Scribd Logo
Upload

Welcome to Scribd!

  • Asdg

    Uploaded by

    David Krukemeyer
    9 views3 pages

    Original Title

    asdg.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views3 pages

    Asdg

    Uploaded by

    David Krukemeyer

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CORP(config)# security password min-length 10

    CORP(config)# enable secret ciscoclass


    CORP(config)# service password-encryption
    CORP(config)# line consol 0
    CORP(config-line)# login local
    CORP(config-line)# exec-timeout 20 0
    CORP(config-line)# line vty 0 4
    CORP(config-line)# login local
    CORP(config-line)# exec-timeout 20 0
    CORP(config-line)# line vty 5 15
    CORP(config-line)# login local
    CORP(config-line)# exec-timeout 20 0
    CORP(config)# interface s0/0/0
    CORP(config-if)# no cdp enable
    CORP(config)# ntp server 172.16.25.2 key 0
    CORP(config)# ntp update-calendar
    CORP(config)# service timestamps log datetime msec
    CORP(config)# logging host 172.16.25.2
    CORP(config)# ip domain-name theccnas.com
    CORP(config)# crypto key generate rsa
    How many bits in the modulus [512]: 1024
    CORP(config)# ip ssh version 2
    CORP(config)# ip ssh time-out 90
    CORP(config)# ip ssh authentication-retries 2
    CORP(config)# line vty 0 4
    CORP(config-line)# transport input ssh
    CORP(config)# line vty 5 15
    CORP(config-line)# transport input ssh
    CORP(config-line)# exit
    CORP(config)# aaa new model
    CORP(config)# aaa authentication login default local
    CORP(config)# aaa authorization exec default local
    CORP(config)# line vty 0 4
    CORP(config-line)# login authentication default
    CORP(config-line)# line vty 5 15
    CORP(config-line)# login authentication default
    CORP(config-line)# line con 0
    CORP(config-line)# login authentication default

    SW1(config)# interface fa0/24


    SW1(config)# storm-control broadcast level 50
    SW1(config)# interface range fa0/1-23
    SW1(config-if-range)# spanning-tree portfast
    SW1(config-if-range)# spanning-tree bpduguard enable
    SW1(config)# interface range fa0/1-23
    SW1(config-if-range)# switchport port-security
    SW1(config-if-range)# switchport port-security maximum 2
    SW1(config-if-range)# switchport port-security violation shutdown
    SW1(config-if-range)# switchport port-security mac-address sticky
    SW1(config)# interface range fa0/2-5
    SW1(config-if-range)# shutdown
    SW1(config)# interface range fa0/7-10
    SW1(config-if-range)# shutdown
    SW1(config)# interface range fa0/13-23
    SW1(config-if-range)# shutdown
    SW1(config-if-range)# end
    SW1# copy running-config startup-config
    CORP# mkdir ipsdir
    CORP(config)# ip ips config location flash:ipsdir/ retries 1
    CORP(config)# ip ips name corpips
    CORP(config)# ip ips signature-category
    CORP(config-ips-category)# category all
    CORP(config-ips-category-action)# retired true
    CORP(config-ips-category-action)# exit
    CORP(config-ips-category)# category ios_ips basic
    CORP(config-ips-category-action)# retired false
    CORP(config-ips-category-action)# exit
    CORP(config-ips-category)# exit
    Do you want to accept these changes? [confirm] [Enter]
    CORP(config)# interface fa0/0
    CORP(config-if)# ip ips corpips out
    CORP(config)#ip ips signature-definition
    CORP(config-sigdef)# signature 2004 0
    CORP(config-sigdef-sig)# status
    CORP(config-sigdef-sig-status)# retired false
    CORP(config-sigdef-sig-status)# enable true
    CORP(config-sigdef-sig-status)# exit
    CORP(config-sigdef-sig)# engine
    CORP(config-sigdef-sig-engine)# event-action produce-alert
    CORP(config-sigdef-sig-engine)# event-action deny-packet-inline
    CORP(config-sigdef-sig-engine)# exit
    CORP(config-sigdef-sig)# exit
    CORP(config-sigdef)# exit
    CORP(config)# exit
    Do you want to accept these changes? [confirm] [Enter]
    CORP(config)# access-list 12 permit host 172.16.25.5
    CORP(config)# access-list 12 permit host 198.133.219.35
    CORP(config)# line vty 0 4
    CORP(config-line)# access-class 12 in
    CORP(config-line)# line vty 5 15
    CORP(config-line)# access-class 12 in
    CORP(config)# ip access-list extended DMZFIREWALL
    CORP(config-ext-nacl)# permit tcp any host 10.1.1.2 eq www
    CORP(config-ext-nacl)# permit tcp any host 10.1.1.5 eq domain
    CORP(config-ext-nacl)# permit udp any host 10.1.1.5 eq domain
    CORP(config-ext-nacl)# permit ip 172.16.25.0 0.0.0.255 10.1.1.0 0.0.0.255
    CORP(config-ext-nacl)# permit tcp host 198.133.219.35 host 10.1.1.2 eq ftp
    CORP(config-ext-nacl)# exit
    CORP(config)# interface fa0/0
    CORP(config-if)# ip access-group DMZFIREWALL out
    CORP(config)# ip access-list extended INCORP
    CORP(config-ext-nacl)# permit tcp any host 209.165.200.241 eq www
    CORP(config-ext-nacl)# permit tcp any host 209.165.200.242 eq domain
    CORP(config-ext-nacl)# permit udp any host 209.165.200.242 eq domain
    CORP(config-ext-nacl)# permit tcp host 198.133.219.35 host 209.165.200.226 eq 22
    CORP(config-ext-nacl)# permit ip host 198.133.219.2 host 209.165.200.226
    CORP(config-ext-nacl)# permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15
    CORP(config-ext-nacl)# exit
    CORP(config)# interface s0/0/0
    CORP(config-ifl)# ip access-group INCORP in
    CORP(config)# ip inspect name INTOCORP icmp
    CORP(config)# ip inspect name INTOCORP tcp
    CORP(config)# ip inspect name INTOCORP udp
    CORP(config)# ip inspect audit-trail
    CORP(config)# interface s0/0/0
    CORP(config-if)# ip inspect INTOCORP out

    Branch(config)# zone security BR-IN-ZONE


    Branch(config-sec-zone)# exit
    Branch(config)# zone security BR-OUT-ZONE
    Branch(config-sec-zone)# exit
    Branch(config)# access-list 110 permit ip 198.133.219.32 0.0.0.31 any
    Branch(config)# class-map type inspect match-all BR-IN-CLASS-MAP
    Branch(config-cmap)# match access-group 110
    Branch(config)# policy-map type inspect BR-IN-OUT-PMAP
    Branch(config-pmap)# class type inspect BR-IN-CLASS-MAP
    Branch(config-pmap-c)# inspect
    Branch(config)# zone-pair security IN-OUT-ZPAIR source BR-IN-ZONE destination BR-
    OUT-ZONE
    Branch(config-sec-zone-pair)# service-policy type inspect BR-IN-OUT-PMAP
    Branch(config)# interface fa0/0
    Branch(config-if)# zone-member security BR-IN-ZONE
    Branch(config-if)# interface s0/0/0
    Branch(config-if)# zone-member security BR-OUT-ZONE

    CORP(config)# access-list 120 permit ip 209.165.200.240 0.0.0.15 198.133.219.32


    0.0.0.31
    CORP(config)# crypto isakmp policy 10
    CORP(config-isakmp)# encryption aes 256
    CORP(config-isakmp)# authentication pre-share
    CORP(config-isakmp)#group 2
    CORP(config-isakmp)# lifetime 86400 (Default/Optional)
    CORP(config-isakmp)# hash sha (Default/optional)
    CORP(config-isakmp)# exit
    CORP(config)# crypto isakmp key Vpnpass101 address 198.133.219.2
    CORP(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
    CORP(config)# crypto map VPN-MAP 10 ipsec-isakmp
    CORP(config-crypto-map)# set peer 198.133.219.2
    CORP(config-crypto-map)# set transform-set VPN-SET
    CORP(config-crypto-map)# match address 120
    CORP(config)# interface s0/0/0
    CORP(config-if)# crypto map VPN-MAP
    CORP(config-if)# end

    Branch(config)# access-list 120 permit ip 198.133.219.32 0.0.0.31 209.165.200.240


    0.0.0.15
    Branch(config)# crypto isakmp policy 10
    Branch(config-isakmp)# encryption aes 256
    Branch(config-isakmp)# authentication pre-share
    Branch(config-isakmp)# group 2
    Branch(config-isakmp)# lifetime 86400 (Default/Optional)
    Branch(config-isakmp)# hash sha (Default/optional)
    Branch(config-isakmp)# exit
    Branch(config)# crypto isakmp key Vpnpass101 address 209.165.200.226
    Branch(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
    Branch(config)# crypto map VPN-MAP 10 ipsec-isakmp
    Branch(config-crypto-map)# set peer 209.165.200.226
    Branch(config-crypto-map)# set transform-set VPN-SET
    Branch(config-crypto-map)# match address 120
    Branch(config-crypto-map)# exit
    Branch(config)# interface s0/0/0
    Branch(config-if)# crypto map VPN-MAP
    Branch(config-if)# end

    You might also like