Scribd Logo
Upload

Welcome to Scribd!

  • Labs Pre Examn Final

    Uploaded by

    wfelicesc
    7 views5 pages

    Original Title

    LABS PRE EXAMN FINAL.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views5 pages

    Labs Pre Examn Final

    Uploaded by

    wfelicesc

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ##########################################################

    CCP NTP+ACL...
    1.Configure->Router->Time -> NTP and SNTP -> Add:
    NTP Server IP address: 192.168.4.2
    Source int: fa0/1
    Check Auth Key1
    cisco
    cisco

    Check prefered (up)->ok->deliver->ok

    2.Router->ACL->ACL Editor-> Add


    Add a Rule: Name Inbound Type Extended Rule

    3. Rule Entry -> Add


    Action -> PermitSource Any IP Destination Any IPProtocol and ServicesIP Protocol
    eigrp (88)
    ok->new window-> Add (new rule)

    4. Permit Source Any IPDestination A network: IP 10.0.2.0 Wildcard :


    0.0.0.255Protocol and Services
    TCP Source Port : any Destinatio port: www(80)

    5.OK->Associate-> Associate with an interfaceFastEthernet 0/1 Direction Inbound


    ->ok->yes->ok->-ok->yes->Delivernote.
    Utilities->write to startup config->Confirm->ok

    ##########################################################
    CCNPguy still valid !

    -NTP/ACL lab � web link to the video provided by user MTS64 on page 74

    ++++++++++++++++++++++++++
    Got all 5 CCP question (answers given below )
    1- Nat gig0/0
    2- Object group inside ( i got Network 10.0.0.0/8 and Network 192.168.1.0/8)
    3- MAP out service service as process given in page 74
    4- class map inbound rule � i got class-map-ccp-cls-2
    5- zone pair � Ccp-policy-ccp-cls-2

    +++++++++++++++++++++++++++
    lab NAT/ACL . exactly the same

    Labs are the same CCP questions and the CCP with NTP/ACL
    ++++++++++++++++++++
    LAB NTP+ACL the same as in youtube video, LAB ZBF same questions,
    slightly different answers.

    ++++++++++++++++++++

    @Dips
    My questions were:

    1) What NAT Address will be assigned by ACL1?


    Configure -> Router -> NAT
    You can find the address in the column �Translated address�.
    If you cannot find that address in the answers, go to Interface Management and you
    will
    see to which interface is assigned that IP address.
    My answer: GigabitEthernet 0/0

    2) Which Class Map is used by INBOUND rule?


    Configure -> Router -> ACL -> Firewall Rules
    You can find the rule INBOUND and in the column �Used by� you will find class map.
    My answer: class-map-ccp-cls2

    3) Which Policy is assigned to Zone pair sdm-zp-OUT-IN?


    Configure -> Security -> Firewall Components -> Zone Pairs
    Check the coloumn �Policy�.
    My answer: ccp-policy-ccp-cls-2

    4)Which protocols are included in the inspection Cisco Map OUT_SERVICE


    Configure -> Security -> C3PL -> Class Map -> Inspection
    When you click on the OUT_SERVICE you can find below all protocols.
    My answers: HTTP, HTTPS, ICMP, SMTP

    5)What is included in the Network Object Group INSIDE?


    Configure -> Router -> ACL -> Object Groups -> Network Object Groups
    In the column �Group Members� you can find the answer, you have to resize the
    column in order to see all networks.
    My answers: 192.168.1.0/24, 10.0.10.0/24

    ++++++++++++++++++++++
    you can get the NTP + ACL lab with the following video.

    https://www.youtube.com/watch?v=kyolMpIofOY

    https://www.youtube.com/watch?v=kyolMpIofOY
    ++++++++++++++++++++++

    Hi all,

    in the NTP lab question, i could not save the configuration after applying the
    required steps.

    +++++++++++++++++++++++
    LAB : NTP + ACL (install ccp on local pc & use GNS3 Router and configure IOS based
    Firewall)
    Simlet : Zone Pairs, NAT, Policy Map, Class Map (install ccp on local pc & use GNS3
    Router to test IOS based Firewall)

    ++++++++++++++++++++++

    2 Labs NTP/ACL + CCP (Qestion 61 answers are : B C D F I am very sure)

    ++++++++++++++++++++
    Lab Training Example with the Cisco Configuartion Professional

    CCP Example: how to find properties included in the inspection Cisco Map
    OUT_SERVICE
    Example result: FTP, HTTP, P2P, ICMP

    CCP Example: how to find the NAT address assigned by ACL 1


    Example result: 192.168.1.0/25
    CCP Example: how to find which Class Map is used by INBOUND Rule
    Example results: Class-map-ccp-cls-2

    CCP Example: how to find which policy is assigned to Zone Pair sdm-zip-OUT-IN?
    Example result: ccp-policy-ccp-cls-2

    CCP Example: how to find what is included in the Network Object Group INSIDE?
    Example result: network 175.25.133.0/24 and network 10.0.10.0/24

    +++++++++++++++++++
    pdf wbe

    1) Which four properties are included in the inspection Cisco Map OUT_SERVICE?
    Configure>Security>Firewall>FirewallorConfigure>Security>C3pl>Classmap>Inspection

    2) What is included in the Network Object Group INSIDE ?


    Configure>Router>ACL> Object Groups> Network Object Groups

    3) Which Class Map is used by the INBOUND Rule ?


    Configure>Security>Firewall>Firewall>Edit Firewall Policy

    ++++++++++++++++++++++++++++++++++++++++++++++++++
    4) Configure the NTP Server.
    Configure>Router>Time>NTP and SNTPClick Add

    NTP Server IP address192.168.1.1 (check Prefer Box)


    Check Authentication Key check box
    Key Number 1
    KeyValue Cisco123

    5) Which Policy is assigned to Zone Pair sdm-zip-OUT-IN


    Configure>Security>Firewall>Firewall Components>Zone pairs

    6) What NAT address will be assigned by ACL 1


    Configure>Router>ACL>NAT Rules

    ++++++++++++++++++++++++
    LABS christine
    pg 43
    pg 54

    Q129 CCP
    ========

    +++++++++++
    09:48 p.m. 29/11/2015
    last

    Got all 5 CCP question (answers given below )


    1- Nat gig0/0
    2- Object group inside ( i got Network 10.0.0.0/8 and Network 192.168.1.0/8)
    3- MAP out service service as process given in page 74
    4- class map inbound rule � i got class-map-ccp-cls-2
    5- zone pair � Ccp-policy-ccp-cls-2

    +++++++++++++++++++++++++
    Below are CCP answers:

    - Protocols from Cisco CLASS-MAP inspection:


    CONFIGURE -> SECURITY -> FIREWALL ->EDIT FIREWALL POLICY -> Select and edit SERVICE
    (= Class Map)
    or CONFIGURE -> SECURITY -> C3PL -> CLASS MAP -> INSPECTION -> select cleass map

    - ZBF: Zone-pair <-> assigned policies


    CONFIGURE -> SECURITY -> FIREWALL -> FIREWALL COMPONENTS -> ZONE PAIRS -> Select
    zone pair (tab POLICY)

    - NETWORK OBJECTS
    CONFIGURE -> ROUTER -> ACL -> OBJECT GROUPS -> NETWORK OBJECT GROUPS

    - ACL/NAT
    CONFIGURE -> ROUTER -> ACL -> NAT Rules (down is ACTION for selected ACL)

    - CLASS-MAP
    CONFIGURE -> SECURITY -> FIREWALL -> FIREWALL -> EDIT FIREWALL POLICY -> Select and
    edit SERVICE (= Class Map)

    - Which CLASS-MAP is used by the INBOUND Rule?


    CONFIGURE -> ROUTER -> ACL -> Firewall Rule (There you see the INBOUND Rule)

    +++++++++++++++++++
    03:24 p.m. 30/11/2015
    MTS64
    November 9th, 2015

    @Dips
    My questions were:

    1) What NAT Address will be assigned by ACL1?


    Configure -> Router -> NAT
    You can find the address in the column �Translated address�.
    If you cannot find that address in the answers, go to Interface Management and you
    will see to which interface is
    assigned that IP address.
    My answer: GigabitEthernet 0/0

    2) Which Class Map is used by INBOUND rule?


    Configure -> Router -> ACL -> Firewall Rules
    You can find the rule INBOUND and in the column �Used by� you will find class map.
    My answer: class-map-ccp-cls2

    3) Which Policy is assigned to Zone pair sdm-zp-OUT-IN?


    Configure -> Security -> Firewall Components -> Zone Pairs
    Check the coloumn �Policy�.
    My answer: ccp-policy-ccp-cls-2

    4)Which protocols are included in the inspection Cisco Map OUT_SERVICE


    Configure -> Security -> C3PL -> Class Map -> Inspection
    When you click on the OUT_SERVICE you can find below all protocols.
    My answers: HTTP, HTTPS, ICMP, SMTP

    5)What is included in the Network Object Group INSIDE?


    Configure -> Router -> ACL -> Object Groups -> Network Object Groups
    In the column �Group Members� you can find the answer, you have to resize the
    column in order to see all networks.
    My answers: 192.168.1.0/24, 10.0.10.0/24

    ++++++++++++++++++++

    YO:
    ======

    1) What NAT Address will be assigned by ACL1?


    >>> CONFIGURE > ROUTER > NAT (translated address if not found -> Interface
    Management and compare the IP address)
    otra: CONFIGURE > ROUTER > ACL > NAT RULES
    RPTA= Global Eth 0/0 interface address

    4)Which protocols are included in the inspection Cisco Map OUT_SERVICE


    >>> CONFIGURE > SECURITY > C3PL > CLASS MAP > INSPECTION
    otra: SECURITY > FIREWALL > EDIT FIREWALL POLICY
    RPTA= FTP HTTP P2P ICMP

    5)What is included in the Network Object Group INSIDE?


    >>> CONFIGURE > ROUTER > ACL > NETWORK OBJECT GROUP
    RPTA= host 74.125.224.176 & host 74.125.224.179

    2) Which Class Map is used by INBOUND rule?


    >>> CONFIGURE > ROUTER > ACL > FIREWALL RULES :(

    3) Which Policy is assigned to Zone pair sdm-zp-OUT-IN?


    >>> CONFIGURE > SECURITY > FIREWALL > FIREWALL COMPONENTS > ZONE PAIRS
    ++++++++++++++++++++++

    You might also like