CIS204_3.5_Miderm_Practical_Corey_Adams

Midterm Practical In this Midterm Practical you will be reviewing the networking that you have learned in your program. You will be using Packet Tracer for the lab. Your network will a class B network based on a number assigned by your professor, which you will be using for the duration of the class. In the lab anytime you see an underline you should fill in this number. Student network: 10.____.0.0/16 Task 1 – Create and configure the network Using Packet Tracer create the following network with PC1 in VLAN 10 and the Wireless Router in VLAN 20. Place the server in VLAN 30. Syste Port Connect IP address Subnet Mask Clock Rate

m To R1 G0/0/0.10 Sw1 10.___.1.1 255.255.255.192 50 users G0/0/0.20 Sw1 10.___.1.65 255.255.255.224 20 users   Se0/1/0 R2 10.___.5.1 255.255.255.252 500000   SE0/1/1 R3 10.___.5.10 255.255.255.252   R2 G0/0/0.30 Sw0 10.___.2.1 255.255.255.192  Server   Se0/1/0 R3 10.___.5.5 255.255.255.252 500000   SE0/1/1 R1 10.___.5.2 255.255.255.252   R3 G0/0/0 Tier1 11.0.0.___  255.255.255.0 Tier1   Se0/1/0 R1 10.___.5.9 255.255.255.252 500000   SE0/1/1 R2 10.___.5.6 255.255.255.252   Wireless Router Make sure you connect the wireless router to the switch using its Internet port. The Internet Connection type needs to be Automatic Configuration- DCHP on the wireless router (this will allow the wireless router to use the DCHP pool you will create on R1). Lastly, you can leave the defaults for Network Setup- this will give the wireless router an IP address and the tablet an IP address via DCHP from the wireless router. Adding OSPF Add OSPF to each router so each router has a valid routing protocol to each network. Take a screenshot of a show ip route on R3. Adding DHCP Pools Add a DCHP Pool for each VLAN- The PC, Tablet and Server will receive its IP address via DCHP. You will need to configure this on R1 for the PC and Tablet and on R2 for the Server. Keep in mind the wireless router will be receiving DCHP from the pool you create, and the tablet will receive its IP address from the wireless router. Add an ACL This ACL will “isolate” the tablet from the other networks and will only allow it access to the Tier1 Internet Server. Before creating and applying the ACL, ping form the Tablet to the PC, Server and Tier1 Internet Server. Take a screenshot of each successful ping- they all should work. Add the access-list to the R1 router using the following commands R1(config)# access-list 100 deny ip any 10.___.1.0 0.0.0.63 R1(config)# access-list 100 deny ip any 10.___.2.0 0.0.0.63 R1(config)# access-list 100 permit ip any any R1(config)# interface g0/0/0.20

 Screenshot of successful pings before ACL

 Screenshots of failed pings after ACL

Task 2 Adding a firewall First add a ASA5506 firewall into your network as shown in the diagram. Change the programming on your R3 router by changing the G0/0 address to 11.2.0.___ 255.255.255.0 R3(config)# interface G0/0 R3(config-if)# ip address 11.2.0.___ 255.255.255.0 Update OSPF on R3 router OSPF 1 network 11.2.0.0 area 0 Now program your ASA1 interfaces interface GigabitEthernet1/1 nameif inside security-level 100 ip address 11.2.0.1 255.255.255.0 interface GigabitEthernet1/2 nameif outside security-level 0 ip address 11.0.0.___ 255.255.255.0

interface GigabitEthernet1/3 nameif DMZ security-level 50 ip address 172.16.1.1 255.255.255.0 Program your extended ACL per the below information access-list OUTSIDE extended permit icmp any any echo-reply access-list OUTSIDE extended permit ip any 11.0.0.0 255.255.255.0 access-list OUTSIDE extended permit ip any 10.0.0.0 255.0.0.0 Apply the access-list to the outside interface access-group OUTSIDE in interface outside Create the NAT for your network allowing communication from inside to outside the firewall. object network LAN subnet 11.2.0.0 255.255.255.0 nat (inside,outside) dynamic interface Setup OSPF for the firewall router ospf 1 network 11.2.0.0 255.255.255.0 area 0 network 11.0.0.0 255.255.255.0 area 0 Verify the firewall and your other routers are communicating with the Tier1 R1 via OSPF with a show ip route on each device- this make take some time before OSPF packets are sent back and forth between the firewall and routers. Verify that your connection through the firewall works by pinging from the Tablet to the Tier1 Internet Server with a continuous ping ( ping –t 11.1.1.10 ). Once again you will notice that the ping works, but packets will drop throughout the ping- this is normal when using OSPF thru a firewall in Packet Tracer- please be patient. Take a screenshot of your successful ping.

 Screenshot of show ip route from R3  Screenshot of show ip route from R1 on Tier1

 Screenshot of successful ping from Tablet to Tier1 Internet Server thru firewall