!************************************************ !* * !* Lab 1 Initial Configurations for all Devices * !* * !************************************************ !******************************** !* * !* R1 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 11.11.11.11 255.255.255.255 ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.3.11 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.2.11 255.255.255.0 no shutdown ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.1 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map multicast dynamic ip nhrp network-id 11 ip nhrp holdtime 300 no ip split-horizon eigrp 100 delay 1100 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 11 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 11.11.11.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 10.0.0.0 255.0.0.0 192.168.3.10 ip route 172.17.0.0 255.255.0.0 192.168.3.10 ip route 192.168.0.0 255.255.0.0 192.168.3.10 ip http server no ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R2 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 22.22.22.22 255.255.255.0 ! interface Loopback0 ip address 10.2.2.2 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.4.11 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.5.11 255.255.255.0 no shutdown ! interface Serial0/0/0 no ip address shutdown no fair-queue ! interface Serial0/0/1 no ip address shutdown ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.2 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map multicast 192.168.3.11 ip nhrp map 172.1.0.1 192.168.3.11 ip nhrp network-id 11 ip nhrp holdtime 300 ip nhrp nhs 172.1.0.1 delay 1100 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 1 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 22.22.22.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.4.10 ip http server no ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R3 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.3.3.3 255.255.255.0 ! interface Loopback10 ip address 172.17.3.3 255.255.255.0 ! interface GigabitEthernet0/0 no ip address shutdown ! interface GigabitEthernet0/1 ip address 192.168.9.3 255.255.255.0 no shutdown ! interface Serial0/0/0 ip address 192.168.35.3 255.255.255.0 encapsulation ppp ip ospf network point-to-point no fair-queue no shutdown ! interface Serial0/0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 10.3.3.0 0.0.0.255 area 0 network 172.17.3.0 0.0.0.255 area 0 network 192.168.9.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R4 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ! frame-relay switching ip tcp synwait-time 5 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac mode transport ! crypto ipsec profile dmvpn set transform-set cisco ! interface Loopback1 ip address 44.44.44.44 255.255.255.0 ! interface Loopback0 ip address 10.4.4.4 255.255.255.0 ! interface GigabitEthernet0/0 no ip address shutdown ! interface GigabitEthernet0/1 ip address 192.168.9.4 255.255.255.0 no shutdown ! interface Serial0/0/0 ip address 192.168.64.4 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no fair-queue clock rate 2000000 frame-relay map ip 192.168.64.6 64 broadcast frame-relay intf-type dce no shutdown ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Tunnel1 bandwidth 1000 ip address 172.1.0.4 255.255.255.0 no ip redirects ip mtu 1360 ip nhrp authentication cisco ip nhrp map 192.168.3.11 172.1.0.1 ip nhrp map multicast 192.168.3.11 ip nhrp nhs 172.1.0.1 delay 1100 tunnel source Serial0/0/0 tunnel mode gre multipoint tunnel key 11 tunnel protection ipsec profile dmvpn ! router eigrp 100 network 44.44.44.0 0.0.0.255 network 172.1.0.0 0.0.0.255 no auto-summary ! router ospf 1 log-adjacency-changes network 10.4.4.0 0.0.0.255 area 0 network 192.168.9.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! scheduler allocate 20000 1000 end !******************************** !* * !* R5 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R5 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! interface Loopback0 ip address 10.5.5.5 255.255.255.0 ! interface Loopback5 ip address 10.55.55.55 255.255.255.255 ip nat inside ! interface GigabitEthernet0/0 no ip address shutdown ! interface GigabitEthernet0/1 ip address 192.168.11.10 255.255.255.0 no shutdown ! interface Serial0/0/0 ip address 192.168.35.5 255.255.255.0 encapsulation ppp ip ospf network point-to-point no fair-queue clock rate 2000000 ip nat outside no shutdown ! interface Serial0/0/1 ip address 192.168.65.5 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point clock rate 2000000 frame-relay map ip 192.168.65.6 65 broadcast frame-relay intf-type dce no shutdown ! router ospf 1 log-adjacency-changes network 10.5.5.0 0.0.0.255 area 0 network 10.55.55.0 0.0.0.255 area 0 network 192.168.35.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ! access-list 102 permit ip any host 10.55.55.55 ! route-map s1 permit 10 match ip address 102 match interface Serial0/0/1 ! route-map s0 permit 10 match ip address 102 match interface Serial0/0/0 ! ! ip nat inside source route-map s0 interface Serial0/0/0 overload ip nat inside source route-map s1 interface Serial0/0/1 overload ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R6 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R6 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.6.6.6 255.255.255.0 ! interface Loopback10 ip address 172.17.6.6 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.7.11 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.6.11 255.255.255.0 no shutdown ! interface Serial0/0/0 ip address 192.168.64.6 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no fair-queue frame-relay map ip 192.168.64.4 64 broadcast no shutdown ! interface Serial0/0/1 ip address 192.168.65.6 255.255.255.0 ip access-group 101 in encapsulation frame-relay ip ospf network point-to-point frame-relay map ip 192.168.65.5 65 broadcast no shutdown ! router ospf 1 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric 1 subnets network 10.6.6.0 0.0.0.255 area 0 network 172.17.6.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip forward-protocol nd ip route 10.1.1.0 255.255.255.0 192.168.6.10 ip route 10.2.2.0 255.255.255.0 192.168.6.10 ip route 10.7.7.0 255.255.255.0 192.168.7.10 ip route 172.16.1.0 255.255.255.0 192.168.7.10 ip route 192.168.2.0 255.255.255.0 192.168.6.10 ip route 192.168.3.0 255.255.255.0 192.168.6.10 ip route 192.168.4.0 255.255.255.0 192.168.6.10 ip route 192.168.5.0 255.255.255.0 192.168.6.10 ip route 192.168.8.0 255.255.255.0 192.168.7.10 no ip http server no ip http secure-server ! access-list 101 deny icmp host 10.55.55.55 any access-list 101 deny icmp host 192.168.65.5 any access-list 101 deny icmp host 192.168.35.5 any access-list 101 permit ip any any ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* Sw1 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw1 ! vtp mode server vtp domain ccie vtp password cisco ! vlan 2 vlan 3 vlan 4 vlan 5 vlan 9 vlan 50 vlan 101 vlan 102 vlan 201 vlan 202 ! no logging console enable password cisco ip subnet-zero ip tcp synwait-time 5 no ip domain lookup no aaa new-model ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ip tcp synwait-time 5 ! vlan access-map abc 10 action drop match ip address 101 vlan access-map abc 20 action forward ! vlan filter abc vlan-list 4 ! interface Loopback0 ip address 10.7.7.7 255.255.255.0 ! interface Loopback1 ip address 172.16.1.1 255.255.255.0 ! interface FastEthernet0/1 switchport access vlan 3 switchport mode access ! interface FastEthernet0/2 switchport access vlan 4 switchport mode access ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 switchport access vlan 102 switchport mode access ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 switchport access vlan 101 switchport mode access ! interface FastEthernet0/11 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/12 switchport access vlan 201 switchport mode access ! interface FastEthernet0/13 no switchport ip address 192.168.8.11 255.255.255.0 ! interface FastEthernet0/14 ! interface FastEthernet0/15 switchport access vlan 2 switchport mode access ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102 switchport mode trunk ! interface FastEthernet0/17 switchport trunk encapsulation dot1q switchport trunk allowed vlan 201,202 switchport mode trunk ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 switchport access vlan 2 switchport mode access ! interface FastEthernet0/21 ! interface FastEthernet0/22 switchport access vlan 2 switchport mode access ! interface FastEthernet0/23 switchport access vlan 2 switchport mode access ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.8.10 ip http server ip http secure-server ! ! access-list 101 permit ip host 192.168.4.11 host 192.168.3.11 access-list 101 permit ip host 192.168.4.11 host 192.168.64.4 !! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end !******************************** !* * !* Sw2 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw2 vtp mode server vtp domain ccie vtp password cisco ! no logging console enable password cisco ip subnet-zero ip tcp synwait-time 5 no ip domain lookup no aaa new-model ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ip tcp synwait-time 5 ! interface Loopback0 ip address 10.8.8.8 255.255.255.0 ! interface FastEthernet0/1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 switchport access vlan 5 switchport mode access ! interface FastEthernet0/3 switchport access vlan 9 switchport mode access ! interface FastEthernet0/4 switchport access vlan 9 switchport mode access ! interface FastEthernet0/5 no switchport ip address 192.168.11.11 255.255.255.0 ! interface FastEthernet0/6 switchport access vlan 202 switchport mode access ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 switchport access vlan 9 switchport mode access ! interface FastEthernet0/11 no switchport ip address 192.168.10.11 255.255.255.0 ! interface FastEthernet0/12 switchport access vlan 9 switchport mode access ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 switchport access vlan 50 switchport mode access ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! ! router eigrp 10 no auto-summary network 10.8.8.0 0.0.0.255 network 192.168.10.0 ! ip classless ip http server ip http secure-server ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end !******************************** !* * !* ASA1 System Context * !* Initial Configuration * !* * !******************************** mode multiple !***************************************************** ! Convert to Multi-mode, ASA will reboot at this point !***************************************************** hostname ASA1 enable password cisco no mac-address auto ! interface Ethernet0/0 no shutdown ! interface Ethernet0/1 no shutdown ! interface Ethernet0/1.1 vlan 3 ! interface Ethernet0/1.2 vlan 4 ! interface Ethernet0/2 no shutdown ! interface Ethernet0/3 no shutdown ! interface Management0/0 shutdown ! class default limit-resource All 0 limit-resource ASDM 5 limit-resource SSH 5 limit-resource Telnet 5 ! no failover ! admin-context admin context admin allocate-interface Management0/0 config-url disk0:/admin ! context abc1 allocate-interface Ethernet0/0 allocate-interface Ethernet0/3 config-url disk0:/abc1 ! context abc2 allocate-interface Ethernet0/1.1-Ethernet0/1.2 allocate-interface Ethernet0/2 config-url disk0:/abc2 ! prompt hostname context : end [OK] !******************************** !* * !* ASA1 abc1 Context * !* Initial Configuration * !* * !******************************** change context abc1 ! hostname abc1 enable password cisco passwd cisco names ! interface Ethernet0/3 nameif inside security-level 100 ip address 192.168.8.10 255.255.255.0 ! interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.7.10 255.255.255.0 ! access-list 100 extended permit icmp any any icmp unreachable rate-limit 1 burst-size 1 access-group 100 in interface outside route outside 0.0.0.0 0.0.0.0 192.168.7.11 1 route inside 10.7.7.0 255.255.255.0 192.168.8.11 1 route inside 172.16.1.0 255.255.255.0 192.168.8.11 1 crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global : end [OK] !******************************** !* * !* ASA1 abc2 Context * !* Initial Configuration * !* * !******************************** change context abc2 ! hostname abc2 enable password cisco passwd cisco names ! interface Ethernet0/2 nameif outside security-level 0 ip address 192.168.6.10 255.255.255.0 ! interface Ethernet0/1.1 nameif inside security-level 100 ip address 192.168.3.10 255.255.255.0 ! interface Ethernet0/1.2 nameif dmz2 security-level 50 ip address 192.168.4.10 255.255.255.0 ! access-list 100 extended permit icmp any any icmp unreachable rate-limit 1 burst-size 1 access-group 100 in interface outside access-group 100 in interface dmz2 route outside 0.0.0.0 0.0.0.0 192.168.6.11 1 route inside 10.1.1.0 255.255.255.0 192.168.3.11 1 route dmz2 10.2.2.0 255.255.255.0 192.168.4.11 1 route inside 192.168.2.0 255.255.255.0 192.168.3.11 1 route dmz2 192.168.5.0 255.255.255.0 192.168.4.11 1 crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global : end !******************************** !* * !* ASA2 Initial Configuration * !* * !******************************** hostname ASA2 enable password cisco passwd cisco names ! interface Ethernet0/0 no nameif no security-level no ip address no shutdown ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.10.10 255.255.255.0 no shutdown ! interface Ethernet0/2 no nameif no security-level no ip address no shutdown ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! interface Redundant1 member-interface Ethernet0/0 member-interface Ethernet0/2 nameif outside security-level 0 ip address 192.168.9.10 255.255.255.0 no shutdown ! access-list 100 extended permit icmp any any icmp unreachable rate-limit 1 burst-size 1 access-group 100 in interface outside ! router eigrp 10 no auto-summary network 192.168.10.0 255.255.255.0 redistribute ospf 1 metric 1 1 1 1 1 ! router ospf 1 network 192.168.9.0 255.255.255.0 area 0 log-adj-changes redistribute eigrp 10 metric 1 subnets ! route outside 0.0.0.0 0.0.0.0 192.168.9.4 1 track 1 route outside 0.0.0.0 0.0.0.0 192.168.9.3 2 dynamic-access-policy-record DfltAccessPolicy sla monitor 444 type echo protocol ipIcmpEcho 10.4.4.4 interface outside num-packets 3 frequency 5 sla monitor schedule 444 life forever start-time now crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 ! track 1 rtr 444 reachability telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context : end [OK] !******************************** !* * !* IPS Initial Configuration * !* Erase all, no initial * !* * !******************************** erase current-config