background image

 

1 - 2 

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Case Study 1 

Copyright 

© 2007, Cisco Systems, Inc 

Case Study 1: CLI IPsec and Frame-Mode MPLS 

Instructions 

Implement the International Travel Agency network shown in the topology 
diagram using the information and instructions in the scenario. Implement the 
design on the lab set of routers. Verify that all configurations are operational 
and functioning according to the guidelines. 

Topology Diagram 

 

Scenario 

The International Travel Agency needs parts of its network set up with IPsec 
and Multiprotocol Label Switching (MPLS) with the given specifications and the 
topology shown in the diagram. This case study should be completed using the 
Cisco IOS command-line interface (CLI), without using the Cisco Security 
Device Manager (SDM). 

 
•  Configure all interfaces using the addressing scheme shown in the topology 

diagram. 

•  Run Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1 in the entire 

International Travel Agency core network. All subnets should be included. 

•  Create an IPsec tunnel between R1 and R3 with an appropriate transform set 

and Internet Security Association and Key Management Protocol (ISAKMP) 
policy. 

•  This IPsec tunnel should only encrypt traffic between R1’s loopback network and 

R4’s loopback network. 

•  Use pre-shared keys for authentication in the ISAKMP policy. 

background image

•  Do not create any new interfaces to achieve this task. 

•  Use any encryption algorithms desired for the tasks listed above that use the 

crypto suite of protocols. 

•  Configure MPLS on both ends of the link between R3 and R4. 

•  Configure R1 to send system logging messages at the error severity level to an 

imaginary host located at 172.16.2.200. 

•  Set up the correct time on R4 using the clock set command. Use the inline IOS 

help system if you do not know the syntax of this command. 

•  Configure R4 as an Network Time Protocol (NTP) master with stratum 5. 

•  Configure R3 as an NTP client of R4. 

Questions 

•  Will R3 or R4 send the NTP queries as MPLS frames? Explain. 

•  Will R3 or R4 send any packets destined to the other router as MPLS frames? 

Explain. 

•  Will R3 or R4 send any packets at all as MPLS frames? Explain. 

•  Differentiate among the algorithms by explaining which algorithms in your IPsec 

policy apply to encryption, which to authentication, and which to message 
integrity. According to your reading, which of the available algorithms in each 
category is most secure? 

•  How does NTP help prepare a network for system logging? Explain. 

2 - 2 

CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Case Study 1 

Copyright 

© 2007, Cisco Systems, Inc