!************************************************ !* * !* Lab 2 Initial Configurations for all Devices * !* * !************************************************ !******************************** !* * !* R1 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface Loopback11 ip address 10.11.11.11 255.255.255.255 ! interface GigabitEthernet0/0 ip address 192.168.3.11 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.2.11 255.255.255.0 no shutdown ! ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 10.2.2.0 255.255.255.0 192.168.3.2 ip route 10.3.3.0 255.255.255.0 192.168.3.3 ip route 10.4.4.0 255.255.255.0 192.168.3.2 ip route 10.5.5.0 255.255.255.0 192.168.3.2 ip route 10.6.6.0 255.255.255.0 192.168.3.2 ip route 10.7.7.0 255.255.255.0 192.168.3.2 ip route 10.8.8.0 255.255.255.0 192.168.3.3 ip route 192.168.0.0 255.255.0.0 192.168.3.2 ip http server no ip http secure-server ! ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R2 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ip domain name cisco.com ! aaa new-model aaa authentication login ezvpn local aaa authorization network ezvpn local ! username cisco privilege 15 password 0 cisco ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto isakmp client configuration group cisco domain cisco.com pool mypool ! crypto isakmp profile ezvpn_dvti match identity group cisco client authentication list ezvpn isakmp authorization list ezvpn client configuration address respond ! ! crypto ipsec transform-set ezvpn_trans esp-3des esp-sha-hmac ! crypto ipsec profile ezvpn_dvti set transform-set ezvpn_trans set isakmp-profile ezvpn_dvti ! ! class-map match-any drop23 match protocol telnet match ip dscp 1 ! policy-map drop23 class drop23 drop ! ! interface Loopback0 ip address 10.2.2.2 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.3.2 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.4.2 255.255.255.0 service-policy input drop23 service-policy output drop23 no shutdown ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 tunnel source Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile ezvpn_dvti ! ip local pool mypool 10.20.20.1 10.20.20.100 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.4.10 ip route 10.1.1.0 255.255.255.0 192.168.3.11 ip route 192.168.2.0 255.255.255.0 192.168.3.11 no ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R3 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R3 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ! interface Loopback0 ip address 10.3.3.3 255.255.255.0 ! interface Loopback11 ip address 10.33.33.33 255.255.255.255 ! interface GigabitEthernet0/0 ip address 192.168.3.3 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.5.3 255.255.255.0 no shutdown ! ip route 0.0.0.0 0.0.0.0 192.168.5.10 ip route 10.1.1.0 255.255.255.0 192.168.3.11 ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! scheduler allocate 20000 1000 end !******************************** !* * !* R4 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set L2L_trans esp-3des esp-sha-hmac ! crypto ipsec profile L2L_VTI set transform-set L2L_trans ! ! crypto ipsec client ezvpn ezvpn_dvti connect auto group cisco key cisco local-address Loopback0 mode client peer 192.168.4.2 username cisco password cisco xauth userid mode interactive ! ! ! interface Loopback0 ip address 10.4.4.4 255.255.255.0 ! interface Loopback45 ip address 45.45.4.1 255.255.255.0 ! interface Tunnel45 ip address 100.1.1.1 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 192.168.45.5 tunnel protection ipsec profile L2L_VTI ! interface GigabitEthernet0/0 ip address 192.168.41.1 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.45.4 255.255.255.0 ip access-group 102 in no shutdown ! interface Serial0/0/0 ip address 192.168.64.4 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no fair-queue clock rate 2000000 frame-relay map ip 192.168.64.6 64 broadcast frame-relay intf-type dce crypto ipsec client ezvpn ezvpn_dvti outside no shutdown ! router ospf 1 log-adjacency-changes network 10.4.4.0 0.0.0.255 area 0 network 192.168.41.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 ! router rip version 2 network 45.0.0.0 network 100.0.0.0 no auto-summary ! no ip http server no ip http secure-server ! access-list 102 deny udp host 192.168.45.5 host 192.168.45.4 eq isakmp access-list 102 permit ip any any ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R5 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R5 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef frame-relay switching ip tcp synwait-time 5 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set L2L_trans esp-3des esp-sha-hmac ! crypto ipsec profile L2L_VTI set transform-set L2L_trans ! ! ! interface Loopback0 ip address 10.5.5.5 255.255.255.0 ! interface Loopback11 ip address 10.55.55.55 255.255.255.255 ! interface Loopback45 ip address 45.45.5.1 255.255.255.0 ! interface Tunnel45 ip address 100.1.1.2 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel destination 192.168.45.4 tunnel mode ipsec ipv4 ! interface GigabitEthernet0/0 ip address 192.168.45.5 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.52.1 255.255.255.0 no shutdown ! interface Serial0/0/1 ip address 192.168.65.5 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point clock rate 2000000 frame-relay map ip 192.168.65.6 65 broadcast frame-relay intf-type dce no shutdown ! router ospf 1 log-adjacency-changes network 10.5.5.0 0.0.0.255 area 0 network 192.168.45.0 0.0.0.255 area 0 network 192.168.52.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! router rip version 2 network 100.0.0.0 no auto-summary ! ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* R6 Initial Configuration * !* * !******************************** service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R6 no logging console enable password cisco no aaa new-model ip source-route ip cef no ip domain lookup ip domain name cisco.com no ipv6 cef ip tcp synwait-time 5 ! ! class-map match-all mark23 match protocol telnet ! policy-map mark23 class mark23 set dscp 2 ! interface Loopback0 ip address 10.6.6.6 255.255.255.0 ! interface GigabitEthernet0/0 ip address 192.168.6.6 255.255.255.0 no shutdown ! interface Serial0/0/0 ip address 192.168.64.6 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point no fair-queue frame-relay map ip 192.168.64.4 64 broadcast service-policy input mark23 no shutdown ! interface Serial0/0/1 ip address 192.168.65.6 255.255.255.0 encapsulation frame-relay ip ospf network point-to-point frame-relay map ip 192.168.65.5 65 broadcast no shutdown ! router ospf 1 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric 1 subnets network 10.6.6.0 0.0.0.255 area 0 network 192.168.64.0 0.0.0.255 area 0 network 192.168.65.0 0.0.0.255 area 0 ! ip forward-protocol nd ip route 10.1.1.0 255.255.255.0 192.168.6.10 ip route 10.2.2.0 255.255.255.0 192.168.6.10 ip route 10.3.3.0 255.255.255.0 192.168.6.11 ip route 192.168.2.0 255.255.255.0 192.168.6.10 ip route 192.168.3.0 255.255.255.0 192.168.6.10 ip route 192.168.4.0 255.255.255.0 192.168.6.10 ip route 192.168.5.0 255.255.255.0 192.168.6.11 no ip http server no ip http secure-server ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line aux 0 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet ! end !******************************** !* * !* Sw1 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw1 no logging console enable password cisco no aaa new-model system mtu routing 1500 ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ! ! vtp mode server vtp domain ccie vtp password cisco ! ! vlan 2 vlan 3 vlan 4 vlan 5 vlan 6 vlan 7 vlan 8 vlan 10 ! ! ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 10.7.7.7 255.255.255.0 ! interface FastEthernet0/1 switchport access vlan 3 switchport mode access ! interface FastEthernet0/2 switchport access vlan 3 switchport mode access ! interface FastEthernet0/3 switchport access vlan 3 switchport mode access ! interface FastEthernet0/4 no switchport ip address 192.168.41.2 255.255.255.0 ! interface FastEthernet0/5 ! interface FastEthernet0/6 switchport access vlan 6 switchport mode access ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 switchport access vlan 6 switchport mode access ! interface FastEthernet0/11 switchport access vlan 4 switchport mode access ! interface FastEthernet0/12 switchport access vlan 5 switchport mode access ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 switchport access vlan 2 switchport mode access ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 switchport access vlan 10 switchport mode access ! interface FastEthernet0/19 switchport access vlan 10 switchport mode access ! interface FastEthernet0/20 switchport access vlan 2 switchport mode access ! interface FastEthernet0/21 ! interface FastEthernet0/22 switchport access vlan 2 switchport mode access ! interface FastEthernet0/23 switchport access vlan 2 switchport mode access ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 10.7.7.0 0.0.0.255 area 0 network 192.168.41.0 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.41.1 ip http server ip http secure-server ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end !******************************** !* * !* Sw2 Initial Configuration * !* * !******************************** no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Sw2 ! vtp mode server vtp domain ccie vtp password cisco ! no logging console enable password cisco no aaa new-model system mtu routing 1500 ip subnet-zero ip routing no ip domain-lookup ip domain-name cisco.com ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 10.8.8.8 255.255.255.0 ! interface FastEthernet0/1 switchport access vlan 2 switchport mode access ! interface FastEthernet0/2 switchport access vlan 4 switchport mode access ip access-group 101 in ! interface FastEthernet0/3 switchport access vlan 5 switchport mode access ! interface FastEthernet0/4 ! interface FastEthernet0/5 no switchport ip address 192.168.52.2 255.255.255.0 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes network 10.8.8.0 0.0.0.255 area 0 network 192.168.52.0 0.0.0.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.52.1 ip http server ip http secure-server ! ! access-list 101 deny udp any any eq isakmp access-list 101 permit ip any any ! control-plane ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login transport input telnet line vty 5 15 login ! end !**************************************************************** ! No initial configuration on ASA1 and ASA2, blank out-of-the-box !**************************************************************** !******************************** !* * !* IPS Initial Configuration * !* Erase all, no initial * !* * !******************************** erase current-config