Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Section 13 IPexpert’s Ultimate Preparation Workbook for the CCIE Security Lab Exam – Version 4.1<br />
6.3 - NTP (2 Points)<br />
a) Configure R2 as the NTP clock master.<br />
b) Configure R6 to use NTP clock from R2 in a secured way. R2 should not have any NTP<br />
authentication keys configured to achieve this task.<br />
7 - Virtual Private Networks Configuration (18 Points)<br />
7.1 - Basic Concentrator Configuration (3 Points)<br />
a) Configure the IP Address of the Private Interface through the CLI.<br />
b) The Public interface should be configured from the Graphical interface.<br />
c) Make sure the PC can access the Concentrator. You are allowed a static route on the<br />
Concentrator to accomplish this.<br />
d) Configure the concentrator to send routes using RIP on the private interface.<br />
e) Configure a Default Route on the Public Interface pointing towards R2.<br />
7.2 - Setup a Site-to-Site IPSec VPN between the Concentrator and R5 (4 Points)<br />
a) Encrypt traffic between the 10.2.2.0/24 and 10.5.5.0/24 networks using the following<br />
parameters:<br />
<br />
<br />
<br />
Authentication is based on Pre-shared key of ccie.<br />
Use MD5 for the Hashing algorithm. Use defaults for the rest of the ISAKMP parameters.<br />
For IPSec, use ESP-DES for encryption and ESP-SHA-HMAC for Data Authentication in<br />
Tunnel Mode.<br />
b) You can use static routes on R5 and R1 to accomplish this.<br />
7.3 - Setup a Remote Access VPN from the Cisco Secure Client and the Concentrator (4 points)<br />
a) Use the following parameters to setup Concentrator with the following options:<br />
<br />
<br />
<br />
Assign IP Address in the range of 10.3.3.1 – 10.3.3.254. The pool should be created on<br />
the Concentrator.<br />
Set the username as VPNUser with a password of ccie1234.<br />
Create a group called Remote with a password of ccie.<br />
b) The network 10.3.3.0 should be propagated to R1 through RIP.<br />
7.4 - Setup a Site-to-Site IPSec VPN between the R2 and R6 (4 Points)<br />
a) Create the following loopbacks on R2 and R6:<br />
R2 - Int loo 10 : 192.168.102.2/24<br />
R6 - Int loo 10 : 192.168.106.6/24<br />
b) Create a GRE tunnel from R2 S 0/1/0.6 to R6 S 4/0. Route the newly created loopbacks over<br />
the tunnel using EIGRP in AS 26.<br />
106 Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved.