 |
 |  |  |
 |
 | Module 1 - 8:
Labs |
|  |
 |
 | : Intrusion Detection and Prevention Technology |
 | | |
 |
There are no labs for this module.
| |
|  |
 |
 | : Configure Network Intrusion Detection and Prevention |
|  |
 |
 | : Encryption and VPN Technology |
 | | |
 |
There are no labs for this module.
| |
|  |
 |
 | : Configure Site-to-Site VPN Using Pre-shared Keys |
 | | |
 |
 |
|
e-Lab
Activity: Prepare for IPSec
In this activity, the student will check the
current router configuration and ensure the existing access lists on perimeter
routers do not block IPSec traffic.
|
 |
|
e-Lab
Activity: Configure IKE
In this activity, students will learn how to
configure the IKE parameters gathered earlier.
|
 |
|
e-Lab
Activity: Configure IPSec
In this activity, students will learn how to
configure transform set suites.
|
 |
|
Lab
Exercise: Configure IOS IPSec using Pre-shared Keys
In this lab, students
will prepare to configure Virtual Private Network (VPN) support. Students will
learn to configure Internet Key Exchange (IKE) phase one. Students will also
configure IKE parameters and verify IKE and IP Security (IPSec). Students will
then configure the IPSec parameters. Finally, students will test and verify the
IPSec configuration.
|
 |
|
e-Lab
Activity: Configure Cisco IOS IPSec for Pre-Shared Keys
In this lab
activity, the student will configure a secure VPN gateway using IPSec between
two Cisco routers to use pre-shared keys for authentication.
|
 |
|
e-Lab
Activity: IPSec Transforms Supported in the Cisco IOS Software
In this
activity, the student will use help command to display IPSec transform.
|
 |
|
Lab
Exercise: Configuring Cisco IOS IPSec with Pre-Shared Keys using SDM
In
this lab, students will prepare to configure VPN support. Students will learn
to configure a VPN tunnel using the SDM VPN Wizard. Students will also modify
the IKE and IPSec configuration. Students will then test and verify the IPSec
configuration.
|
 |
|
Lab
Exercise: Configuring Cisco GRE IPSec Tunnel using SDM
In this lab,
students will prepare to configure VPN support. Students will learn to
configure a GRE/IPSec tunnel using the SDM VPN Wizard. Students will also
modify the GRE/IPSec configuration. Students will then test and verify the
GRE/IPSec configuration.
|
 |
|
e-Lab Activity: Enable/Disable IKE on a PIX Security Appliance Interface
In this activity, the student will demonstrate how to enable/disable IKE on
the PIX Security Appliance.
|
 |
|
e-Lab
Activity: Configure an ISAKMP Policy on a PIX Security Appliance
In this activity, the student will configure an ISAKMP policy on the PIX
Security Appliance.
|
 |
|
e-Lab
Activity: Define a Tunnel Group on a PIX Security Appliance
In this activity, the student will configure a tunnel group on the PIX
Security Appliance.
|
 |
|
e-Lab
Activity: Configure a Crypto ACL on a PIX Security Appliance
In this
activity, the student will configure a crypto ACL on the PIX Security
Appliance.
|
 |
|
e-Lab
Activity: Configure a Transform Set and ISAKMP Policy on a PIX Security
Appliance
In this activity, the student will configure a transform set
ISAKMP policy on the PIX Security Appliance.
|
 |
|
e-Lab
Activity: Create a Crypto Map and apply it to a PIX Security Appliance
Interface
In this activity, the student will create a crpto map and apply
it to a PIX Security Appliance interface.
|
 |
|
Lab
Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel
Using CLI
In this lab exercise, students will prepare to configure VPN
support. Students will then configure IKE and IPSec parameters. Finally,
students will test and verify IPSec configuration.
|
 |
|
Lab
Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel
Using ASDM
In this lab exercise, students will configure IKE and IPSec
parameters using the ADSM VPN Wizard. Students will then test and verify IPSec
configuration.
|
 | |
| |
|  |
 |
 | : Configure Site-to-Site VPNs Using Digital Certificates |
 | | |
 |
 |
|
e-Lab
Activity: Configure CA Support
In this activity, students will learn how to configure Cisco IOS CA
support.
|
 |
|
e-Lab
Activity: Configure IKE
In this activity, students will learn how to
configure the IKE parameters gathered.
|
 |
|
e-Lab
Activity: Configure IPSec
In this activity, students will learn how to
use the general tasks and commands to configure IPSec encryption on Cisco
routers.
|
 |
|
Lab
Exercise: Configure IPSec using Digital Certificates
In this lab,
students will first prepare for IKE and IPSec. Students will then learn to
configure certificate support. Students will also configure IKE and IPSec.
Finally, students will test and verify the IPSec configuration.
|
 |
|
e-Lab
Activity: Configure Cisco IOS CA Support (RSA Signatures)
In this lab activity, the student will configure a secure VPN gateway using
IPSec between two Cisco routers using a certificate authority (CA) server.
|
 |
|
e-Lab
Activity: Testing and Verifying IPSec
In this activity, students will
learn how to use show, clear, and debug commands for testing, troubleshooting
and verifying IPSec and ISAKMP.
|
 |
|
Lab
Exercise: Configure a Site-to-Site IPSec VPN Tunnel with CA Support
In
this lab exercise, students will prepare for and then configure CA support.
Students will then configure and verify IKE and IPSec Parameters. Students will
verify that the VPN connection is up and working properly. Finally, students
will verify the VPN status and configuration using PDM.
|
 |
|
e-Lab
Activity: Configure Cisco PIX Security Appliance for CA Support (RSA
Signatures)
In this lab activity, the student will configure a secure VPN
gateway using IPSec between two PIX Security Appliances using digital
certificates.
|
 | |
| |
|  |
 |
 | : Configure Remote Access VPN |
 | | |
 |
 |
|
Lab
Exercise: Configure Remote Access Using Cisco Easy VPN
In this lab,
students will learn to enable policy lookup via authentication, authorization,
and accounting (AAA). Students will then define group policy information for
mode configuration push. Students will also configure and verify the IPSec
transforms and crypto maps. Students will also learn to install and configure
the Cisco VPN Client 4.0 or later, and then use the VPN Client to connect to
the corporate Intranet.
|
 |
|
Lab
Exercise: Configure Cisco Easy VPN Server with NAT
In this lab, students
will first verify the Easy VPN Server configuration. Students will learn to
configure and modify PAT using both SDM and CLI. Students will also test remote
connectivity.
|
 |
|
e-Lab Activity: Configure the Adaptive Security Appliance for WebVPN
In this activity, the student will configure the Adaptive Security Appliance
for WebVPN.
|
 |
|
Lab
Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client
using ASDM
In this lab exercise, students will configure the PIX Easy VPN
Server feature using the VPN Wizard. Students will then install and configure
the Cisco VPN Client on the Student PC. Finally, students will verify and Test
the Cisco VPN Client remote access connection.
|
 |
|
Lab
Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client
using CLI
In this lab exercise, students will configure and verify the
PIX Easy VPN Server feature using CLI. Students will then install and configure
the Cisco VPN Client on a Microsoft Windows end-user PC. Finally, students will
verify and Test the Cisco VPN Client remote access connection.
|
 | |
| |
|  |
 |
 | : Secure Network Architecture and Management |
 | | |
 |
 |
|
Lab
Exercise: Configure SNMP Messages on a Cisco Router
In this lab, students will learn to configure SNMP. Students will install
SNMP trap watcher and enable SNMP Community Strings. Students will then
establish the contact and location of the SNMP Agent. Students will also test
the configuration. Students will then learn to limit SNMP to the inside server.
Finally, students will disable SNMP traps, and then disable SNMP and the
associated ACL.
|
 |
|
Lab
Exercise: Configure SNMP Monitoring of the PIX Security Appliance Using
ASDM
In this lab exercise, students will enable the SNMP community
string. Students will also establish the contact and location of the SNMP
Agent. Students will then learn to limit SNMP to the inside server. Finally,
students will test the configuration.
|
 | |
| |
|  |
 |
 | : PIX Security Appliance Contexts, Failover, and Management |
 | | |
 |
 |
|
Lab
Exercise: Configure LAN-Based Failover (OPTIONAL)
In this lab exercise
students will learn to configure the primary PIX Security Appliance for
LAN-based stateful failover to the secondary PIX Security Appliance. Students
will then learn to configure the secondary PIX Security Appliance for LAN-based
failover. The students will then test the LAN-based failover. Finally, the
students will make the primary PIX Security Appliance active.
|
 |
|
e-Lab
Activity: Configure a PIX Security Appliance for Active/Standby Failover
In this activity, the student will configure active/active failover on the
PIX Security Appliance.
|
 |
|
Lab
Exercise: Configure a PIX Security Appliance as a Transparent Firewall
In this lab activity, students will configure a PIX Security Appliance is
transparent mode.
|
 |
|
e-Lab
Activity: The PIX Security ApplianceĀ telnet
Command
In this activity, the student will demonstrate how to use the
telnet command.
|
 |
|
Lab
Exercise: Configure User Authentication and Command Authorization using
ASDM
In this lab exercise, students will configure command authorization,
local user authentication, and SSH.
|
 |
|
Lab
Exercise: Configure SSH, Command Authorization, and Local User Authentication
using CLI
In this lab exercise, students will configure and verify SSH
operation. Students will then configure command authorization and local user
authentication.
|
 |
|
Lab
Exercise: Perform Password Recovery on the PIX Security Appliance
In this lab exercise, students will learn to upgrade the PIX Security
Appliance software image. Students will also learn to perform password recovery
procedures.
|
 |
|
e-Lab
Activity: Upgrade the PIX Security Appliance Software Image
In this lab, the student will initialize the PIX Security Appliance by
loading the latest software image and configuring console access. The student
will also become familiar with the general maintenance commands.
|
 | |
| |
|  |
 |  |  |
|