Scribd
Upload
84 views6 pages

Hands On Skills Assessment Script

The documents configure two routers, a firewall, and two switches to establish secure connectivity and services. Router R1 and R3 establish VPN connectivity with IPSec and OSPF routing. The firewall ASA provides NAT and firewall services between inside and outside networks. Switches S1 and S2 establish VLANs, trunking, port security, and DHCP snooping to segment and secure network access.

Uploaded by

artifexe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
84 views6 pages

Hands On Skills Assessment Script

The documents configure two routers, a firewall, and two switches to establish secure connectivity and services. Router R1 and R3 establish VPN connectivity with IPSec and OSPF routing. The firewall ASA provides NAT and firewall services between inside and outside networks. Switches S1 and S2 establish VLANs, trunking, port security, and DHCP snooping to segment and secure network access.

Uploaded by

artifexe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

R1

hostname R1
no ip domain-lookup
int g0/0
ip address 209.165.200.225 255.255.255.248
no shut
int s0/0/1
ip address 209.165.200.233 255.255.255.252
no shut
exit
security passwords min-length 10
enable algorithm-type scrypt secret cisco12345
username Admin01 privilege 15 algorithm-type scrypt secret admin01pass
banner motd # Unauthorized Access is Prohibited! #
no ip http server
no ip http secure-server
ip domain-name ccnasecurity.com
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
ip ssh time-out 90
ip ssh authentication-retries 2
aaa new-model
aaa authentication login default local
line con 0
logging sync
exit
line vty 0 4
logging sync
transport input ssh
login authentication default
exit
ntp authenticate
ntp authentication-key 1 md5 NTPpassword
ntp trusted-key 1
ntp master 3
logging host 172.30.3.3
logging trap warnings
ip route 192.168.10.0 255.255.255.0 209.165.200.226
ip route 172.30.3.0 255.255.255.0 209.165.200.234

================================================================================
========
R3
license boot module c1900 technology-package securityk9
write
hostname R3
no ip domain-lookup
int s0/0/0
ip address 209.165.200.232 255.255.255.252
clock rate 64000
no shut
int fa0/1
ip address 172.30.3.1 255.255.255.0
no shut
exit
security passwords min-length 10
enable algorithm-type scrypt secret cisco12345
username Admin01 privilege 15 algorithm-type scrypt secret admin01pass
banner motd # Unauthorized Access is Prohibited! #
no ip http server
no ip http secure-server
ip domain-name ccnasecurity.com
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
ip ssh time-out 90
ip ssh authentication-retries 2
aaa new-model
aaa authentication login default local
aaa authorization exec default local
line con 0
logging sync
exit
line vty 0 4
transport input ssh
login authentication default
exit
ntp authenticate
ntp authentication-key 1 md5 NTPpassword
ntp trusted-key 1
ntp server 209.165.200.233
ntp update-calendar
logging host 172.30.3.3
logging trap warnings
ip route 0.0.0.0 0.0.0.0 209.165.200.233
Zone security INSIDE
exit
zone security INTERNET
exit
class-map match-any INSIDE_PROTOCOLS
exit
class-map type inspect match-any INSIDE_PROTOCOLS
match protocol tcp
match protocol udp
match protocol icmp
exit
policy-map type inspect INSIDE_TO_INTERNET
class type inspect INSIDE_PROTOCOLS
inspect
exit
exit
zone-pair security IN_TO_OUT_ZONE source INSIDE destination INTERNET
service-policy type inspect INSIDE_TO_INTERNET
exit
int fa0/1
zone-member security INSIDE
exit
int s0/0/0
zone-member security OUTSIDE
exit
crypto isakmp enable
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
exit
crypto isakmp key ciscopreshare address 209.165.200.226
crypto ipsec transform-set TRNSFRM-SET esp-3des esp-sha-hmac
exit
ip access-list 101 permit ip 172.30.3.0 0.0.0.255 192.168.10.0 0.0.0.255
crypto map CMAP 1 ipsec-isakmp
match address 101
set peer 209.165.200.226
set transform-set TRNSFRM-SET
exit
int s0/0/0
crypto map CMAP
exit

================================================================================
=========
ASA
hostname CCNAS-ASA
domain-name ccnasecurity.com
enable password cisco12345
username Admin01 password admin01pass
aaa authentication ssh console LOCAL
int vlan 1
nameif inside
ip address 192.168.10.1 255.255.255.0
security-level 100
int vlan 2
nameif outside
ip address 209.165.200.226 255.255.255.248
security-level 0
exit
int e0/0
no shut
switchport access vlan 2
int e0/1
no shut
switchport access vlan 1
exit
crypto key generate rsa modulus 1024
ssh 192.168.10.0 255.255.255.0 inside
ssh time-out 10
ssh version 2
route outside 0.0.0.0 0.0.0.0 209.165.200.225
http server enable
http 192.168.10.0 255.255.255.0 inside
object network INSIDE-NET
subnet 192.168.10.0 255.255.255.0
nat (inside,outside) dynamic interface
exit
conf t
class-map inspection_default
match default-inspection-traffic
exit
policy-map global_policy
class inspection_default
inspect icmp
exit

================================================================================
==========
S1
hostname S1
no ip domain-lookup
line con 0
logging sync
exit
enable algorithm-type secret cisco12345
Username Admin01 privilege 15 algorithm-type scrypt secret admin01pass
banner motd # Unauthorized Access is Prohibited! #
no ip http server
no ip http secure-server
ip domain-name ccnasecurity.com
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 90
line vty 0 4
logging sync
exec-timeout 5 0
transport input ssh
exit
aaa new-model
aaa authentication login default local
aaa authorization exec default local
vlan 2
name NewNative
vlan 10
name LAN
vlan 99
name Blackhole
exit
int range fa0/1-2
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 2
switchport trunk allowed vlan add 10
switchport trunk allowed vlan add 99
exit

================================================================================
=========
S2

hostname S2
no ip domain-lookup
line con 0
logging sync
exit
enable algorithm-type secret cisco12345
Username Admin01 privilege 15 algorithm-type scrypt secret admin01pass
banner motd # Unauthorized Access is Prohibited! #
no ip http server
no ip http secure-server
ip domain-name ccnasecurity.com
crypto key generate rsa general-keys modulus 1024
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 90
line vty 0 4
logging sync
exec-timeout 5 0
transport input ssh
exit
aaa new-model
aaa authentication login default local
aaa authorization exec default local
vlan 2
name NewNative
vlan 10
name LAN
vlan 99
name Blackhole
exit
int range fa0/1-2
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 2
switchport trunk allowed vlan add 10
switchport trunk allowed vlan add 99
exit
int fa0/18, fa0/24
switchport mode access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
exit
int fa0/18
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation shutdown
exit
int range fa0/3-17,fa0/19-23,g0/1-2
switchport native vlan 99
shutdown
exit
spanning-tree loopguard default
ip dhcp snooping
ip dhcp snooping vlan 10
int fa0/24
ip dhcp snooping trust
exit

You might also like