0/2
ge-0/0/3 3.3.3.2/24 EXTERNAL
ge-5/0/3 4.4.4.2/24 EXTERNAL
ge-0/0/4 reth0
ge-5/0/4 reth0
ge-0/0/5 reth1
ge-5/0/5 reth1
reth0 10.200.204.254/24 TRUST 204
reth1 10.200.205.254/24 INTERNAL 205

EMPLOYEE DMZ OPERATIONS
Cluster ID 2
ge-0/0/10 ge-0/0/10
ge-0/0/4 ge-0/0/1 ge-0/0/4
ge-0/0/11 ge-0/0/11
ge-0/0/2
ge-0/0/5 ge-0/0/12 ge-0/0/5 ge-0/0/12
ge-0/0/6

1.1.1.2 2.2.2.2
ISP 1 ISP 2
1.1.1.1 2.2.2.1
Cluster ID 2 3.3.3.1 4.4.4.1
ge-0/0/3 ge-0/0/3
ge-0/0/1
ge-0/0/4 ge-0/0/5 ge-0/0/2 ge-0/0/4 ge-0/0/5
hostB2-1 hostB2-2 internal-serverB
TRUST INTERNAL
Building Security Policies Lab
Group A: Building Security Policies Lab
Address Table
Central-OfficeA Cluster Branch-OfficeA2
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0.0 10.210.xx.133/26 management
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 3.3.3.2/24 UNTRUST
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 10.200.104.254/24 TRUST 104
ge-5/0/3 2.2.2.2/24 EXTERNAL ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth0.101 10.200.101.254/24 EMPLOYEE 101 st0.0 172.20.101.2/24 VPN
reth1.102 10.200.102.254/24 DMZ 102
reth1.103 10.200.103.254/24 OPERATIONS 103 Hostname Host Address Host Zone VR Routing-Instance
st0.0 172.20.101.1/24 VPN hostA2-1 10.200.104.21 TRUST hostsA2
ops-serverA 10.200.103.100 OPERATIONS ops-serverA
Branch-OfficeA3 WarehouseA
ge-0/0/0 10.210.xx.134/26 management ge-0/0/0 10.210.xx.141/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/2 10.200.107.254/24 TRUST
ge-0/0/4 10.200.101.254/24 TRUST 106
st0.0 172.21.101.2/24 VPN
st0.0 unnumbered VPN
Warehouse-serverA 10.200.107.100 TRUST warehouseA
HostA3-1 10.200.101.31 TRUST hostsA3
Group A: Building Security Policies Lab
ge-0/0/10
ge-0/0/10 ge-0/0/1
ge-0/0/4 ge-0/0/4 ge-0/0/11
ge-0/0/11 ge-0/0/2
ge-0/0/5 ge-0/0/5 ge-0/0/12
ge-0/0/12 ge-0/0/6 TRUST
warehouse-serverA
1.1.1.2 2.2.2.2
ISP1 ISP2
1.1.1.1 2.2.2.1
ge-0/0/1 ge-0/0/2
5.5.5.1 5.5.5.2
WarehouseA
3.3.3.1 4.4.4.1
ge-0/0/3 ge-0/0/3
ge-0/0/4 ge-0/0/5 ge-0/0/4
Group B: Building Security Policies Lab
Address Table
Central-OfficeB Cluster Branch-OfficeB2
reth1.202 10.200.202.254/24 DMZ 202
st0.0 172.20.201.1/24 VPN hostB2-1 10.200.204.21 TRUST hostsB2
ops-serverB 10.200.203.100 OPERATIONS ops-serverB
Branch-OfficeB3 WarehouseB
ge-0/0/0 10.210.xx.138/26 management ge-0/0/0 10.210.xx.142/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/2 10.200.207.254/24 TRUST
ge-0/0/4 10.200.201.254/24 TRUST 206
st0.0 172.21.201.2/24 VPN
Warehouse-serverB 10.200.207.100 TRUST warehouseB
HostB3-1 10.200.201.31 TRUST hostsB3
Group B: Building Security Policies Lab
ge-0/0/10
ge-0/0/10 ge-0/0/1
ge-0/0/4 ge-0/0/4 ge-0/0/11
ge-0/0/11 ge-0/0/2
ge-0/0/5 ge-0/0/5 ge-0/0/12
ge-0/0/12 ge-0/0/6 TRUST
warehouse-serverB
1.1.1.2 2.2.2.2
ISP1 ISP2
1.1.1.1 2.2.2.1
ge-0/0/1 ge-0/0/2
5.5.5.1 5.5.5.2
WarehouseB
3.3.3.1 4.4.4.1
ge-0/0/3 ge-0/0/3
ge-0/0/4 ge-0/0/5 ge-0/0/4

Building IPsec VPNs Lab
Group A: Building IPsec VPNs Lab Address
Table
reth1.102 10.200.102.254/24 DMZ 102
gr-0/0/0.0 172.20.103.254/24 VPN internal-serverA 10.200.105.100 INTERNAL internal-serverA

hostA1-1 10.200.101.11 EMPLOYEE hostsA1 WarehouseA
hostA1-2 10.200.101.12 EMPLOYEE hostsA1 Interface Address Zone VLAN
hostA1-3 10.200.101.13 EMPLOYEE hostsA1 ge-0/0/0 10.210.xx.141/26 management
file-serverA 10.200.102.100 DMZ file-serverA ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/2 10.200.107.254/24 TRUST
st0.0 172.21.101.2/24 VPN
Branch-OfficeA3 Hostname Address Zone VR Routing-Instance

Interface Address Zone VLAN Warehouse-serverA 10.200.107.100 TRUST warehouse-serverA
ge-0/0/0 10.210.xx.134/26 management
SupplierA
ge-0/0/3 4.4.4.2/24 UNTRUST Interface Address Zone VLAN
ge-0/0/4 10.200.101.254/24 TRUST 106 ge-0/0/0 10.210.xx.143 management
st0.0 unnumbered VPN ge-0/0/1 6.6.6.2/24 UNTRUST
ge-0/0/2 10.200.108.254/24 TRUST
gr-0/0/0.0 172.20.103.1/24 VPN
inventory-serverA 10.200.108.100 TRUST inventory-serverA
Group A: Building IPsec VPNs Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/5 ge-0/0/12 ge-0/0/5 ge-0/0/12 warehouse-serverA
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
ISP 1 ISP 2 ge-0/0/2
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeA3 ge-0/0/2
Branch-OfficeA2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverA
TRUST

Group B: Building IPsec VPNs Lab Address
Table
reth1.202 10.200.202.254/24 DMZ 202
gr-0/0/0.0 172.20.203.254/24 VPN internal-serverB 10.200.205.100 INTERNAL internal-serverB

hostB1-1 10.200.201.11 EMPLOYEE hostsB1 WarehouseB
hostB1-2 10.200.201.12 EMPLOYEE hostsB1 Interface Address Zone VLAN
hostB1-3 10.200.201.13 EMPLOYEE hostsB1 ge-0/0/0 10.210.xx.141/26 Management
file-serverB 10.200.202.100 DMZ file-serverB ge-0/0/1 5.5.5.2/24 UNTRUST
ops-serverB 10.200.203.100 OPERATIONS ops-serverB ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN
Branch-OfficeB3 Hostname Address Zone VR Routing-Instance

Interface Address Zone VLAN Warehouse-serverB 10.200.207.100 TRUST warehouse-server
ge-0/0/0 10.210.xx.134/26 management
SupplierB
ge-0/0/3 4.4.4.2/24 UNTRUST
Interface Address Zone VLAN
st0.0 Unnumbered VPN ge-0/0/1 6.6.6.2/24 UNTRUST
gr-0/0/0.0 172.20.203.1/24 VPN ge-0/0/2 10.200.208.254/24 TRUST

inventory-serverB 10.200.208.100 TRUST inventory-server
Group B: Building IPsec VPNs Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/5 ge-0/0/12 ge-0/0/5 ge-0/0/12 warehouse-serverB
ge-0/0/6
gr-0/0/0
1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
Branch-OfficeB2 3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverB
TRUST

Network Address Translation Lab
Group A: Network Address Translation Lab
Address Table
reth1.102 10.200.102.254/24 DMZ 102

ops-serverA 10.200.103.100 OPERATIONS ops-serverA ge-0/0/2 10.200.107.254/24 TRUST
st0.0 172.21.101.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierA
ge-0/0/2 10.200.108.254/24 TRUST
gr-0/0/0.0 172.20.103.1/24 VPN
Hostname Host Address Host Zone VR Routing-Instance inventory-serverA 10.200.108.100 TRUST inventory-serverA
Group A: Network Address Translation Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
ge-0/0/3 ge-0/0/3 gr-0/0/0
Branch-OfficeA2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverA
TRUST

Group B: Network Address Translation Lab
Address Table
reth1.202 10.200.202.254/24 DMZ 202

ge-0/0/0 10.210.xx.141/26 Management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierB
ge-0/0/3 4.4.4.2/24 UNTRUST
gr-0/0/0.0 172.20.203.1/24 VPN ge-0/0/2 10.200.208.254/24 TRUST

Group B: Network Address Translation Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
3.3.3.2 4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverB
TRUST

Attack Prevention Lab
Group A: Attack Prevention Lab Address Table
reth1.102 10.200.102.254/24 DMZ 102

st0.0 172.21.101.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierA
ge-0/0/2 10.200.108.254/24 TRUST
gr-0/0/0.0 172.20.103.1/24 VPN
Group A: Attack Prevention Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
Branch-OfficeA2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverA
TRUST
2014 Juniper Networks,TRUST

Inc. All rights reserved. INTERNAL TRUST Education Services
Worldwide www.juniper.net
Group B: Attack Prevention Lab Address Table
reth1.202 10.200.202.254/24 DMZ 202

ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierB
ge-0/0/3 4.4.4.2/24 UNTRUST
gr-0/0/0.0 172.20.203.1/24 VPN ge-0/0/2 10.200.208.254/24 TRUST

Group B: Attack Prevention Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
gr-0/0/0
ge-0/0/3 ge-0/0/3
Branch-OfficeB2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverB
TRUST

Unified Threat Management and
Screen Options Lab
Group A: UTM and Screen Options Lab
Address Table
reth1.102 10.200.102.254/24 DMZ 102

ge-0/0/1 5.5.5.2/24 UNTRUST
st0.0 172.21.101.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierA
ge-0/0/2 10.200.108.254/24 TRUST
gr-0/0/0.0 172.20.103.1/24 VPN
Group A: UTM and Screen Options Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2
gr-0/0/0
2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseA
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
Branch-OfficeA2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverA
TRUST

Group B: UTM and Screen Options Lab
Address Table
reth1.202 10.200.202.254/24 DMZ 202

ops-serverB 10.200.203.100 OPERATIONS ops-serverB ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierB
ge-0/0/3 4.4.4.2/24 UNTRUST
gr-0/0/0.0 172.20.203.1/24 VPN ge-0/0/2 10.200.208.254/24 TRUST

Group B: UTM and Screen Options Lab
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2 gr-0/0/0

2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseB
6.6.6.1
3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3 gr-0/0/0
Branch-OfficeB2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverB
TRUST

Extended Implementations Lab
Group A: Extended Implementations Lab Task 1
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/1 11.11.11.1/30 P2P
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/3 3.3.3.2/24 UNTRUST
reth0.101 10.200.101.254/24 EMPLOYEE 101 ge-0/0/5 10.200.105.254/24 INTERNAL 105
reth1.102 10.200.102.254/24 DMZ 102 st0.0 172.20.101.2/24 VPN
reth1.103 10.200.103.254/24 OPERATIONS 103
st0.0 172.20.101.1/24 VPN Hostname Host Address Host Zone VR Routing-Instance
gr-0/0/0.0 172.20.103.254/24 VPN hostA2-2 10.200.104.22 TRUST hostsA2
ge-0/0/0 10.210.xx.141/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/2 10.200.107.254/24 TRUST
st0.0 172.21.101.2/24 VPN

ge-0/0/0 10.210.xx.134/26 management
SupplierA
ge-0/0/1 11.11.11.2/30 P2P Interface Address Zone VLAN
ge-0/0/3 4.4.4.2/24 UNTRUST ge-0/0/0 10.210.xx.143 management
ge-0/0/2 10.200.108.254/24 TRUST
gr-0/0/0.0 172.20.103.1/24 VPN Hostname Address Zone VR Routing-Instance
Group A: Extended Implementations Lab Task 1
hostA1-1 hostA1-2 hostA1-3 file-serverA ops-serverA Point-to-Point Connection
Device Interface Address
Branch-OfficeA2 ge-0/0/1 11.11.11.1/30
Branch-OfficeA3 ge-0/0/1 11.11.11.2/30
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2 gr-0/0/0

2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseA
6.6.6.1
ge-0/0/1
3.3.3.1 4.4.4.1ge-0/0/1 ge-0/0/1
6.6.6.2 SupplierA
gr-0/0/0
ge-0/0/3 ge-0/0/3
Branch-OfficeA2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverA
TRUST

2014 Juniper Networks,
TRUST Inc. All rights reserved.
INTERNAL Worldwide
TRUST Education Services www.juniper.net
Group B: Extended Implementations Lab Task 1
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/1 11.11.11.1/30 P2P
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/3 3.3.3.2/24 UNTRUST
reth0.201 10.200.201.254/24 EMPLOYEE 201 ge-0/0/5 10.200.205.254/24 INTERNAL 205
reth1.202 10.200.202.254/24 DMZ 202 st0.0 172.20.201.2/24 VPN
reth1.203 10.200.203.254/24 OPERATIONS 203
st0.0 172.20.201.1/24 VPN Hostname Host Address Host Zone VR Routing-Instance
gr-0/0/0.0 172.20.203.254/24 VPN hostB2-2 10.200.204.22 TRUST hostsB2
ge-0/0/0 10.210.xx.141/26 management
ge-0/0/1 5.5.5.2/24 UNTRUST
ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN

Interface Address Zone VLAN Warehouse-server 10.200.207.100 TRUST warehouse-serverB
ge-0/0/0 10.210.xx.134/26 management
SupplierB
ge-0/0/1 11.11.11.2/30 P2P Interface Address Zone VLAN
ge-0/0/3 4.4.4.2/24 UNTRUST ge-0/0/0 10.210.xx.143 management
ge-0/0/2 10.200.208.254/24 TRUST
st0.0 Unnumbered VPN
gr-0/0/0.0 172.20.203.1/24 VPN Hostname Address Zone VR Routing-Instance
inventory-serverB 10.200.208.100 TRUST inventory-serverB
Group B: Extended Implementations Lab Task 1
hostB1-1 hostB1-2 hostB1-3 file-serverB ops-serverB Point-to-Point Connection
Device Interface Address
Branch-OfficeB2 ge-0/0/1 11.11.11.1/30
Branch-OfficeB3 ge-0/0/1 11.11.11.2/30
ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/1
ge-0/0/4 ge-0/0/11 ge-0/0/4 ge-0/0/11
ge-0/0/2
ge-0/0/6

1.1.1.2 2.2.2.2 gr-0/0/0

2.2.2.1 ge-0/0/1
1.1.1.1
5.5.5.2
5.5.5.1 WarehouseB
6.6.6.1
ge-0/0/1 3.3.3.1 4.4.4.1ge-0/0/1 ge-0/0/1
6.6.6.2 SupplierB
gr-0/0/0
ge-0/0/3 ge-0/0/3
Branch-OfficeB2
ge-0/0/4 ge-0/0/5 ge-0/0/4
inventory-serverB
TRUST
TRUST Inc. All rights reserved.

2014 Juniper Networks, INTERNAL Worldwide
TRUST Education Services www.juniper.net
Group A: Extended Implementations Lab Tasks 24
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0 management 109
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 UNTRUST 109
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 TRUST 109
ge-5/0/3 2.2.2.2/24 EXTERNAL irb.0 10.210.xx.133/26
reth0.101 10.200.101.254/24 EMPLOYEE 101
reth1.102 10.200.102.254/24 DMZ 102 Hostname Host Address Host Zone VR Routing-Instance
reth1.103 10.200.103.254/24 OPERATIONS 103 mail-serverA 10.200.109.200 TRUST mail-serverA
st0.0 172.20.101.1/24 VPN
st0.1 172.21.101.1/24 VPN WarehouseA
gr-0/0/0.0 172.20.103.254/24 VPN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.141/26 management
Hostname Host Address Host Zone VR Routing-Instance ge-0/0/1 5.5.5.2/24 UNTRUST
hostA1-1 10.200.101.11 EMPLOYEE hostsA1 ge-0/0/2 10.200.107.254/24 TRUST
st0.0 172.21.101.2/24 VPN
Warehouse-serverA 10.200.107.100 TRUST warehouse-serverA
Branch-OfficeA3 SupplierA
ge-0/0/0 10.210.xx.143 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/1 6.6.6.2/24 UNTRUST
ge-0/0/1 11.11.11.2/30 P2P ge-0/0/2 10.200.108.254/24 TRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/4 10.200.101.254/24 TRUST 106
gr-0/0/0.0 172.20.103.1/24 VPN

Group A: Extended Implementations Lab Tasks 24
ge-0/0/10 ge-0/0/1 ge-0/0/10 TRUST

ge-0/0/4 ge-0/0/4
ge-0/0/11 ge-0/0/2 ge-0/0/11
ge-0/0/6

1.1.1.2 2.2.2.2
ISP1 ISP2 ge-0/0/2

2.2.2.1 ge-0/0/1
1.1.1.1
Branch-OfficeA2 5.5.5.2
5.5.5.1 WarehouseA
Hostname Address
6.6.6.1
mail-serverA 3.3.3.100/24 3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierA
ge-0/0/3
ge-0/0/3 ge-0/0/2
Branch-OfficeA2 4.4.4.2 Branch-OfficeA3
ge-0/0/4 ge-0/0/4
inventory-serverA
TRUST
mail-serverA hostA3-1
TRUST TRUST
Group B: Extended Implementations Lab Tasks 24
fxp0 (node 0) 10.210.xx.131/26 management ge-0/0/0 management 209
fxp0 (node 1) 10.210.xx.132/26 management ge-0/0/3 UNTRUST 209
ge-0/0/3 1.1.1.2/24 EXTERNAL ge-0/0/4 TRUST 209
ge-5/0/3 2.2.2.2/24 EXTERNAL irb.0 10.210.xx.133/26
reth0.201 10.200.201.254/24 EMPLOYEE 201
reth1.202 10.200.202.254/24 DMZ 202 Hostname Host Address Host Zone VR Routing-Instance
reth1.203 10.200.203.254/24 OPERATIONS 203 mail-serverB 10.200.209.200 TRUST mail-serverB
st0.0 172.20.201.1/24 VPN
st0.1 172.21.201.1/24 VPN WarehouseB
gr-0/0/0.0 172.20.203.254/24 VPN Interface Address Zone VLAN
ge-0/0/0 10.210.xx.141/26 management
Hostname Host Address Host Zone VR Routing-Instance ge-0/0/1 5.5.5.2/24 UNTRUST
hostB1-1 10.200.201.11 EMPLOYEE hostsB1 ge-0/0/2 10.200.207.254/24 TRUST
st0.0 172.21.201.2/24 VPN
ops-serverB 10.200.203.100 OPERATIONS ops-serverB Warehouse-serverB 10.200.207.100 TRUST warehouse-serverB
Branch-OfficeB3 SupplierB
ge-0/0/0 10.210.xx.143 management
ge-0/0/0 10.210.xx.134/26 management
ge-0/0/1 6.6.6.2/24 UNTRUST
ge-0/0/1 11.11.11.2/30 P2P ge-0/0/2 10.200.208.254/24 TRUST
ge-0/0/3 4.4.4.2/24 UNTRUST
ge-0/0/4 10.200.201.254/24 TRUST 206
inventory-serverB 10.200.208.100 TRUST inventory-serverB
st0.0 Unnumbered VPN
gr-0/0/0.0 172.20.203.1/24 VPN

Group B: Extended Implementations Lab Tasks 24
ge-0/0/10 ge-0/0/1 ge-0/0/10 TRUST

ge-0/0/4 ge-0/0/4
ge-0/0/11 ge-0/0/2 ge-0/0/11
ge-0/0/6

1.1.1.2 2.2.2.2
ISP1 ISP2 ge-0/0/2

2.2.2.1 ge-0/0/1
1.1.1.1
Branch-OfficeB2 5.5.5.2
5.5.5.1 WarehouseB
Hostname Address
6.6.6.1
mail-serverB 3.3.3.200/24 3.3.3.1 4.4.4.1 ge-0/0/1
6.6.6.2 SupplierB
ge-0/0/3 ge-0/0/3
4.4.4.2 Branch-OfficeB3 ge-0/0/2
Branch-OfficeB2
ge-0/0/4 ge-0/0/4
inventory-serverB
TRUST
mail-serverB hostB3-1
TRUST TRUST

JNCIE-SEC-11.a - Lab Diagrams - Pps

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

JNCIE-SEC-11.a - Lab Diagrams - Pps

Încărcat de

Drepturi de autor:

Formate disponibile

Infrastructure and Zones Lab

Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostA2-1 hostA2-2 internal-serverA hostA3-1

TRUST INTERNAL TRUST

Central-OfficeB1 ge-0/0/3 ge-0/0/3 Central-OfficeB2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostB2-1 hostB2-2 internal-serverB hostB3-1

TRUST INTERNAL TRUST

Hostname Address Zone VR Routing-Instance

Hostname Host Address Host Zone VR Routing-Instance

Cluster ID 1 ge-0/0/10 ge-0/0/10

Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

hostA2-1 hostA2-2 internal-serverA

Hostname Address Zone VR Routing-Instance

Hostname Host Address Host Zone VR Routing-Instance

Central-OfficeB1 ge-0/0/3 ge-0/0/3 Central-OfficeB2

Cluster ID 2 3.3.3.1 4.4.4.1

hostB2-1 hostB2-2 internal-serverB

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostA2-1 hostA2-2 internal-serverA hostA3-1

TRUST INTERNAL TRUST

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostB2-1 hostB2-2 internal-serverB hostB3-1

TRUST INTERNAL TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeA3 Hostname Address Zone VR Routing-Instance

ge-0/0/10 ge-0/0/10 TRUST

Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostA2-1 hostA2-2 internal-serverA hostA3-1

TRUST INTERNAL TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeB3 Hostname Address Zone VR Routing-Instance

Hostname Address Zone VR Routing-Instance

ge-0/0/10 ge-0/0/10 TRUST

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostB2-1 hostB2-2 internal-serverB hostB3-1

TRUST INTERNAL TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeA3 Hostname Address Zone VR Routing-Instance

ge-0/0/10 ge-0/0/10 TRUST

Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostA2-1 hostA2-2 internal-serverA hostA3-1

TRUST INTERNAL TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeB3 Hostname Address Zone VR Routing-Instance

Hostname Address Zone VR Routing-Instance

ge-0/0/10 ge-0/0/10 TRUST

Central-OfficeB1 ge-0/0/3 ge-0/0/3 Central-OfficeB2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostB2-1 hostB2-2 internal-serverB hostB3-1

TRUST INTERNAL TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeA3 Hostname Address Zone VR Routing-Instance

ge-0/0/10 ge-0/0/10 TRUST

Central-OfficeA1 ge-0/0/3 ge-0/0/3 Central-OfficeA2

ge-0/0/4 ge-0/0/5 ge-0/0/4

hostA2-1 hostA2-2 internal-serverA hostA3-1

2014 Juniper Networks,TRUST

Hostname Host Address Host Zone VR Routing-Instance

Branch-OfficeB3 Hostname Address Zone VR Routing-Instance