Full configuration of R5

Current configuration 13174 bytes Last configuration change at 22 42 00 PST Tue Apr 1 2003 service timestamps debug uptime service timestamps log uptime crypto ca identity caserver enrollment mode ra enrollment url http 13 0.10 0.2 6.7 8 0 certsrv mscep mscep.dll crl optional crypto ca certificate chain caserver certificate 610FD716000000000007 30820413 3 0 8 2 0 3BD A0030201 02020A61 0FD71600 00000000 07300D06 0 92A8 64 8 8 6F70D01 01050500 30819931 23302106 092A8648 86F70D01 09011614 63636965...

Ping from PC on Segment 1921681x

C Documents and Settings Admin> ping 15.15.15.15 Pinging 15.15.15.15 with 32 bytes of data Reply from 15.15.15.15 bytes 32 time 205ms TTL Reply from 15.15.15.15 bytes 32 time 99ms TTL Packets Sent 4, Received 2, Lost 2 ( Approximate round trip times in milli-seconds Minimum 99ms, Maximum 205ms, Average isakmp process block src 140.100.56.5, dest 130.100. processing SA payload. message ID 0 Checking ISAKMP transform 1 against priority life duration (VPI) of 0x0 0x1 0x51 0x80 atts are not...

Info

Interface Tunnel4 description Basic GRE Crypto to R4 ip address 192.168.46.2 2 55.255.255.0 rate-limit input access-group 120 496000 2000 2000 conform-action transmit exceed-action drop rate-limit output access-group 121 296000 2000 2000 conform-action transmit exceed-action continue no ip route-cache same-interface no ip route-cache cef ip ospf authentication message-digest ip ospf message-digest-key 5 md5 cisco ip ospf network point-to-point

R8ping

Target IP address 16.16.16.16 Repeat count 5 Datagram size 100 Timeout in seconds 2 Extended commands n y Source address or interface 18.18.18.18 Loose, Strict, Record, Timestamp, Verbose none Sweep range of sizes n Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 16.16.16.16, timeout is 2 seconds Packet sent with a source address of 18.18.18.18 Success rate is 100 percent (5 5), round-trip min avg max 12 14 16 ms PIX Version 6.2(2) interface ethernet0 auto interface ethernet1...

R6sho ip route eigrp

18.0.0.0 32 is subnetted, 1 subnets D 18.18.18.18 90 297372416 via 192.168.68.2, 01 58 27, Crypto Map vpn 10 ipsec-isakmp Crypto Map vpn 20 ipsec-isakmp Crypto Map vpn 30 ipsec-isakmp Interfaces using crypto map vpn FastEthernet0 0 Serial0 0 TunnelO Tunnel3 Tunnel4 Tunnel8

Section 23 Configuring VPN Client Remote Access 15 Minutes

Accounting Taca es+ Console Authen lies lion With privilege level 7 Tscscs+ Teins Authentication Tacads+ HTTP Authentication Tacacst Authorization telnet http Tacacst Accounting Tacaes+ ssh to P1X1 Accounting Taca es+ Console Authen lies lion With privilege level 7 Tscscs+ Teins Authentication Tacads+ HTTP Authentication Tacacst Authorization telnet http Tacacst Accounting Tacaes+ ssh to P1X1 Figure 1 Section 4 AAA Configuring Easy VPN Server with Split enable password 2KFQnbNIdI.2KYOU...

Radius Accounting activecsv

Tart 1 & IgciscoSecureACS Local Area Connection 1 10 19 P AAA Authentication debugging is on AAA Authorization debugging is on AAA Accounting debugging is on 59 AAA ACCT EVENT (00000017) CALL START 59 Getting session id for NET(00000017) 59 AAA ACCT(00000000) add node, session 59 AAA ACCT NET(00000017) add, count 1 59 Getting session id for N0NE(00000017) 03 54 59 'default 03 55 03 03 55 03 03 55 03 03 55 03 03 55 03 03 55 03 03 55 03 Name def 03 55 03 03 55 03 03 55 03 03 55 03 03 55 03 03...

Must be shutdown for this Case Study

SCFf ftdd-Qil for Certificate 5tt1ri(. Setujj Wi ni Uw change cJnr c f you ish theCAtoautanaticiilyflsue Cerates to 5CEP requests t' ezuta SCE Chaler.gs > h-5se to Enroll SCFf ftdd-Qil for Certificate 5tt1ri(. Setujj Wi ni t' ezuta SCE Chaler.gs > h-5se to Enroll Thi ol riions tili fMM 1. provide a nhalatQ plv t to the CA in the mcrosoft i.tk jfiplerrertation rhic pr a is uied as on hrr-e pasi rd that -an h ucid to aUisrticatie thf i uter m Tg th f-sq ieS. Thi ut* tti'o u tih rrr ter the c...

D224005

Mar 15 0 8 19 18.945 BR0 0 DDR Attempting to dial 8888 Mar 15 0 8 19 19.025 LINK-3-UPDOWN Interface BRI0 0 1, changed Mar 15 0 8 19 19.029 BR0 0 1 interface must be fifo queue, force fifo DIALER-6-BIND Interface BR0 0 1 bound to BR0 0 1 PPP Using dialer call direction BR0 0 1 PPP Treating connection as a Mar 15 0 8 19 19.029 profile Di1 Mar 15 0 8 19 19.033 Mar 15 0 8 19 19.037 callout Mar 15 0 8 19 19.037 BR0 0 1 PPP Phase is 06 52 17 LINK-3-UPDOWN Interface BRI0 0 1, changed state to up...

Section 10 Access Control 16 Minutes

For this lab section, refer to Figure 26-4 on page 918 of the book. Current configuration 1719 bytes service timestamps debug datetime msec localtime service timestamps log datetime msec localtime enable secret 5 1 1xxK LWh42sY9aO17mvAuehLPM. interface Loopback1 description OSPF Loopback ip ospf network point-to-point ip address 1.1.1.1 255.255.255.255 interface Loopback10 description BGP Loopback ip address 1.1.1.11 2 55.255.255.255 interface SerialO ip address 150.100.31.1 2 55.255.255.240...

R6config t

Enter configuration commands, one per line. End with CNTL Z. 06 52 77309411327 DIALER-6-BIND Interface BR0 0 1 bound to profile Di0 Mar 15 0 8 19 18.409 OSPF-5-ADJCHG Process 123, Nbr 8.8.8.8 on Tunnel0 from FULL to DOWN, Neighbor Down Interface down or detached Mar 15 0 8 19 18.409 BGP-5-ADJCHANGE neighbor 192.168.2.1 Down Interface flap Mar 15 0 8 19 18.945 BR0 0 DDR rotor dialout priority Mar 15 0 8 19 18.945 BR0 0 DDR Dialing cause ip (s 172.22.85.2,

R1sho ip route 1721911

Known via ospf 123, distance 110, metric 20, type extern 2, forward metric 128 Last update from 150.100.31.3 on SerialO, 00 33 44 ago Routing Descriptor Blocks * 150.100.31.3, from 2.2.2.2, 00 33 44 ago, via Serial0 Route metric is 20, traffic share count is 1 interface FastEthernet0 0 ip address 130.100.26.6 2 55.255.255.224 ip access-group time_acl in ip rip authentication mode md5 ip rip authentication key-chain ccie ip inspect ccie in

R8sho debugging

AAA Authentication debugging is on AAA Authorization debugging is on Dial on demand Dial on demand events debugging is on PPP PPP authentication debugging is on PPP protocol negotiation debugging is on PPP packet display debugging is on Callback AAA AUTHOR LCP Authorization succeeds Waiting for Peer to authenticate first 14 02 35 BR0 0 1 CHAP I RESPONSE id 225 len 23 from R6 14 02 35 BR0 0 1 PPP Phase is FORWARDING, Attempting Forward 14 02 35 BR0 0 1 PPP Phase is AUTHENTICATING,...

Section 15 Authentication Proxy with Tacacs 18 Minutes

Access-list outside_access_in permit tcp any host 130.100.26.7 eq tacacs static (inside,outside) 130.100.26.7 192.168.1.7 netmask 255.255.255.255 0 0 R6(config) aaa authentication login default group tacacs+ R6(config) aaa authentication login no_login enable local line none R6(config) aaa authentication enable default group tacacs+ R6(config R6(config R6(config R6(config R6(config R6(config R6(config R6(config R6(config R6(config R6(config aaa authorization auth-proxy default group tacacs+ aaa...

R5sho crypto ca certificates

Certificate Serial Number 610FD716000000000007 CN CA Server OU AES IP Core O Cisco Systems Inc EA ccie44 60 hotmail.com Subject Name Contains Name R5.cisco.com Serial Number 06904020 CRL Distribution Point 0Server.crl Validity Date start date 22 37 58 PST Apr 1 2003 end date 22 47 58 PST Apr 1 2004 Associated Identity caserver RA Signature Certificate Status Available Certificate Serial Number 6115CEE9000000000002 CN CA Server OU AES IP Core O Cisco Systems Inc 0Server. start date 15 46 53 PST...

Section 12 Catalyst Security 6 Minutes

Switchport port-security mac-address 10 0 0.2000.3000 switchport port-security violation protect switchport port-security aging time 600 switchport port-security aging static no ip address For this lab section, refer to Figure 26-5 on page 922 of the book. Section 13 AAA Using RADIUS (17 Minutes) username userl privilege 7 password 7 121A0C041104 aaa authentication login default group radius local aaa authentication login no_login local none aaa authorization exec default local aaa accounting...

Section 11 IP Services 18 Minutes R6sho run

Current configuration 3778 bytes No configuration change since last restart service timestamps debug datetime msec service timestamps log datetime msec aaa authentication login default local aaa authentication login no_login none aaa authentication ppp default local ip dhcp excluded-address 130.100.26.6 ip dhcp excluded-address 130.100.26.2 network 130.100.26.0 255.255.255.224 default-router 130.100.26.6 lease infinite key chain ccie key 1 key-string ccie interface Loopback6 description OSPF...

R7sho ip bgp su

BGP router identifier 7.7.7.7, local AS number 1560 BGP table version is 76, main routing table version 76 28 network entries and 29 paths using 3760 bytes of memory 6 BGP path attribute entries using 360 bytes of memory 3 BGP AS-PATH entries using 72 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 459 2554 prefixes, 665 636 paths, scan interval 60 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ...

Section 8 Redistributing Protocols 5 Minutes

Ip address 140.100.47.4 2 55.255.255.192 ip rip authentication key-chain ccie area 0 authentication message-digest area 45 authentication message-digest area 45 virtual-link 5.5.5.5 authentication area 45 virtual-link 5.5.5.5 message-digest redistribute rip subnets route-map red rip network 140.100.45.0 0.0.0.63 area 45