Network Security Stateful Firewalls & Edge Router Filtering Rich Macfarlane 3Ĥ 7.2.3 Configure the Hosts Power on your Windows2003 VM and Linux Ubuntu VM. Save your Lab project regularly Save the router configuration using copy run start, and File>Save As and check the configuration file have been created, as detailed in previous labs. The connected and remote networks should have routes (showing your X, Y and Z networks). Check the routing table using the command show ip route. Routing Configure RIP if not already preconfigured, starting the RIP routing protocol on both routers and advertise all connected networks, with the router rip and network commands. Check the state of the interfaces on the routers with the show ip interface brief command, as shown below. Remember to enable them with the no shut command. Change any default X, Y and Z network configurations to the networks you have been assigned. Router Interfaces Once the GNS3 topology is created, configure the router interfaces (the configurations in Appendix A can be can be used as a shortcut, or guide, to configuring any interfaces and rip routing not configured yet on the routers). If working on your own host machine or the CPU never comes down from 100% you may need to recalculate the idlepc value for the 7200 router type, until you find a value which reduces the CPU usage. If the vsphere VM suspends or is left idle for long periods a reboot of GNS3 may be needed to control the CPU use. Network Security Stateful Firewalls & Edge Router Filtering Rich Macfarlane 2ģ The CPU should reduce to well below 100% after within a few minutes. Keeping it running just behind GNS3 is good practise, to monitor CPU usage. Then run the host Windows machine s task manager to check CPU usage. On Win7-GNS3 VM, start the routers and run the console terminals. PLEASE DO NOT USE YOUR OWN IP ADDRESSES OR THE LAB DEMO ADDRESSES IN THIS DOCUMENT Note down the networks, and annotate your own network diagram in GNS/on paper: X network: Y Network: These must be used to configure the 2 interfaces of the GNS3 gateway routers (.254), and the 2 interfaces of the Linux and Windows VMs (.10), and the internal serial network between the routers GNS3 - Configure the Routers On Win7-GNS3 VM, if not using the preconfigured starting project, create the topology. PLEASE ONLY USE GROUP VMs AND NETWORK IP ADDRESSES ASSIGNED TO YOUR GROUP. Starting Topology You will be assigned two networks to attach the hosts to: X.0/24 and Y.0/24 And a network for the internal network between the routers: 10.1.Z.0/30 THE CORRECT NETWORKS MUST BE USED BY EACH STUDENT AS WE ARE SHARING VIRTUAL NETWORKS. The perimeter routers will be configured to explore the provision of security for the organisations, introducing stateful firewalling and static filtering for good practise Ingress/Egress perimeter filtering. The topology, shown below, mimics two organisations connected via the untrusted Internet (the serial link). If you wish to start with that just click Recent Projects button and select lab7_start, then save as a project called lab7 or suchlike (save as, before you power on routers). Lab VMs: Windows7 VM running GNS3, a Windows2003 VM and a Linux Ubuntu VM both running network services: Student Laptop REMOTE MACHINE INTERNET Virtual Machines Cluster .uk VM Win7-GNS3 VLAN X.0/24 VM Linux Web server FTP server Telnet server Ubuntu Napier Network x.x Windows7 GNS3 virtual Cisco network VLAN Y.0/24 VM Win2003 Web server FTP server Telnet server Win2003 Lab Machine LOCAL MACHINE Windows 7 PC Power on your Windows7-GNS3 VM, open a console window, login to the Windows7-GNS3 VM, and run the GNS3 network simulator AS ADMINISTRATOR Network Security Stateful Firewalls & Edge Router Filtering Rich Macfarlane 1Ģ You can create a new project for Lab7, or a preconfigured starting project should be in the Projects folder. You will be assigned a group folder to work with which contains the 3 VMs needed for the lab (check Moodle for the Groups and IP Addressing for each Group). Navigate to the Module folder such as VMs & Templates>Production>CSN11111/8. 7.2 Activities Create Virtual Topology Connect to our vsphere virtual environment at .uk using a vsphere Client. Credentials and network addressing for the lab will be supplied separately. The lab also explores static packet filtering as used for edge router Ingress and Egress filtering. 1 Lab 7: Firewalls Stateful Firewalls and Edge Router Filtering 7.1 Details Aim: Rich Macfarlane The aim of this lab is to introduce the concepts of stateful firewalls, using Cisco Contextbased Access Control (CBAC) to configure perimeter routers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |