This document is exclusive property of Cisco Systems, Inc.

Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNP: Implementing Secure Converged Wide-area Networks v5.0 course as part of an official Cisco Networking Academy Program.

CCNP: Implementing Secure Converged Wide-area Networks: SkillsBased Assessment: Version 1

Instructions Configure the routers shown in the topology diagram using the diagram and the specifications in the Requirements section. Topology Diagram

Requirements Configure the interfaces using the IP addressing scheme shown in the topology diagram. Configure R4 as a host using the no ip routing command, and set its default gateway as R3 using the ip default-gateway address command. Implement Enhanced Interior Gateway Protocol (EIGRP) AS 123 on R1, R2, and R3. Form EIGRP adjacencies over the 192.168.12.0/24 and 192.168.23.0/24 networks. From the host, use Cisco Security Device Manager (SDM) to configure a secure generic routing encapsulation (GRE) tunnel between R1 and R3, using the addresses from the diagram. SDM does not support VTI interface so implement the tunnel using the traditional method of configuring secure GRE tunnels. Configure EIGRP AS 2 on R1 and R3 to advertise and form adjacencies across all networks in the major 172.16.0.0 network. Configure a banner message on R1 to welcome users connecting to the router.

1-2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Skills-Based Assessment 1 Copyright 2007, Cisco Systems, Inc

Modify the default privilege level of show running-config on R2 to level 10. Configure R2 to send critical system messages to a Syslog server located at 192.168.12.200.

Note: This SBA was designed for use in a remote environment. The R4 router may be substituted with a standard PC.

2-2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Skills-Based Assessment 1 Copyright 2007, Cisco Systems, Inc

CCNP: Implementing Secure Converged Wide-area Networks: SkillsBased Assessment: Version 2

Instructions Configure the routers shown in the topology diagram using the diagram and the specifications in the Requirements section. Topology Diagram

Requirements Configure the interfaces using the IP addressing scheme shown in the topology diagram. Configure R4 as a host with the no ip routing command, and set its default gateway as R3 using the ip default-gateway address command. Configure R1, R2, and R3 to participate in Enhanced Gateway Routing Protocol (EIGRP) AS 1 for the entire major 172.16.0.0 network. Disable automatic summarization. Configure R1 and R3 to encrypt all traffic between R1s loopback network and the R3-R4 serial link using IPsec. Use the command-line interface, not Cisco Security Device Manager (SDM), to perform this task. Use any encryption algorithms desired for Internet Security Association and Key Management (ISAKMP) negotiation. Using the Cisco SDM Basic Firewall Wizard, configure R3 to act as a firewall. Assign serial interface R3 (that faces R4) to be the outside interface. All other interfaces should be considered inside interfaces.

1-2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Skills-Based Assessment 2 Copyright 2007, Cisco Systems, Inc

Add a user to R4 with cisco as the username and password. Configure R4 for AAA authentication using the local database. Enable Secure Shell (SSH) on R4. Allow only SSH access to R4s VTY lines. No other connection protocols should be permitted. On R4, encrypt passwords in the running configuration.

2-2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Skills-Based Assessment 2 Copyright 2007, Cisco Systems, Inc