Download pdf - Free Books

More documents

Recommendations

Info

Section 6 IPexpert’s CCIE Security Proctor Guide – Version 4.1 Section 6 Pre-Lab Setup • Physically connect and configure your network according to Diagram 5-A. • This lab will focus strictly on PIX you will need to pre-configure the network with the base IP Addressing and VLAN configuration. The pre-configuration files will be used to initially configure the routers. You will find these configurations in the “Initial Configurations” subfolder within each section (i.e. IPexpert CCIE Security 4.1 WB Configs Section 5 Initial Configurations Router X.txt.). To ensure you are using the most up-to-date and accurate configurations, please be sure to check the “MY CONFIGS” area of your www.IPexpert.com Member’s Area. Section 6 Configuration Tasks Transparent Firewall Configuration Task 6-1 Configure the PIX for transparent firewall mode. Use the management IP address of 56.56.56.55/24. Configure the firewall to allow telnet and SSH for management from R5’s interface connected to VLAN 5. pixfirewall(config)#firewall transparent pixfirewall(config)#ip address 56.56.56.55 255.255.255.0 pixfirewall(config)#interface eth0 pixfirewall(config-if)#no shut pixfirewall(config-if)#nameif inside INFO: Security level for "inside" set to 100 by default. pixfirewall(config-if)#interface eth1 pixfirewall(config-if)#no shut pixfirewall(config-if)#nameif outside INFO: Security level for "outside" set to 0 by default. pixfirewall(config)#telnet 56.56.56.5 255.255.255.255 inside pixfirewall(config)#ssh 56.56.56.5 255.255.255.255 inside pixfirewall(config)#username cisco password cisco pixfirewall(config)#aaa authentication ssh console LOCAL Verify by testing from R5. R5#ssh -l cisco 56.56.56.55 Password: Type help or '?' for a list of available commands. pixfirewall> In order to be able to ping from R5 to R6, you can permit ICMP traffic entering the outside interface. pixfirewall#conf t pixfirewall(config)#access-list OUTSIDE permit icmp any any pixfirewall(config)#access-group OUTSIDE in interface outside 118 Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved.
IPexpert’s CCIE Security Proctor Guide – Version 4.1 Section 6 Task 6-2 R6 and R5 are preconfigured for OSPF and EIGRP adjacencies. Configure the PIX to allow these adjacencies to form. Permit only ICMP and the necessary routing protocol traffic to pass through the firewall. If you turn on the debug for OSPF hellos, you will see that they are sent out the interfaces, but not received back. If you permit the OSPF traffic to the all OSPF routers group 224.0.0.5 and the host on the other side, the adjacency can form. R6#deb ip ospf hello OSPF hello events debugging is on R6# *Jan 14 06:38:45.244: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 56.56.56.6 pixfirewall(config)#access-list OUTSIDE permit ospf host 56.56.56.6 host 224.0.0.5 pixfirewall(config)#access-list OUTSIDE permit ospf host 56.56.56.6 host 56.56.56.5 pixfirewall(config)#access-list INSIDE permit ospf host 56.56.56.5 host 224.0.0.5 pixfirewall(config)#access-group INSIDE in interface inside pixfirewall(config)#access-list INSIDE permit ospf host 56.56.56.5 host 56.56.56.6 pixfirewall(config)#access-list OUTSIDE permit eigrp host 56.56.56.6 host 224.0.0.10 pixfirewall(config)#access-list OUTSIDE permit eigrp host 56.56.56.6 host 56.56.56.5 pixfirewall(config)#access-list INSIDE permit eigrp host 56.56.56.5 host 224.0.0.10 pixfirewall(config)#access-list INSIDE permit eigrp host 56.56.56.5 host 56.56.56.6 Verify that you can ping the networks learned. R6#ping 192.168.20.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 88/156/176 ms R6#ping 192.168.54.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.54.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 88/157/176 ms R6# Copyright IPexpert, Inc. (http://www.ipexpert.com) 2007. All Rights Reserved. 119
Page 1 and 2: Ultimate Lab Preparation Workbook F
Page 3 and 4: Introduction IPexpert’s Ultimate
Page 5 and 6: Introduction IPexpert’s Ultimate
Page 7 and 8: EULA IPexpert’s Ultimate Preparat
Page 9 and 10: Table of Contents IPexpert’s Ulti
Page 11 and 12: Table of Contents IPexpert’s Ulti
Page 13 and 14: Section 6 IPexpert’s Ultimate Pre
Page 15 and 16: Section 6 IPexpert’s Ultimate Pre
Page 17 and 18: Section 13 IPexpert’s Ultimate Pr
Page 27 and 28: IPexpert’s CCIE Security Proctor
Page 35: IPexpert’s CCIE Security Proctor
Page 77: IPexpert, Inc. Product Order Form F

Download pdf - Free Books

Create successful ePaper yourself

Delete template?

Save as template?