Assignment on Network Topology

Verified

Added on 2021/05/31

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Network Topology

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Task 1: Configure Basic Device Setting
In Router R1,

In Router R3,

In Router R2,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Set IP in PC
PC-A
PC-B
PC-C

Verify Connectivity between PC-A and R3
Ping from R1 to R3
Ping from PC-A to PC-C
PC-A Ping request transferred to default gateway IP (192.168.1.1). Default Gateway is
R1 for PC-A. R1 is configured the default routing. This ping request transferred 10.1.1.2(R2). In
R2, Three static routes are configured. This IP address belong to 192.168.33.0 network. So this
request transferred to R3. Then It reached PC-C. PC-C replied via R3 to R2 using default
routing. In R2, it verified the network. The reply IP address belong to 192.168.1.0 network. So
this reply reached to PC-A via R1

Configure User Account, encrypted password and crypto keys for SSH
In Router R1,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

In Router R3,

Part 2 – Configuring a Zone Based Policy Firewall
Step 1: Verify end-to-end network connectivity
Ping from R1 to R3
Ping from PC-A to PC-C
Ping from PC-A to PC-B

Display R3 Running Configuration
View IP Interface configuration
View IP Route

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

View Running Configuration

Security Access in R3
User Name is admin01
Password is cisco12345
Creating the Security Zones
Creating Security Policies
Create Class Map

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Create Policy Map
Create the Zone Pairs
Verify the Zone Pairs
Applying Security Policies

Verify the zone pair Security configuration

View Zone Pair, their Policy Maps, Class Maps and match counters
Assign interfaces to the Proper Security Zones

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Verify the Zone Interface Assignment

About Self Zone
Self-zone is the default zone. It states the router itself as a separate security zone.
Why is R3 displaying a zone named “self”?
All router has default zone which has named as “self”
Significance of this zone
It has only exception to the default “deny all” policy. Self-zone allows all the traffic to
any router interface until explicitly denied
Part 3: ZPF Verification
Traffic Originating on the Internet
Ping from PC-A to PC-B
We did not configure to allow ICMP packet to INSIDE zone. Deny all is the Default
configuration in self-zone. So it could not be pinged from PC-A to PC-B
Ping from PC-A to PC-C
We did not configure to allow ICMP packet to INSIDE zone. Deny all is the Default
configuration in self-zone. So it could not be pinged from PC-A to PC-C

Ping from PC-B to PC-A
We configured to allow the TCP, UDP and ICMP in INSIDE zone. So it can be
communicated PC-B to PC-A
Ping from PC-C to PC-A
We configured to allow the HTTP, HTTPS and DNS in CONFROOM zone. It does not
allow ICMP packets. So it cannot be communicated PC-B to PC-A

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Self-Zone Verification
Ping from PC-A to R3 Fa0/1 interface
This traffic is not entered into CONFROOM or INSIDE zone. It belongs to self-zone.
This self zone is not configured any deny or allow only policy. So that I can communicate from
PC-A to R3 Fa0/1 interface
Ping from PC-C to R3 Fa0/1 interface
This traffic is the local router interface. It is inbound connection. It also belongs to self-
zone. It does not affect with INSIDE zone policy. So it can communicate from PC-C to R3 Fa0/1

References:
User Guide for Cisco Security Manager 4.1 - Managing Zone-based Firewall Rules
[Cisco Security Manager 4.1]. (2015, August 20). Retrieved from
https://www.cisco.com/c/en/us/td/docs/security/security_management/
cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/
fwzbf.html
GNS3 and Cisco Zone-Based Policy Firewall – Part I. (2016, February 08). Retrieved
from http://resources.intenseschool.com/gns3-and-cisco-zone-based-policy-firewall-part-
i/
Simple Zone Based IOS Firewall (GNS3 Lab). (2011, April 24). Retrieved from
https://www.m00nie.com/2011/03/simple-zone-based-ios-firewall-gns3-lab/

1 out of 21

Assignment on Network Topology

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

CCE3060 Lab Test 4

Configuring TCP/IP Network with Cisco Packet Tracer

COIT20261 Network Routing and Switching Term 1, 2019

Secure Networks - Configure Basic Router Security

COM524: EIGRP Practical Exercise

Network design and analysis Assignment

+13062052269

info@desklib.com