Sie sind auf Seite 1von 7

=========================================================

======================
R1

#no ip domain-lookup

#int g0/0
#ip add 209.165.200.225 255.255.255.248
#no shut

#int s0/0/0
#ip add 10.1.1.1 255.255.255.252
#clock rate 128000
#no shut

#int lo1
#ip add 172.20.1.1 255.255.255.0

#ip route 0.0.0.0 0.0.0.0 10.1.1.2

#security passwords min-length 10


#service password-encryption
#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
#enable algorithm-type scrypt secret cisco12345

#username Admin01 privilege 15 secret Admin01pa55

#line con 0
#privilege 15
#exec-timeout 15 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 15 0
#logging synchronous
#transport input ssh
#login
#exi

#aaa new-model
#aaa authentication login default local

#login on-success log


#login on-failure log every 2
#exi

#ip http server


#ip http authentication local

#ip domain-name ccnasecurity.com


#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2


#ip ssh time-out 90
#ip ssh authentication-retries 2

#login block-for 60 attempts 2 within 30


#login on-failure log every 2

#secure boot-image
#secure boot-config

#copy running-config startup-config

#no secure boot-image


#no secure boot-config

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp server 10.1.1.2
#ntp update-calendar
#do show ntp associations
#do show ntp status

#copy running-config startup-config


=========================================================
======================
R2

#no ip domain-lookup

#int s0/0/0
#ip add 10.1.1.2 255.255.255.252
#no shut

#int s0/0/1
#ip add 10.2.2.2 255.255.255.252
#clock rate 128000
#no shut

#ip route 209.165.200.224 255.255.255.248 10.1.1.1


#ip route 172.16.3.0 255.255.255.0 10.2.2.1

#show clock
#clock set 19:30:00 Jan 26 2017
#show clock

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp master 3

#copy running-config startup-config

=========================================================
======================
R3

#no ip domain-lookup

#int g0/1
#ip add 172.16.3.1 255.255.255.0
#no shut

#int s0/0/1
#ip add 10.2.2.1 255.255.255.252
#no shut

#ip route 0.0.0.0 0.0.0.0 10.2.2.2

#security passwords min-length 10


#service password-encryption
#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED
AND PROSECUTED TO THE FULL EXTENT OF THE LAW!$
#enable algorithm-type scrypt secret cisco12345

#username Admin01 privilege 15 secret Admin01pa55

#line con 0
#privilege 15
#exec-timeout 15 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 15 0
#logging synchronous
#transport input ssh
#login
#exi

#aaa new-model
#aaa authentication login default local

#login on-success log


#login on-failure log every 2
#exi

#ip http server


#ip http authentication local

#ip domain-name ccnasecurity.com


#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2


#ip ssh time-out 90
#ip ssh authentication-retries 2

#ntp authenticate
#ntp authentication-key 1 md5 NTPpassword
#ntp trusted-key 1
#ntp server 10.2.2.1
#ntp update-calendar
#do show ntp associations
#do show ntp status

#service timestamps log datetime msec


#logging 172.16.3.3

#logging trap 4
#show logging

#zone security INSIDE


#zone security OUTSIDE

#class-map type inspect match-any INSIDE_PROTOCOLS


#match protocol tcp
#match protocol udp
#match protocol icmp

#policy-map type inspect INSIDE_TO_OUTSIDE


#class type inspect INSIDE_PROTOCOLS
#inspect

#zone-pair security INSIDE_TO_OUTSIDE source INSIDE


destination OUTSIDE

#zone-pair security INSIDE_TO_PROTOCOLS


#service-policy type inspect INSIDE_TO_OUTSIDE

#int g0/1
#zone-member security INSIDE

#int s0/0/1
#zone-member security OUTSIDE

#do show zone-pair security


#do show policy-map type inspect zone-pair
#do show zone security

#crypto isakmp enable


#crypto isakmp policy 1
#authentication pre-share
#encryption 3des
#hash sha
#group 2
#end

#crypto isakmp Site2SiteKEY1 address 209.165.200.226


#do show crypto isakmp policy

#crypto ipsec transform-set TRNSFRM-SET esp-aes (256)


esp-sha-hmac

#ip access-list extended 101


#permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255
#exi

#crypto map CMAP 1


#match address 101
#set peer 209.165.200.226
#set transform-set TRNSFRM-SET

#int s0/0/1
#crypto map CMAP
#end

#do show crypto map


#do show crypto ipsec sa

#copy running-config startup-config

=========================================================
======================
S1

#no ip domain-lookup

#int vlan1
#ip add 192.168.2.11 255.255.255.0
#ip default-gateway 192.168.2.1
#no shut

#no ip http server


#no ip http secure-server

#enable algorithm-type scrypt secret cisco12345


#banner motd $UNAUTHORISED ACCESS IS STRICTLY PROHIBITED$

#ip domain-name ccnasecurity.com


#username Admin01 privilege 15 secret Admin01pa55

#crypto key generate rsa general-keys modulus 1024

#ip ssh version 2


#ip ssh time-out 90
#ip ssh authentication-retries 2

#line con 0
#privilege 15
#exec-timeout 5 0
#logging synchronous
#login
#exi

#line vty 0 4
#privilege 15
#exec-timeout 5 0
#logging synchronous
#transport input ssh
#login
#exi

#int f0/6
#switchport mode access
#switchport nonegotiate
#switchport port-security
#switchport port-security maximum 1
#switchport port-security mac-address sticky
#switchport port-security violation shutdown
#spanning-tree portfast
#spanning-tree portfast bpduguard default
#int range f0/1-5
#shut
#spanning-tree loopguard
#int range f0/7-23
#shut
#spanning-tree loopguard

#copy running-config startup-config

=========================================================
======================
S2

#no ip domain-lookup

#int vlan1
#ip add 192.168.1.11 255.255.255.0
#ip default-gateway 192.168.1.1
#no shut

#copy running-config startup-config

=========================================================
======================
S3

#no ip domain-lookup

#int vlan1
#ip add 172.16.1.11 255.255.255.0
#ip default-gateway 172.30.3.1
#no shut

#copy running-config startup-config

=========================================================
======================
ASA

#write erase
#reload

#int vlan1
#nameif inside
#ip address 192.168.1.1 255.255.255.0
#security-level 100
#no shut

#int vlan2
#nameif outside
#ip address 209.165.200.226 255.255.255.248
#security-level 0
#no shut

#int vlan3
#nameif dmz
#ip address 192.168.2.1 255.255.255.0
#security-level 70
#no shut

#int e0/0
#switchport access vlan 2
#no shut

#int e0/1
#switchport access vlan 1
#no shut

#int e0/2
#switchport access vlan 3
#no shut

#do sh int ip br
#do sh ip add
#do sh switch vlan

#http server enable


#http 192.168.1.0 255.255.255.0

=========================================================
============================