1 - 2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Case Study 1

Copyright

© 2007, Cisco Systems, Inc

Case Study 1: CLI IPsec and Frame-Mode MPLS

Instructions

Implement the International Travel Agency network shown in the topology
diagram using the information and instructions in the scenario. Implement the
design on the lab set of routers. Verify that all configurations are operational
and functioning according to the guidelines.

Topology Diagram

Scenario

The International Travel Agency needs parts of its network set up with IPsec
and Multiprotocol Label Switching (MPLS) with the given specifications and the
topology shown in the diagram. This case study should be completed using the
Cisco IOS command-line interface (CLI), without using the Cisco Security
Device Manager (SDM).

• Configure all interfaces using the addressing scheme shown in the topology

diagram.

• Run Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1 in the entire

International Travel Agency core network. All subnets should be included.

• Create an IPsec tunnel between R1 and R3 with an appropriate transform set

and Internet Security Association and Key Management Protocol (ISAKMP)
policy.

• This IPsec tunnel should only encrypt traffic between R1’s loopback network and

R4’s loopback network.

• Use pre-shared keys for authentication in the ISAKMP policy.

• Do not create any new interfaces to achieve this task.

• Use any encryption algorithms desired for the tasks listed above that use the

crypto suite of protocols.

• Configure MPLS on both ends of the link between R3 and R4.

• Configure R1 to send system logging messages at the error severity level to an

imaginary host located at 172.16.2.200.

• Set up the correct time on R4 using the clock set command. Use the inline IOS

help system if you do not know the syntax of this command.

• Configure R4 as an Network Time Protocol (NTP) master with stratum 5.

• Configure R3 as an NTP client of R4.

Questions

• Will R3 or R4 send the NTP queries as MPLS frames? Explain.

• Will R3 or R4 send any packets destined to the other router as MPLS frames?

Explain.

• Will R3 or R4 send any packets at all as MPLS frames? Explain.

• Differentiate among the algorithms by explaining which algorithms in your IPsec

policy apply to encryption, which to authentication, and which to message
integrity. According to your reading, which of the available algorithms in each
category is most secure?

• How does NTP help prepare a network for system logging? Explain.

2 - 2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Case Study 1

Copyright

© 2007, Cisco Systems, Inc