Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Lab2 5

    Hochgeladen von

    Efe Philip
    28 Ansichten10 Seiten
    - The document contains configuration details for three routers - R1, R2, and R3. It includes interface, IP address, routing, and other settings. - R1 has an inside interface connected to network 192.168.1.0 and an outside interface connected to router R2 over serial interface 10.1.1.1. It implements firewall policies between the interfaces. - R2 connects to R1 over serial interface 10.1.1.2 and acts as a router, forwarding traffic between networks 192.168.1.0 and 192.168.3.0. - R3 connects to R2 over serial interface 10.2.2.1 and has an

    Originalbeschreibung:

    labs

    Originaltitel

    lab2.5

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    - The document contains configuration details for three routers - R1, R2, and R3. It includes interface, IP address, routing, and other settings. - R1 has an inside interface connected to network 192.168.1.0 and an outside interface connected to router R2 over serial interface 10.1.1.1. It implements firewall policies between the interfaces. - R2 connects to R1 over serial interface 10.1.1.2 and acts as a router, forwarding traffic between networks 192.168.1.0 and 192.168.3.0. - R3 connects to R2 over serial interface 10.2.2.1 and has an

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    28 Ansichten10 Seiten

    Lab2 5

    Hochgeladen von

    Efe Philip
    - The document contains configuration details for three routers - R1, R2, and R3. It includes interface, IP address, routing, and other settings. - R1 has an inside interface connected to network 192.168.1.0 and an outside interface connected to router R2 over serial interface 10.1.1.1. It implements firewall policies between the interfaces. - R2 connects to R1 over serial interface 10.1.1.2 and acts as a router, forwarding traffic between networks 192.168.1.0 and 192.168.3.0. - R3 connects to R2 over serial interface 10.2.2.1 and has an

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 10

    Building configuration... Current configuration : 6591 bytes ! version 12.

    4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R1 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog no logging buffered logging console critical enable secret 5 $1$qiT9$TsdzaYNSjevWaC1VDKYgF0 ! aaa new-model ! aaa authentication login local_authen local aaa authorization exec local_author local ! aaa session-id common dot11 syslog no ip source-route ! ip cef no ip bootp server no ip domain lookup ! no ipv6 cef multilink bundle-name authenticated ! crypto pki trustpoint TP-self-signed-1301487169 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1301487169 revocation-check none rsakeypair TP-self-signed-1301487169 ! ! crypto pki certificate chain TP-self-signed-1301487169 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333031 34383731 3639301E 170D3038 31323231 31363238 33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33303134 38373136 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CACC 53A913D4 424F2294 B8EAC5BF E4CADFC5 FCBD03D2 C40D6BF7 9B582413 8C478ADC B02FB6BF 481512E1 3BDE9FDE 88DFAFE1 A76621C3 10EBBC35 62D7331E E820D588 8F703464 0FE6258C 96BE38C2 111DAC8C A2D2C800 D61390C0 16CD886C BA036712 E3ADC4F8 DC477457 CEB68C1F 8064C9BD CF3AC037 9DEE8B8D 9906C165 6CF50203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02523130 1F060355 1D230418 30168014 511FE4C9 4A1A8667 F2BB73CC F3FDCCE3 DE9CBCA7 301D0603 551D0E04 16041451 1FE4C94A 1A8667F2 BB73CCF3 FDCCE3DE 9CBCA730 0D06092A 864886F7 0D010104 05000381 810098BE 697A56AA 40E7D56A AB7C86A2 9A76D57E DD17150E D35382F5 792C6A54 C9272E0C ED0FE4EC 3CFE585D 2C0DE8ED 37BD10F8 49110181 3462D1DC 9E35A052 0C74585C CA2FB05F E965BA45 4BFEBB14 DB07F28C ABE06ECA 0DBBD791 1CF0E3C0 775EB127 65734982 309AD84E 2AE3C3A6 A16B83E5 328F5D2C 3A31D8D4 5E71538C AE34 quit ! username admin privilege 15 secret 5 $1$uKGH$dq8qkvBLt5L4nED5bNTK4. archive log config hidekeys ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp

    match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit inspect class class-default pass policy-map type inspect sdm-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect ! interface Null0 no ip unreachables ! interface FastEthernet0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown duplex auto speed auto no mop enabled ! interface FastEthernet0/1 description $FW_INSIDE$

    ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress zone-member security in-zone duplex auto speed auto no mop enabled ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.1.1.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress zone-member security out-zone clock rate 64000 ! interface Serial0/0/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown clock rate 2000000 ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.1.1.2 no ip http server ip http access-class 1 ip http authentication local ip http secure-server ! logging trap debugging logging 192.168.1.3 access-list 1 remark HTTP Access-class list

    access-list 1 remark SDM_ACL Category=1 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 10.1.1.0 0.0.0.3 any access-list 101 remark VTY Access-class list access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 101 deny ip any any no cdp run ! control-plane ! banner login ^CUnauthorized access prohibited^C ! line con 0 login authentication local_authen transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 101 in authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler allocate 20000 1000 end R1#

    Router R2 R2#sh run Building configuration... Current configuration : 1089 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model dot11 syslog ip source-route ! ip cef no ip domain lookup ! no ipv6 cef multilink bundle-name authenticated ! archive log config hidekeys ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 no fair-queue ! interface Serial0/0/1 ip address 10.2.2.2 255.255.255.252 clock rate 64000 ! interface Vlan1 no ip address

    ! ntp master 3 ! ip forward-protocol nd ip route 192.168.1.0 255.255.255.0 10.1.1.1 ip route 192.168.3.0 255.255.255.0 10.2.2.1 no ip http server no ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end R2#

    R3#sh run Building configuration... Current configuration : 2702 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname R3 ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 4096 logging console critical enable secret 5 $1$i3H5$6JaGfJCExTLVatrVfPoUf/ enable password 7 14141B180F0B7E7E72 ! aaa new-model ! aaa authentication login local_auth local ! aaa session-id common dot11 syslog no ip source-route no ip gratuitous-arps ! ip cef no ip bootp server no ip domain lookup ip domain name ccnasecurity.com login block-for 60 attempts 2 within 30 ! no ipv6 cef multilink bundle-name authenticated ! username admin password 7 0822455D0A16544541 archive log config logging enable hidekeys ! ! ip tcp intercept list autosec_tcp_intercept_list ip tcp intercept connection-timeout 3600

    ip tcp intercept watch-timeout 15 ip tcp intercept max-incomplete low 450 high 550 ip tcp intercept drop-mode random ip ssh time-out 60 ip ssh authentication-retries 2 ! interface FastEthernet0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown duplex auto speed auto no mop enabled ! interface FastEthernet0/1 ip address 192.168.3.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp duplex auto speed auto no mop enabled ! interface FastEthernet0/1/0 ! interface FastEthernet0/1/1 ! interface FastEthernet0/1/2 ! interface FastEthernet0/1/3 ! interface Serial0/0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 ip address 10.2.2.1 255.255.255.252 ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp snmp trap ip verify drop-rate ! interface Vlan1 no ip address no ip redirects no ip unreachables

    no ip proxy-arp no mop enabled ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.2.2.2 no ip http server no ip http secure-server ! logging trap debugging logging facility local2 access-list 100 permit udp any any eq bootpc no cdp run ! control-plane ! banner motd ^C Unauthorized Access Prohibited ^C ! line con 0 exec-timeout 5 0 login authentication local_auth transport output telnet line aux 0 exec-timeout 15 0 login authentication local_auth transport output telnet line vty 0 4 login authentication local_auth transport input telnet ssh ! scheduler allocate 20000 1000 end R3#

    Das könnte Ihnen auch gefallen