Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

Published byColin Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives  Describe the enterprise requirements for providing teleworker services  Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless  Describe how VPN technology provides secure teleworker services in an Enterprise setting

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 Describe the Enterprise Requirements for Providing Teleworker Services  Describe the benefits of teleworkers for business, society and the environment.

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 Connection Options

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Describe the Enterprise Requirements for Providing Teleworker Services  Describe the key differences between private and public network infrastructures

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Explain How Broadband Services extend Enterprise Networks

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 Explain How Broadband Services extend Enterprise Networks  Describe how Enterprises use cable connectivity to extend their reach

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Explain How Broadband Services extend Enterprise Networks

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Explain How Broadband Services extend Enterprise Networks  Describe how Enterprises use broadband wireless connectivity to extend their reach

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Explain How Broadband Services extend Enterprise Networks

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Compare site-to-site VPNs to remote-access VPNs

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Describe the hardware and software components that typically make up a VPN

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Describe the characteristics of secure VPNs

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Describe the concept of VPN tunneling

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Describe the concept of VPN encryption

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17 Describe How VPN Technology Provides Secure Teleworker Services in an Enterprise Setting  Describe the concept of IPsec Protocols

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Summary  Requirements for providing teleworker services are: –Maintains continuity of operations –Provides for increased services –Secure & reliable access to information –Cost effective –Scalable  Components needed for a teleworker to connect to an organization’s network are: –Home components –Corporate components

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Summary  Broadband services used –Cable transmits signal in either direction simultaneously –DSL requires minimal changes to existing telephone infrastructure delivers high bandwidth data rates to customers –Wireless increases mobility wireless availability via: » municipal WiFi » WiMax » satellite internet

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20 Summary  Securing teleworker services –VPN security achieved through using Advanced encryption techniques Tunneling –Characteristics of a secure VPN Data confidentiality Data integrity authentication

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 21 Practise LAB CCNA4 http://download.fw.sk/cviko/opakovanie4sem.pkt

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Network topology

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 BA-GW(config)# interface FastEthernet 0/1 BA-GW(config-if)# ip address 10.10.254.1 255.255.255.0 BA-GW(config-if)# no shutdown Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# ip address 10.10.1.1 255.255.255.252 Nitra(config-if)# clock rate 128000 Nitra(config-if)# no shutdown Basic configuration Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# ip address 10.10.1.5 255.255.255.252 Nitra(config-if)# clock rate 128000 Nitra(config-if)# no shutdown Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Nitra-L1(config)# ipv6 unicast-routing Nitra-L1(config)# interface FastEthernet 0/1 Nitra-L1(config-if)# ipv6 address 2001:ac4::1/64 Nitra-L1(config-if)# no shutdown Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip address 10.10.1.2 255.255.255.252 Nitra-L1(config-if)# no shutdown Nitra-L2(config)# interface FastEthernet 0/0 Nitra-L2(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L2(config-if)# no shutdown Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ip address 10.10.1.6 255.255.255.252 Nitra-L2(config-if)# no shutdown Nitra-L2(config)# ipv6 unicast-routing Nitra-L2(config)# interface FastEthernet 0/1 Nitra-L2(config-if)# ipv6 address 2001:ac2::1/64 Nitra-L2(config-if)# no shutdown Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip address 10.10.10.1 255.255.255.0 Presov(config-if)# no shutdown

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 DHCP service Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown BA-GW(config)# ip dhcp pool LAN6 BA-GW(config-dhcp)# network 10.10.254.0 255.255.255.0 BA-GW(config-dhcp)# default-route 10.10.254.1 BA-GW(config-dhcp)# dns-server 147.232.22.1 BA-GW(config-dhcp)# domain cnl.tuke.sk BA-GW(config-dhcp)# lease 0 1 30

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 DHCP service Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Nitra-L1(config)# ip dhcp pool LAN3 Nitra-L1(config-dhcp)# network 10.10.10.0 255.255.255.0 Nitra-L1(config-dhcp)# default-route 10.10.10.1 Nitra-L1(config-dhcp)# dns-server 147.232.22.1 Nitra-L1(config-dhcp)# domain cnl.tuke.sk Nitra-L1(config-dhcp)# lease 0 1 30 Nitra-L2(config)# ip dhcp pool LAN1 Nitra-L2(config-dhcp)# network 10.10.10.0 255.255.255.0 Nitra-L2(config-dhcp)# default-route 10.10.10.1 Nitra-L2(config-dhcp)# dns-server 147.232.22.1 Nitra-L2(config-dhcp)# domain cnl.tuke.sk Nitra-L2(config-dhcp)# lease 0 1 30 Presov(config)# ip dhcp pool LAN5 Presov(config-dhcp)# network 10.10.10.0 255.255.255.0 Presov(config-dhcp)# default-route 10.10.10.1 Presov(config-dhcp)# dns-server 147.232.22.1 Presov(config-dhcp)# domain cnl.tuke.sk Presov(config-dhcp)# lease 0 1 30 Nitra-L1(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10 Nitra-L2(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10 Presov(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.10

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 DHCP client Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown BA-GW(config)# interface FastEthernet 0/0 BA-GW(config-if)# ip address dhcp BA-GW(config-if)# no shutdown BA-GW# show ip route C 10.10.254.0 is directly connected, FastEthernet0/1 C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1 KE-GW(config)# interface FastEthernet 0/0 KE-GW(config-if)# ip address dhcp KE-GW(config-if)# no shutdown KE-GW# show ip route C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 27 Static/Dynamic NAT: Configure static NAT on Presov, Nitra-L1 and Nitra-L2 routers, So IP address 10.10.10.2 statically assigned in LAN1,3,5 will be Mapped to IP address: 10.10.104.2(LAN5), 10.10.121.2(LAN3), 10.10.122.2 (LAN1) Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Static/Dynamic NAT Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip nat inside Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip nat outside Nitra-L1(config)# ip nat inside source static 10.10.10.1 10.10.121.2 Nitra-L2(config)# interface FastEthernet 0/0 Nitra-L2(config-if)# ip nat inside Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ip nat outside Nitra-L2(config)# ip nat inside source static 10.10.10.1 10.10.122.2 Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip nat inside Presov(config)# interface Serial 0/0/0 Presov(config-if)# ip nat outside Presov(config)# ip nat inside source static 10.10.10.1 10.10.104.2

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Dynamic NAT: LAN5->10.10.104.0/24 LAN3->10.10.121.0/24 LAN1->10.10.122.0/24 Nitra-L1(config)# ip nat pool POOL 10.10.121.3 10.10.121.254 netmask 255.255.255.0 Nitra-L1(config)# ip access-list standard ACL Nitra-L1(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Nitra-L1(config)# ip nat inside source list ACL pool POOL Nitra-L2(config)# ip nat pool POOL 10.10.122.3 10.10.122.254 netmask 255.255.255.0 Nitra-L2(config)# ip access-list standard ACL Nitra-L2(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Nitra-L2(config)# ip nat inside source list ACL pool POOL Presov(config)# ip nat pool POOL 10.10.104.3 10.10.104.254 netmask 255.255.255.0 Presov(config)# ip access-list standard ACL Presov(config-std-nacl)# permit 10.10.10.0 0.0.0.255 Presov(config)# ip nat inside source list ACL pool POOL

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown PPP (PAP,CHAP) Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# encapsulation ppp Nitra(config-if)# ppp authentication pap Nitra(config-if)# ppp pap sent-username NIRCENTRAL password n1rc3ntr4l Nitra(config)# username NIRLONE password n1rl0n3 Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# encapsulation ppp Nitra-L1(config-if)# ppp authentication pap Nitra-L1(config-if)# ppp pap sent-username NIRLONE password n1rl0n3 Nitra-L1(config)# username NIRCENTRAL password n1rc3ntr4l Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# encapsulation ppp Nitra(config-if)# ppp authentication chap Nitra(config-if)# ppp chap hostname NIRCENTRAL Nitra(config-if)# ppp chap password n1rc3ntr4l Nitra(config)# username NIRLTWO password n1rltw0 Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# encapsulation ppp Nitra-L2(config-if)# ppp authentication chap Nitra-L2(config-if)# ppp chap hostname NIRLTWO Nitra-L2(config-if)# ppp chap password n1rltw0 Nitra(config)# username NIRCENTRAL password n1rc3ntr4l

30 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown IPv6 Nitra-L1(config)# ipv6 router rip ROUTING Nitra-L1(config)# interface FastEthernet 0/1 Nitra-L1(config-if)# ipv6 rip ROUTING enable Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ipv6 address autoconfig Nitra-L1(config-if)# ipv6 rip ROUTING enable Nitra-L2(config)# ipv6 router rip ROUTING Nitra-L2(config)# interface FastEthernet 0/1 Nitra-L2(config-if)# ipv6 rip ROUTING enable Nitra-L2(config)# interface Serial 0/0/0 Nitra-L2(config-if)# ipv6 address autoconfig Nitra-L2(config-if)# ipv6 rip ROUTING enable Nitra(config)# ipv6 unicast-routing Nitra(config)# ipv6 router rip ROUTING Nitra(config)# interface Serial 0/0/1 Nitra(config-if)# ipv6 address autoconfig Nitra(config-if)# ipv6 rip ROUTING enable Nitra(config)# interface Serial 0/1/0 Nitra(config-if)# ipv6 address autoconfig Nitra(config-if)# ipv6 rip ROUTING enable

31 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown IPv6 Nitra-L2#sh ipv6 route C 2001:AC2::/64 [0/0] via ::, FastEthernet0/1 L 2001:AC2::1/128 [0/0] via ::, FastEthernet0/1 R 2001:AC4::/64 [120/2] via FE80::260:2FFF:FE00:D401, Serial0/0/0 L FF00::/8 [0/0] via ::, Null0

32 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay

33 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay

34 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Frame-Relay BA-GW(config)# interface Serial 0/0/0 BA-GW(config-if)# encapsulation frame-relay BA-GW(config-if)# frame-relay lmi-type cisco BA-GW(config-if)# no shutdown BA-GW(config)# interface Serial 0/0/0.1 multipoint BA-GW(config-subif)# frame-relay interface-dlci 104 BA-GW(config-subif)# frame-relay interface-dlci 102 BA-GW(config-subif)# ip address 10.10.124.1 255.255.255.0 KE-GW(config)# interface Serial 0/0/0 KE-GW(config-if)# encapsulation frame-relay KE-GW(config-if)# frame-relay lmi-type cisco KE-GW(config-if)# no shutdown KE-GW(config)# interface Serial 0/0/0.1 multipoint KE-GW(config-subif)# frame-relay interface-dlci 304 KE-GW(config-subif)# frame-relay interface-dlci 302 KE-GW(config-subif)# ip address 10.10.234.3 255.255.255.0 Nitra(config)# interface Serial 0/0/0 Nitra(config-if)# encapsulation frame-relay Nitra(config-if)# frame-relay lmi-type cisco Nitra(config-if)# no shutdown Nitra(config)# interface Serial 0/0/0.1 multipoint Nitra(config-subif)# frame-relay interface-dlci 201 Nitra(config-subif)# ip address 10.10.124.2 255.255.255.0 Nitra(config)# interface Serial 0/0/0.2 multipoint Nitra(config-subif)# frame-relay interface-dlci 203 Nitra(config-subif)# ip address 10.10.234.2 255.255.255.0 Nitra(config)# interface Serial 0/0/0.204 point-to-point Nitra(config-subif)# frame-relay interface-dlci 204 Nitra(config-subif)# ip address 10.10.24.2 255.255.255.0 Presov(config)# interface Serial 0/0/0 Presov(config-if)# encapsulation frame-relay Presov(config-if)# frame-relay lmi-type cisco Presov(config-if)# no shutdown Presov(config)# interface Serial 0/0/0.1 multipoint Presov(config-subif)# frame-relay interface-dlci 201 Presov(config-subif)# ip address 10.10.124.4 255.255.255.0 Presov(config)# interface Serial 0/0/0.2 multipoint Presov(config-subif)# frame-relay interface-dlci 203 Presov(config-subif)# ip address 10.10.234.4 255.255.255.0 Presov(config)# interface Serial 0/0/0.402 point-to-point Presov(config-subif)# frame-relay interface-dlci 402 Presov(config-subif)# ip address 10.10.24.4 255.255.255.0

35 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Nitra-L1(config)# show ip route C 10.10.1.0/30 is directly connected, Serial0/0/0 C 10.10.10.0/24 is directly connected, FastEthernet0/0 Nitra-L1(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.1 Nitra-L2(config)# show ip route C 10.10.1.4/30 is directly connected, Serial0/0/0 C 10.10.10.0/24 is directly connected, FastEthernet0/0 Nitra-L2(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.5

36 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Nitra# show ip route C 10.10.1.0/30 is directly connected, Serial0/0/1 C 10.10.1.4/30 is directly connected, Serial0/1/0 C 10.10.24.0/24 is directly connected, Serial0/0/0.204 C 10.10.124.0/24 is directly connected, Serial0/0/0.1 C 10.10.234.0/24 is directly connected, Serial0/0/0.2 Nitra(config)# ip route 10.10.121.0 255.255.255.0 10.10.1.2 Nitra(config)# ip route 10.10.122.0 255.255.255.0 10.10.1.6 Nitra(config)# ip route 10.10.104.0 255.255.255.0 10.10.24.4 Nitra(config)#ip route 0.0.0.0 0.0.0.0 10.10.124.1 10 Nitra(config)#ip route 0.0.0.0 0.0.0.0 10.10.234.3 20

37 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing Presov# show ip route C 10.10.10.0 is directly connected, FastEthernet0/0 C 10.10.24.0 is directly connected, Serial0/0/0.402 C 10.10.124.0 is directly connected, Serial0/0/0.1 C 10.10.234.0 is directly connected, Serial0/0/0.2 Presov(config)# ip route 10.10.121.0 255.255.255.0 10.10.24.2 Presov(config)# ip route 10.10.122.0 255.255.255.0 10.10.24.2 Presov(config)#ip route 0.0.0.0 0.0.0.0 10.10.124.1 10 Presov(config)#ip route 0.0.0.0 0.0.0.0 10.10.234.3 20 Presov(config)# Interface Serial 0/0/0.1 Presov(config-subif)# ip nat outside Presov(config)# Interface Serial 0/0/0.2 Presov(config-subif)# ip nat outside Presov(config)# Interface Serial 0/0/0.402 Presov(config-subif)# ip nat outside

38 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 38 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Routing BA-GW# show ip route C 10.10.124.0 is directly connected, Serial0/0/0.1 C 10.10.254.0 is directly connected, FastEthernet0/1 C 172.16.1.0 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [254/0] via 172.16.1.1 BA-GW(config)# ip route 10.10.121.0 255.255.255.0 10.10.124.2 BA-GW(config)# ip route 10.10.122.0 255.255.255.0 10.10.124.2 BA-GW(config)# ip route 10.10.104.0 255.255.255.0 10.10.124.4 KE-GW(config)# ip route 10.10.121.0 255.255.255.0 10.10.234.2 KE-GW(config)# ip route 10.10.122.0 255.255.255.0 10.10.234.2 KE-GW(config)# ip route 10.10.104.0 255.255.255.0 10.10.234.4

39 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 39 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Port Address Translation BA-GW(config)# interface FastEthernet 0/0 BA-GW(config-if)# ip nat outside BA-GW(config)# interface FastEthernet 0/1 BA-GW(config-if)# ip nat inside BA-GW(config)# interface Serial 0/0/0.1 BA-GW(config-subif)# ip nat inside KE-GW(config)# interface FastEthernet 0/0 KE-GW(config-if)# ip nat outside KE-GW(config)# interface Serial 0/0/0.2 KE-GW(config-subif)# ip nat inside BA-GW(config)# ip access-list standard NAT BA-GW(config-std-nacl)# permit 10.10.254.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.121.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.122.0 0.0.0.255 BA-GW(config-std-nacl)# permit 10.10.104.0 0.0.0.255 BA-GW(config)# ip nat inside source list NAT interface Fa0/0 overload KE-GW(config)# ip access-list standard NAT KE-GW(config-std-nacl)# permit 10.10.254.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.121.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.122.0 0.0.0.255 KE-GW(config-std-nacl)# permit 10.10.104.0 0.0.0.255 KE-GW(config)# ip nat inside source list NAT interface Fa0/0 overload

40 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 40 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Allow communication between LAN3 and LAN5 only when ICMP,POP3, SMTP or IMAP protocol is used. Nitra-L1(config)# ip access-list extended FILTER Nitra-L1(config-ext-nacl)# permit icmp any any Nitra-L1(config-ext-nacl)# permit tcp any any eq 110 Nitra-L1(config-ext-nacl)# permit tcp any any eq 995 Nitra-L1(config-ext-nacl)# permit tcp any any eq 25 Nitra-L1(config-ext-nacl)# permit tcp any any eq 143 Nitra-L1(config-ext-nacl)# deny ip any 10.10.104.0 0.0.0.255 Nitra-L1(config-ext-nacl)# permit ip any any Nitra-L1(config)# interface Serial 0/0/0 Nitra-L1(config-if)# ip access-group FILTER out

41 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 41 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Presov(config)# ip access-list extended FILTER Presov(config-ext-nacl)# permit icmp any any Presov(config-ext-nacl)# permit tcp any any eq 110 Presov(config-ext-nacl)# permit tcp any any eq 995 Presov(config-ext-nacl)# permit tcp any any eq 25 Presov(config-ext-nacl)# permit tcp any any eq 143 Presov(config-ext-nacl)# deny ip any 10.10.121.0 0.0.0.255 Presov(config-ext-nacl)# permit ip any any Presov(config)# interface FastEthernet 0/0 Presov(config-if)# ip access-group FILTER in

42 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 42 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Access control lists Allow access to virtual terminal of Nitra router only from the upper half of LAN6 address space (10.10.254.129 – 10.10.254.254) Nitra(config)# ip access-list standard VTYFILTER Nitra(config-std-nacl)# permit 10.10.254.128 0.0.0.127 Nitra(config)# line vty 0 4 Nitra(config-line)# ip access-class VTYFILTER in

43 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 43 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Security - SSH Nitra(config)# ip domain-name cnl.tuke.sk Nitra(config)# crypto key generate rsa Nitra(config)# ip ssh version 2 Nitra(config)# line vty 0 4 Nitra(config-line)# transport input ssh

44 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 44 Nitra-L1(config)# interface FastEthernet 0/0 Nitra-L1(config-if)# ip address 10.10.10.1 255.255.255.0 Nitra-L1(config-if)# no shutdown Security – local user database BA-GW(config)# username cisco password cisco BA-GW(config)# line console 0 BA-GW(config-line)# login local KE-GW(config)# username cisco password cisco KE-GW(config)# line console 0 KE-GW(config-line)# login local

45 © 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 45 Záver prezentácie Thank you for your attention Moderné vzdelávanie pre vedomostnú spoločnosť. Projekt je spolufinancovaný zo zdrojov EÚ.

Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Prototyping the WAN Designing and Supporting Computer Networks – Chapter 8.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Services in a Converged WAN Accessing the WAN – Chapter 1.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Services in a Converged WAN Accessing the WAN – Chapter 1.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
C ISCO W ORKSHOPS Ya Bao T714/T718. Tasks Construct a network on Cisco devices (team work) Cisco Package Tracer simulation (individual work)

C ISCO W ORKSHOPS Ya Bao T714/T718. Tasks Construct a network on Cisco devices (team work) Cisco Package Tracer simulation (individual work)
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.
Virtual Private Network

Virtual Private Network
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Sybex ICND2/CCNA R/S Chapter 21: Wide Area Networks Instructor & Todd Lammle.

Sybex ICND2/CCNA R/S Chapter 21: Wide Area Networks Instructor & Todd Lammle.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.

ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.

Similar presentations

Ads by Google