Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Section 6 IPexpert’s CCIE Security Proctor Guide – Version 4.1<br />
Section 6 Pre-Lab Setup<br />
• Physically connect and configure your network according to Diagram 5-A.<br />
• This lab will focus strictly on PIX you will need to pre-configure the network with the base IP<br />
Addressing and VLAN configuration. The pre-configuration files will be used to initially<br />
configure the routers. You will find these configurations in the “Initial Configurations” subfolder<br />
within each section (i.e. IPexpert CCIE Security 4.1 WB Configs Section 5 Initial<br />
Configurations Router X.txt.). To ensure you are using the most up-to-date and accurate<br />
configurations, please be sure to check the “MY CONFIGS” area of your www.IPexpert.com<br />
Member’s Area.<br />
Section 6 Configuration Tasks<br />
Transparent Firewall Configuration<br />
Task 6-1<br />
Configure the PIX for transparent firewall mode. Use the management IP address of 56.56.56.55/24.<br />
Configure the firewall to allow telnet and SSH for management from R5’s interface connected to VLAN 5.<br />
pixfirewall(config)#firewall transparent<br />
pixfirewall(config)#ip address 56.56.56.55 255.255.255.0<br />
pixfirewall(config)#interface eth0<br />
pixfirewall(config-if)#no shut<br />
pixfirewall(config-if)#nameif inside<br />
INFO: Security level for "inside" set to 100 by default.<br />
pixfirewall(config-if)#interface eth1<br />
pixfirewall(config-if)#no shut<br />
pixfirewall(config-if)#nameif outside<br />
INFO: Security level for "outside" set to 0 by default.<br />
pixfirewall(config)#telnet 56.56.56.5 255.255.255.255 inside<br />
pixfirewall(config)#ssh 56.56.56.5 255.255.255.255 inside<br />
pixfirewall(config)#username cisco password cisco<br />
pixfirewall(config)#aaa authentication ssh console LOCAL<br />
Verify by testing from R5.<br />
R5#ssh -l cisco 56.56.56.55<br />
Password:<br />
Type help or '?' for a list of available commands.<br />
pixfirewall><br />
<br />
In order to be able to ping from R5 to R6, you can permit ICMP traffic entering the<br />
outside interface.<br />
pixfirewall#conf t<br />
pixfirewall(config)#access-list OUTSIDE permit icmp any any<br />
pixfirewall(config)#access-group OUTSIDE in interface outside<br />
118 Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved.