Module 1 - 8: Labs

: Intrusion Detection and Prevention Technology

There are no labs for this module.

: Configure Network Intrusion Detection and Prevention

Lab Exercise: Configure a Router with the IOS Intrusion Prevention System

In this lab activity, students will learn how to initialize IPS on the router. Students will also disable and exclude signatures. Students will then create and apply audit rules. After the IPS configuration is complete, students will verify the IPS configuration on the router and generate a test message.

Lab Exercise: Configure Intrusion Prevention on the PIX Security Appliance

In this lab exercise, students will configure the use of Cisco Intrusion Prevention System (IPS) information and attack signatures using both ADSM and CLI.

e-Lab Activity: Configure PIX Security Appliance Message Output to a Syslog Server

In this activity, the student will demonstrate how to configure message output to a Syslog server.

Resource: Getting Started with the AIP-SSM

: Encryption and VPN Technology

There are no labs for this module.

: Configure Site-to-Site VPN Using Pre-shared Keys

e-Lab Activity: Prepare for IPSec

In this activity, the student will check the current router configuration and ensure the existing access lists on perimeter routers do not block IPSec traffic.

e-Lab Activity: Configure IKE

In this activity, students will learn how to configure the IKE parameters gathered earlier.

e-Lab Activity: Configure IPSec

In this activity, students will learn how to configure transform set suites.

Lab Exercise: Configure IOS IPSec using Pre-shared Keys

In this lab, students will prepare to configure Virtual Private Network (VPN) support. Students will learn to configure Internet Key Exchange (IKE) phase one. Students will also configure IKE parameters and verify IKE and IP Security (IPSec). Students will then configure the IPSec parameters. Finally, students will test and verify the IPSec configuration.

e-Lab Activity: Configure Cisco IOS IPSec for Pre-Shared Keys

In this lab activity, the student will configure a secure VPN gateway using IPSec between two Cisco routers to use pre-shared keys for authentication.

e-Lab Activity: IPSec Transforms Supported in the Cisco IOS Software

In this activity, the student will use help command to display IPSec transform.

Lab Exercise: Configuring Cisco IOS IPSec with Pre-Shared Keys using SDM

In this lab, students will prepare to configure VPN support. Students will learn to configure a VPN tunnel using the SDM VPN Wizard. Students will also modify the IKE and IPSec configuration. Students will then test and verify the IPSec configuration.

Lab Exercise: Configuring Cisco GRE IPSec Tunnel using SDM

In this lab, students will prepare to configure VPN support. Students will learn to configure a GRE/IPSec tunnel using the SDM VPN Wizard. Students will also modify the GRE/IPSec configuration. Students will then test and verify the GRE/IPSec configuration.

e-Lab Activity: Enable/Disable IKE on a PIX Security Appliance Interface

In this activity, the student will demonstrate how to enable/disable IKE on the PIX Security Appliance.

e-Lab Activity: Configure an ISAKMP Policy on a PIX Security Appliance

In this activity, the student will configure an ISAKMP policy on the PIX Security Appliance.

e-Lab Activity: Define a Tunnel Group on a PIX Security Appliance

In this activity, the student will configure a tunnel group on the PIX Security Appliance.

e-Lab Activity: Configure a Crypto ACL on a PIX Security Appliance

In this activity, the student will configure a crypto ACL on the PIX Security Appliance.

e-Lab Activity: Configure a Transform Set and ISAKMP Policy on a PIX Security Appliance

In this activity, the student will configure a transform set ISAKMP policy on the PIX Security Appliance.

e-Lab Activity: Create a Crypto Map and apply it to a PIX Security Appliance Interface

In this activity, the student will create a crpto map and apply it to a PIX Security Appliance interface.

Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI

In this lab exercise, students will prepare to configure VPN support. Students will then configure IKE and IPSec parameters. Finally, students will test and verify IPSec configuration.

Lab Exercise: Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using ASDM

In this lab exercise, students will configure IKE and IPSec parameters using the ADSM VPN Wizard. Students will then test and verify IPSec configuration.

: Configure Site-to-Site VPNs Using Digital Certificates

e-Lab Activity: Configure CA Support

In this activity, students will learn how to configure Cisco IOS CA support.

e-Lab Activity: Configure IKE

In this activity, students will learn how to configure the IKE parameters gathered.

e-Lab Activity: Configure IPSec

In this activity, students will learn how to use the general tasks and commands to configure IPSec encryption on Cisco routers.

Lab Exercise: Configure IPSec using Digital Certificates

In this lab, students will first prepare for IKE and IPSec. Students will then learn to configure certificate support. Students will also configure IKE and IPSec. Finally, students will test and verify the IPSec configuration.

e-Lab Activity: Configure Cisco IOS CA Support (RSA Signatures)

In this lab activity, the student will configure a secure VPN gateway using IPSec between two Cisco routers using a certificate authority (CA) server.

e-Lab Activity: Testing and Verifying IPSec

In this activity, students will learn how to use show, clear, and debug commands for testing, troubleshooting and verifying IPSec and ISAKMP.

Lab Exercise: Configure a Site-to-Site IPSec VPN Tunnel with CA Support

In this lab exercise, students will prepare for and then configure CA support. Students will then configure and verify IKE and IPSec Parameters. Students will verify that the VPN connection is up and working properly. Finally, students will verify the VPN status and configuration using PDM.

e-Lab Activity: Configure Cisco PIX Security Appliance for CA Support (RSA Signatures)

In this lab activity, the student will configure a secure VPN gateway using IPSec between two PIX Security Appliances using digital certificates.

: Configure Remote Access VPN

Lab Exercise: Configure Remote Access Using Cisco Easy VPN

In this lab, students will learn to enable policy lookup via authentication, authorization, and accounting (AAA). Students will then define group policy information for mode configuration push. Students will also configure and verify the IPSec transforms and crypto maps. Students will also learn to install and configure the Cisco VPN Client 4.0 or later, and then use the VPN Client to connect to the corporate Intranet.

Lab Exercise: Configure Cisco Easy VPN Server with NAT

In this lab, students will first verify the Easy VPN Server configuration. Students will learn to configure and modify PAT using both SDM and CLI. Students will also test remote connectivity.

e-Lab Activity: Configure the Adaptive Security Appliance for WebVPN

In this activity, the student will configure the Adaptive Security Appliance for WebVPN.

Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using ASDM

In this lab exercise, students will configure the PIX Easy VPN Server feature using the VPN Wizard. Students will then install and configure the Cisco VPN Client on the Student PC. Finally, students will verify and Test the Cisco VPN Client remote access connection.

Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

In this lab exercise, students will configure and verify the PIX Easy VPN Server feature using CLI. Students will then install and configure the Cisco VPN Client on a Microsoft Windows end-user PC. Finally, students will verify and Test the Cisco VPN Client remote access connection.

: Secure Network Architecture and Management

Lab Exercise: Configure SNMP Messages on a Cisco Router

In this lab, students will learn to configure SNMP. Students will install SNMP trap watcher and enable SNMP Community Strings. Students will then establish the contact and location of the SNMP Agent. Students will also test the configuration. Students will then learn to limit SNMP to the inside server. Finally, students will disable SNMP traps, and then disable SNMP and the associated ACL.

Lab Exercise: Configure SNMP Monitoring of the PIX Security Appliance Using ASDM

In this lab exercise, students will enable the SNMP community string. Students will also establish the contact and location of the SNMP Agent. Students will then learn to limit SNMP to the inside server. Finally, students will test the configuration.

: PIX Security Appliance Contexts, Failover, and Management

Lab Exercise: Configure LAN-Based Failover (OPTIONAL)

In this lab exercise students will learn to configure the primary PIX Security Appliance for LAN-based stateful failover to the secondary PIX Security Appliance. Students will then learn to configure the secondary PIX Security Appliance for LAN-based failover. The students will then test the LAN-based failover. Finally, the students will make the primary PIX Security Appliance active.

e-Lab Activity: Configure a PIX Security Appliance for Active/Standby Failover

In this activity, the student will configure active/active failover on the PIX Security Appliance.

Lab Exercise: Configure a PIX Security Appliance as a Transparent Firewall

In this lab activity, students will configure a PIX Security Appliance is transparent mode.

e-Lab Activity: The PIX Security ApplianceĀ telnet Command

In this activity, the student will demonstrate how to use the telnet command.

Lab Exercise: Configure User Authentication and Command Authorization using ASDM

In this lab exercise, students will configure command authorization, local user authentication, and SSH.

Lab Exercise: Configure SSH, Command Authorization, and Local User Authentication using CLI

In this lab exercise, students will configure and verify SSH operation. Students will then configure command authorization and local user authentication.

Lab Exercise: Perform Password Recovery on the PIX Security Appliance

In this lab exercise, students will learn to upgrade the PIX Security Appliance software image. Students will also learn to perform password recovery procedures.

e-Lab Activity: Upgrade the PIX Security Appliance Software Image

In this lab, the student will initialize the PIX Security Appliance by loading the latest software image and configuring console access. The student will also become familiar with the general maintenance commands.




Close Window
All contents copyright ©2001-2005 Cisco Systems, Inc. All rights reserved.