Professional Documents
Culture Documents
DA4
DA4
1
Configure IP addresses to routers and all components.
2
3
3. Include the screenshots of verifying the network by pinging the IP address
of NAT router (both g0/0 and g0/1) and PC1 from PC0.
4
4. Add screenshot of NAT configuration in NAT router, where you have to
mention nat inside and nat outside.
5
5. Add screenshot of NAT configuration in NAT router, where you have to
mention the translation from the private IP address to public IP address on
PC0.
6. Include the screenshots of pinging the router1 address from PC0 and show
the address translations
6
7. Enable the debug option and include the screenshots of the translations.
9. Include the screenshots of pinging the router1 address from PC1 and show
the address translations.
7
10. Enable the debug option and include the screenshots of the translations.
8
9
B. Configuring Dynamic NAT using CLI in Cisco Packet Tracer.
1. The steps followed in configuring each device [Two PCs, one Switch, one router,
one router (NAT).
10
11
12
STEP 3: Configure OSPF
13
STEP 4: Create a standard ACL to permit inside subnet
14
STEP 5: Configure dynamic NAT to do n-n translations
STEP 6: Bind ACL to NAT pool and configure interfaces as NAT inside or outside.
15
STEP 7: Ping, traceroute the paths and check if there are any translations.
16
2. Add screenshot of the final network setup.
17
3. Include the screenshots of verifying the network by pinging the IP address of
NAT router (both g0/0 and g0/1), router 1 and PC1 from PC0.
18
19
4. Add screenshot of NAT configuration in NAT router, where you have to mention
nat inside and nat outside
20
5. Create a standard access list to permit the PCs [PC0 & PC1].
7. Configure the Dynamic NAT pool to the NAT router, where you have to mention
the translation from the private IP address to public IP address on PC0.
21
8. Include the screenshots of pinging the router1 address from PC0 and show the
address translations.
22
23
9. Enable the debug option and include the screenshots of the translations
24
C. Configure IOS Intrusion Prevention System (IPS) using the CLI in Cisco Packet.
Background / Scenario
Your task is to enable IPS on R1 to scan traffic entering the 192.168.1.0 network.
The server labeled Syslog is used to log IPS messages. You must configure the router to identify the
syslog server to receive logging messages. Displaying the correct time and date in syslog messages is
vital when using syslog to monitor the network. Set the clock and configure the timestamp service
for logging on the routers. Finally, enable IPS to produce an alert and drop ICMP echo reply packets
inline.
1. The steps followed in configuring each device [One Server (Syslog), Two PCs, two routers, one
router (IPS)].
25
26
3. Add Screenshots of the following steps:
Step 1: Verify network connectivity.
27
b. Ping from PC-A to PC-C.
28
Step 2: Enable the Security Technology package.
a. On R1, issue the show version command to view the Technology Package license
information.
b. If the Security Technology package has not been enabled, enable the package.
d. Save the running-config and reload the router to enable the security license.
e. Verify that the Security Technology package has been enabled by using the show version
command.
On R1, create a directory in flash using the mkdir command. Name the directory ipsdir. [The flash file
system (default) is a single flash device on which you can store files].
On R1, configure the IPS signature storage location to be the directory you just created.
29
Step 5: Create an IPS rule name.
On R1, create an IPS rule in global configuration mode. Name the IPS rule iosips.
IOS IPS supports the use of syslog to send event notification. Syslog notification is enabled by
default. If logging console is enabled, IPS syslog messages display.
b. If necessary, use the clock set command from privileged EXEC mode to reset the clock.
c. Verify that the timestamp service for logging is enabled on the router using the show run
command. Enable the timestamp service if it is not enabled.
Retire the all-signature category with the retired true command (all signatures within the signature
release). Unretire the ios_ips basic category with the retired false command.
R1(config-ips-category-action)# exit
R1(config-ips-category-action)# exit
R1(config-ips-cateogry)# exit
30
Step 8: Apply the IPS rule to an interface.
Apply the IPS rule to an interface with the ip ips name direction command in interface configuration
mode. Apply the rule outbound on the G0/0 interface of R1. After you enable IPS, some log messages
will be sent to the console line indicating that the IPS engines are being initialized.
Note: The direction in means that IPS inspects only traffic going into the interface. Similarly, out
means that IPS inspects only traffic going out of the interface.
Un-retire the echo request signature (signature 2004, subsig ID 0), enable it, and change the
signature action to alert and drop.
R1(config-sigdef-sig)# status
31
R1(config-sigdef-sig-status)# enabled true
R1(config-sigdef-sig-status)# exit
R1(config-sigdef-sig)# engine
R1(config-sigdef-sig-engine)# exit
R1(config-sigdef-sig)# exit
R1(config-sigdef)# exit
Use the show ip ips all command to view the IPS configuration status summary.
32
Step 11: Verify that IPS is working properly.
b. From PC-A, attempt to ping PC-C. Were the pings successful? YES
33
Step 12: View the syslog messages.
c. In the left navigation menu, select SYSLOG to view the log file.
34
D. Configuring VPN using CLI in Cisco Packet Tracer.
35
The submission file in word format should include the following:
1. The steps followed in configuring each device [Two PCs, three routers (R1, R2 & R3)
36
37
3. Add Screenshots of the following steps:
Step 1: Add default routing configuration on router, R1
Step 3: Check the connection by pinging each other. Verify network connectivity.
38
b. Ping from R3 to R1.
39
Step 4: Create VPN TUNNEL between R1 and R3
40
Step 5: Test communication between the two routers, R1 & R3 again by pinging each other
41
42
b. Ping from R3 to R1.
Step 6: Do the routing for created VPN Tunnel on Both Routers R1 and R3
43
Step 7: Test VPN TUNNEL configuration for Router, R1 & R3
R1
44
45
R3
46