Scribd Logo
Upload

Welcome to Scribd!

  • CCNA Security

    Uploaded by

    Faran Javed
    7 views3 pages
    Must Read

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Must Read

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views3 pages

    CCNA Security

    Uploaded by

    Faran Javed
    Must Read

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    !

    control-plane host
    management-interface FastEthernet0/0 allow http https ssh snmp
    !
    !
    control-plane host
    service-policy input ICMP-POLICY
    !
    access-list 101 permit icmp any any
    !
    class-map match-all ICMP-CLASS
    match access-group 101
    !
    !
    policy-map IMP-POLICY
    class ICMP-CLASS
    police 8000 conform-action transmit exceed-action drop violate-action drop
    !
    !
    enable secret level 5 5 $1$VlAY$NMEqsBSz6OP7mJSEuZ80r1
    enable secret 5 $1$UqjE$KI6wBZB/DNCo7ITc9YvpX.
    !
    aaa new-model
    !
    !Default is method list by-default, Noc is new created, if tacacs+ server group
    no contact on remote aaa then authenicate via local database etc.
    !
    aaa authentication login default group tacacs+ local
    aaa authorization exec default group tacacs+ local
    aaa authentication login NOC group tacacs+ local
    aaa authorization exec NOC group tacacs+ local
    aaa authorization console
    aaa local authentication attempts max-fail 3
    !
    !
    aaa authorization commands 15 NOC group tacacs+ local
    !
    aaa accounting commands 15 NOC start-stop group tacacs+
    !
    aaa session-id common
    !
    no ip icmp rate-limit unreachable
    ip cef
    !
    !
    no ip domain lookup
    ip domain name ict.edu.pk
    !
    !
    username admin privilege 15 secret 5 cisco
    username faran privilege 15 secret cisco123
    !
    !
    security authentication failure rate 3 log
    !
    security passwords min-length 6
    !
    login block-for 300 attempts 5 within 60
    !

    interface Ethernet1/0
    ip address 10.1.1.60 255.255.255.0
    duplex full
    speed 100
    no shutdown
    !
    !
    no cdp run
    !
    privilege exec level 5 ping
    privilege exec level 5 show ip interface brief
    privilege exec level 5 show ip interface
    privilege exec level 5 show ip
    privilege exec level 5 show version
    privilege exec level 5 show
    !
    !
    tacacs-server host 10.1.1.200
    tacacs-server key cisco

    line vty 0 4
    logging synchronous
    login authentication default
    authorization exec default
    transport input telnet ssh
    !
    line con 0
    exec-timeout 0 0
    login authentication NOC
    authorization exec NOC
    logging synchronous
    stopbits 1
    !

    =============================================
    =============================================
    Remote access SSL VPN
    --------------------!
    webvpn
    enable outside
    import webvpn url-list testing disk0:/tmpAsdmImportFile731008447
    delete /noconfirm disk0:/tmpAsdmImportFile731008447
    !
    webvpn
    tunnel-group-list enable
    username user password mbO2jYs13AXlIAGa encrypted privilege 0
    username user attributes
    vpn-group-policy no-client
    exit
    !
    group-policy no-client internal
    group-policy no-client attributes

    vpn-tunnel-protocol ssl-clientless
    webvpn
    url-list value testing
    exit
    exit
    !
    tunnel-group no-client type remote-access
    tunnel-group no-client general-attributes
    default-group-policy no-client
    tunnel-group no-client webvpn-attributes
    group-alias no-client enable
    group-url https://10.0.0.1/no-client enable
    !
    !
    ============================================================
    ============================================================

    You might also like