EWAN NAT/ACL PT Practice SBA

A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any exam windows during the exam. 2. Do not close Packet racer when you are done! it will close automatically. ". #lick the Submit Assessment button to submit your work.

Introduction
$n this practice Packet racer %kills &xam! you are expected to do as follows: $mplement the addressing in the network to meet the stated re'uirements. #onfigure and verify a D(#P server implementation. #onfigure and verify )A* technologies. #onfigure &$+,P to enable communication with the rest of the network. #onfigure *A to translate addresses for traffic that is destined to the $nternet. $mplement access control lists as part of a security policy.

Addressing Table
Device Inter ace -a./. ,1 %././. %././1.1.1 %././. ,2 %././1.2.1 %./1/. -a./. ," %././. %././1 P#1 P#" *$# *$# Address 102.11.1.12" 102."..1.1 1..1..1..1 102."..1.1 1..1..1..2 2.2.113.2.1.2 102.11.1.122 102."..1.2 102."..1.3 102.11.1.222 D(#P Assigned Subnet !ask 233.233.233.224 233.233.233.232 233.233.233.232 233.233.233.232 233.233.233.232 233.233.233.232 233.233.233.122 233.233.233.232 233.233.233.232 233.233.233.224 D(#P Assigned De ault "ate#a$ n/a n/a n/a n/a n/a n/a n/a n/a n/a 102.11.1.12" D(#P Assigned

N%TE& he password for user &5&# mode is cisco. he password for privileged &5&# mode is class.

Ste' (& Con igure and )eri $ *+ as t,e D-CP Server.

a. #onfigure ," as the D(#P server for the 6A* attached to -a./. using the following guidelines: 7se the case8sensitive D(#P pool name of *+/LAN. &xclude the first three host addresses in the subnet.

b. 9erify that P#" now has full $P addressing. $t may be necessary to toggle between :%tatic; and :D(#P; on the $P #onfiguration screen for P#" before P#" will send a D(#P re'uest. P#" should be able to ping the default gateway.

Ste' 0& Con igure WAN Tec,nologies.

a. b. c. he link between ," and ,2 uses PPP with #(AP. he password is ciscoc,a'. 9erify that ," and ,2 can ping each other. he link between ," and ,1 uses (D6#. ," should be able to ping the other side of the link. 9erify that ," and ,1 can ping each other. he link between ,1 and ,2 uses point8to8point -rame ,elay subinterfaces. 9erify that ,1 and ,2 can ping each other.

Ste' +& Con igure and )eri $ EI"*P *outing.

a. #onfigure &$+,P routing on ,1! ,2! and ,". 7se A% number 1... Do not use the wildcard mask argument. Do not advertise the network between ,2 and the $nternet.

b. #onfigure ,2 with a default route using the outbound inter ace argument. 7se one command to propagate the default route into the &$+,P routing process. c. 9erify P#1 and P#" can ping each other as well as ,1! ,2 and ,". <ou will not be able to ping $nternet hosts yet.

Ste' 1& Con igure *0 #it, a NAT.

a. #onfigure *A on ,2 using the following guidelines: =nly addresses in the 102.11.1.12>/23 address space will be translated. 7se the number ( for the access list. #onfigure PA on the ,2 %./1/. interface.

b. 9erify that P#1 and P#" can ping the $nternet hosts.

Ste' 2& Con igure Access Control Lists to Satis $ a Securit$ Polic$.
a. #onfigure and apply an A#6 with the number 23 that implements the following policy: Prevent all hosts from the ," 6A* from accessing hosts on the ,1 6A*.

b. 9erify that A#6 23 is operating as intended. c. #onfigure and apply a named A#6 with the case8sensitive name 4I*EWALL that implements the following policy: Deny ping re'uests sourced from the $nternet. Deny elnet and ( Allow all other traffic. P traffic sourced from the $nternet.

d. 9erify that the 4I*EWALL A#6 is operating as intended.

Version 2.0 Created in Packet Tracer 5.3.2.0027 and Marvel 1.0.1 All contents are Copyright 1!!2 " 2011 Cisco #yste$s% &nc. All rights reserved. This doc'$ent is Cisco P'(lic &n)or$ation.

SOLUCION ESTA CON 96% R1

R1#show run Building configur !ion"""

Curr#n! configur !ion $ 1%&% '(!#s )#rsion 1*"+ no s#r)ic# !i,#s! ,-s log d !#!i,# ,s#c no s#r)ic# !i,#s! ,-s d#'ug d !#!i,# ,s#c no s#r)ic# - ssword.#ncr(-!ion hos!n ,# R1 #n 'l# s#cr#! & /1/,ERr/9cT0UIE1N2ur3i4U"5#Ci1 i- ssh )#rsion 1 i- n ,#.s#r)#r 6"6"6"6 s- nning.!r## ,od# -)s! in!#rf c# 4 s!E!h#rn#!676 i- ddr#ss 18*"16"1"19% *&&"*&&"*&&"**+ i- cc#ss.grou- &6 ou! du-l#9 u!o s-##d u!o in!#rf c# 4 s!E!h#rn#!671 no i- ddr#ss du-l#9 u!o s-##d u!o shu!down in!#rf c# S#ri l67676 i- ddr#ss 18*"%6"1"1 *&&"*&&"*&&"*&*

cloc: r !# *666666 in!#rf c# S#ri l67671 no i- ddr#ss #nc -sul !ion fr ,#.r#l ( in!#rf c# S#ri l67671"161 -oin!.!o.-oin! i- ddr#ss 16"16"16"1 *&&"*&&"*&&"*&* fr ,#.r#l ( in!#rf c#.dlci 161 cloc: r !# *666666 in!#rf c# ;l n1 no i- ddr#ss shu!down rou!#r #igr- 166 - ssi)#.in!#rf c# 4 s!E!h#rn#!676 n#!wor: 18*"16"6"6 n#!wor: 18*"%6"6"6 n#!wor: 16"6"6"6 no u!o.su,, r( i- cl ssl#ss cc#ss.lis! &6 d#n( 18*"16"1"1*< 6"6"6"6% cc#ss.lis! &6 -#r,i! n( ' nn#r ,o!d =CAu!hori>#d Acc#ss Onl(?=C logging !r - d#'ugging lin# con 6 #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( 6 +

#9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( & 1& #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login n!- u-d !#.c l#nd r End

R*

R*#show run Building configur !ion""" Curr#n! configur !ion $ 186* '(!#s )#rsion 1*"+ no s#r)ic# !i,#s! ,-s log d !#!i,# ,s#c no s#r)ic# !i,#s! ,-s d#'ug d !#!i,# ,s#c no s#r)ic# - ssword.#ncr(-!ion hos!n ,# R* #n 'l# s#cr#! & /1/,ERr/9cT0UIE1N2ur3i4U"5#Ci1 us#rn ,# R% - ssword 6 ciscoch i- ssh )#rsion 1 i- n ,#.s#r)#r 6"6"6"6 s- nning.!r## ,od# -)s! in!#rf c# 4 s!E!h#rn#!676 no i- ddr#ss du-l#9 u!o s-##d u!o shu!down in!#rf c# 4 s!E!h#rn#!671 no i- ddr#ss du-l#9 u!o s-##d u!o shu!down in!#rf c# S#ri l67676 i- ddr#ss 18*"%6"1"6 *&&"*&&"*&&"*&* #nc -sul !ion ----- u!h#n!ic !ion ch i- n ! insid#

in!#rf c# S#ri l67671 no i- ddr#ss #nc -sul !ion fr ,#.r#l ( in!#rf c# S#ri l67671"*61 -oin!.!o.-oin! i- ddr#ss 16"16"16"* *&&"*&&"*&&"*&* fr ,#.r#l ( in!#rf c#.dlci *61 i- n ! insid# cloc: r !# *666666 in!#rf c# S#ri l67176 i- ddr#ss *69"16&"*61"* *&&"*&&"*&&"*&* i- cc#ss.grou- 4IRE@ALL in i- n ! ou!sid# in!#rf c# S#ri l67171 no i- ddr#ss shu!down in!#rf c# ;l n1 no i- ddr#ss shu!down rou!#r #igr- 166 r#dis!ri'u!# s! !ic - ssi)#.in!#rf c# S#ri l67176 n#!wor: 18*"%6"6"6 n#!wor: 16"6"6"6 no u!o.su,, r( i- n ! insid# sourc# lis! 1 in!#rf c# S#ri l67176 o)#rlo d i- cl ssl#ss i- rou!# 6"6"6"6 6"6"6"6 S#ri l67176 cc#ss.lis! 1 -#r,i! 18*"16"1"1*< 6"6"6"1*8

i- cc#ss.lis! #9!#nd#d 4IRE@ALL d#n( ic,- n( n( #cho d#n( !c- n( n( #1 !#ln#! d#n( !c- n( n( #1 www -#r,i! i- n( n( ' nn#r ,o!d =CAu!hori>#d Acc#ss Onl(?=C logging !r - d#'ugging lin# con 6 #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( 6 + #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( & 1& #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login n!- u-d !#.c l#nd r End

R%
R%#show run Building configur !ion"""

Curr#n! configur !ion $ 1%*% '(!#s )#rsion 1*"+ no s#r)ic# !i,#s! ,-s log d !#!i,# ,s#c no s#r)ic# !i,#s! ,-s d#'ug d !#!i,# ,s#c no s#r)ic# - ssword.#ncr(-!ion hos!n ,# R% #n 'l# s#cr#! & /1/,ERr/9cT0UIE1N2ur3i4U"5#Ci1 i- dhc- #9clud#d. ddr#ss 18*"16"1"1*9 18*"1&"1"1%1 i- dhc- -ool R%ALAN n#!wor: 18*"16"1"1*< *&&"*&&"*&&"19* d#f ul!.rou!#r 18*"16"1"1*9 us#rn ,# R* - ssword 6 ciscoch i- ssh )#rsion 1 i- n ,#.s#r)#r 6"6"6"6 s- nning.!r## ,od# -)s! in!#rf c# 4 s!E!h#rn#!676 i- ddr#ss 18*"16"1"1*9 *&&"*&&"*&&"19* du-l#9 u!o s-##d u!o in!#rf c# 4 s!E!h#rn#!671 no i- ddr#ss du-l#9 u!o s-##d u!o shu!down in!#rf c# S#ri l67676 i- ddr#ss 18*"%6"1"* *&&"*&&"*&&"*&* in!#rf c# S#ri l67671 i- ddr#ss 18*"%6"1"& *&&"*&&"*&&"*&*

#nc -sul !ion ----- u!h#n!ic !ion ch cloc: r !# *666666 in!#rf c# ;l n1 no i- ddr#ss shu!down rou!#r #igr- 166 - ssi)#.in!#rf c# 4 s!E!h#rn#!676 n#!wor: 18*"16"6"6 n#!wor: 18*"%6"6"6 no u!o.su,, r( i- cl ssl#ss ' nn#r ,o!d =CAu!hori>#d Acc#ss Onl(?=C logging !r - d#'ugging lin# con 6 #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( 6 + #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous login lin# )!( & 1& #9#c.!i,#ou! 6 6 - ssword cisco logging s(nchronous

login n!- u-d !#.c l#nd r End